SEC-1231: Authentication.getAuthorities should be of type Collection<GrantedAuthority> and not List<GrantedAuthority>. Refactored the interface and related classes to match (UserDetails etc).

This commit is contained in:
Luke Taylor
2009-10-05 19:28:53 +00:00
parent 07d7c0ddae
commit caff3ee9ba
64 changed files with 296 additions and 355 deletions

View File

@@ -33,6 +33,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.memory.UserAttribute;
@@ -45,15 +46,6 @@ import org.springframework.security.core.userdetails.memory.UserAttribute;
* @version $Id$
*/
public class AnonymousProcessingFilterTests extends TestCase {
//~ Constructors ===================================================================================================
public AnonymousProcessingFilterTests() {
super();
}
public AnonymousProcessingFilterTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
@@ -164,7 +156,7 @@ public class AnonymousProcessingFilterTests extends TestCase {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
assertEquals("anonymousUsername", auth.getPrincipal());
assertEquals(new GrantedAuthorityImpl("ROLE_ANONYMOUS"), auth.getAuthorities().get(0));
assertTrue(AuthorityUtils.authorityListToSet(auth.getAuthorities()).contains("ROLE_ANONYMOUS"));
SecurityContextHolder.getContext().setAuthentication(null); // so anonymous fires again
// Now test operation if we have removeAfterRequest = true

View File

@@ -1,5 +1,6 @@
package org.springframework.security.web.authentication.preauth;
import java.util.Collection;
import java.util.List;
import junit.framework.TestCase;
@@ -47,7 +48,7 @@ public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
assertEquals(credentials, token.getCredentials());
assertNull(token.getDetails());
assertNotNull(token.getAuthorities());
List<GrantedAuthority> resultColl = token.getAuthorities();
Collection<GrantedAuthority> resultColl = token.getAuthorities();
assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas,
gas.containsAll(resultColl) && resultColl.containsAll(gas));

View File

@@ -19,6 +19,7 @@ import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.FilterChain;
@@ -368,7 +369,7 @@ public class SwitchUserProcessingFilterTests {
SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
public List<GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List<GrantedAuthority> authoritiesToBeGranted) {
public Collection<GrantedAuthority> modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection<GrantedAuthority> authoritiesToBeGranted) {
List <GrantedAuthority>auths = new ArrayList<GrantedAuthority>();
auths.add(new GrantedAuthorityImpl("ROLE_NEW"));
return auths;
@@ -378,7 +379,7 @@ public class SwitchUserProcessingFilterTests {
Authentication result = filter.attemptSwitchUser(request);
assertTrue(result != null);
assertEquals(2, result.getAuthorities().size());
assertEquals("ROLE_NEW", result.getAuthorities().get(0).getAuthority());
assertTrue(AuthorityUtils.authorityListToSet(result.getAuthorities()).contains("ROLE_NEW"));
}