From 1171e25bc78c2bd9bd55f647453c3e3d18c8163b Mon Sep 17 00:00:00 2001 From: Juan Ignacio Barisich Date: Thu, 18 Aug 2016 14:58:55 -0300 Subject: [PATCH] LdapUserDetails extends CredentialsContainer LdapUserDetails extends CredentialsContainer in order to clear password when erase-credentials is true. Fixes gh-4029 --- .../ldap/userdetails/LdapUserDetails.java | 3 +- .../ldap/userdetails/LdapUserDetailsImpl.java | 5 +++ .../userdetails/LdapUserDetailsImplTests.java | 43 +++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java index 5d31631396..4f35b1b1fc 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetails.java @@ -16,6 +16,7 @@ package org.springframework.security.ldap.userdetails; +import org.springframework.security.core.CredentialsContainer; import org.springframework.security.core.userdetails.UserDetails; /** @@ -23,7 +24,7 @@ import org.springframework.security.core.userdetails.UserDetails; * * @author Luke Taylor */ -public interface LdapUserDetails extends UserDetails { +public interface LdapUserDetails extends UserDetails, CredentialsContainer { // ~ Methods // ======================================================================================================== diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java index 79e5780582..354893ad88 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java @@ -107,6 +107,11 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData return enabled; } + @Override + public void eraseCredentials() { + password = null; + } + public int getTimeBeforeExpiration() { return timeBeforeExpiration; } diff --git a/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java new file mode 100644 index 0000000000..29d552dd6a --- /dev/null +++ b/ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImplTests.java @@ -0,0 +1,43 @@ +/* + * Copyright 2012-2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.ldap.userdetails; + +import org.junit.Test; +import org.springframework.security.core.CredentialsContainer; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Tests {@link LdapUserDetailsImpl} + * + * @author Joe Grandja + */ +public class LdapUserDetailsImplTests { + + @Test + public void credentialsAreCleared() { + LdapUserDetailsImpl.Essence mutableLdapUserDetails = new LdapUserDetailsImpl.Essence(); + mutableLdapUserDetails.setDn("uid=username1,ou=people,dc=example,dc=com"); + mutableLdapUserDetails.setUsername("username1"); + mutableLdapUserDetails.setPassword("password"); + + LdapUserDetails ldapUserDetails = mutableLdapUserDetails.createUserDetails(); + assertThat(ldapUserDetails).isInstanceOf(CredentialsContainer.class); + ldapUserDetails.eraseCredentials(); + assertThat(ldapUserDetails.getPassword()).isNull(); + } + +}