Make single definition of defaultRolePrefix and rolePrefix

Previous to this commit, role prefix had to be set in every class causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to define the role prefix in a single point. Fixes gh-3701
2026-05-22 21:33:16 +00:00 · 2016-06-21 16:55:16 +10:00
parent 2e6656e9d3
commit eabeaf35d6
13 changed files with 362 additions and 29 deletions
@@ -16,6 +16,10 @@

 package org.springframework.security.ldap.userdetails;

+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.security.config.GrantedAuthorityDefaults;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
@@ -97,7 +101,7 @@ import java.util.Set;
 * @author Luke Taylor
 * @author Filip Hanik
 */
-public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator, ApplicationContextAware {
 	// ~ Static fields/initializers
 	// =====================================================================================

@@ -140,7 +144,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	/**
 	 * The role prefix that will be prepended to each role name
 	 */
-	private String rolePrefix = "ROLE_";
+	private GrantedAuthorityDefaults rolePrefix = new GrantedAuthorityDefaults("ROLE_");
 	/**
 	 * Should we convert the role name to uppercase
 	 */
@@ -250,7 +254,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 				role = role.toUpperCase();
 			}

-			authorities.add(new SimpleGrantedAuthority(rolePrefix + role));
+			authorities.add(new SimpleGrantedAuthority(rolePrefix.getRolePrefix() + role));
 		}

 		return authorities;
@@ -297,7 +301,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	 */
 	public void setRolePrefix(String rolePrefix) {
 		Assert.notNull(rolePrefix, "rolePrefix must not be null");
-		this.rolePrefix = rolePrefix;
+		this.rolePrefix = new GrantedAuthorityDefaults(rolePrefix);
 	}

 	/**
@@ -360,7 +364,7 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	 * @see #setRolePrefix(String)
 	 */
 	protected final String getRolePrefix() {
-		return rolePrefix;
+		return this.rolePrefix.getRolePrefix();
 	}

 	/**
@@ -391,4 +395,14 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 	private SearchControls getSearchControls() {
 		return searchControls;
 	}
+
+	@Override
+	public void setApplicationContext(ApplicationContext context) throws
+			BeansException {
+		String[] beanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
+		if (beanNames.length == 1) {
+			this.rolePrefix = context.getBean(beanNames[0], GrantedAuthorityDefaults.class);
+		}
+	}
+
 }
@@ -20,8 +20,13 @@ import java.util.Collection;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.config.GrantedAuthorityDefaults;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -34,14 +39,15 @@ import org.springframework.util.Assert;
 * object.
 *
 * @author Luke Taylor
+ * @author Eddú Meléndez
 */
-public class LdapUserDetailsMapper implements UserDetailsContextMapper {
+public class LdapUserDetailsMapper implements UserDetailsContextMapper, ApplicationContextAware {
 	// ~ Instance fields
 	// ================================================================================================

 	private final Log logger = LogFactory.getLog(LdapUserDetailsMapper.class);
 	private String passwordAttributeName = "userPassword";
-	private String rolePrefix = "ROLE_";
+	private GrantedAuthorityDefaults rolePrefix = new GrantedAuthorityDefaults("ROLE_");
 	private String[] roleAttributes = null;
 	private boolean convertToUpperCase = true;

@@ -146,7 +152,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 			if (convertToUpperCase) {
 				role = ((String) role).toUpperCase();
 			}
-			return new SimpleGrantedAuthority(rolePrefix + role);
+			return new SimpleGrantedAuthority(this.rolePrefix.getRolePrefix() + role);
 		}
 		return null;
 	}
@@ -188,6 +194,16 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper {
 	 * @param rolePrefix the prefix (defaults to "ROLE_").
 	 */
 	public void setRolePrefix(String rolePrefix) {
-		this.rolePrefix = rolePrefix;
+		this.rolePrefix = new GrantedAuthorityDefaults(rolePrefix);
 	}
+
+	@Override
+	public void setApplicationContext(ApplicationContext context) throws
+			BeansException {
+		String[] beanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
+		if (beanNames.length == 1) {
+			this.rolePrefix = context.getBean(beanNames[0], GrantedAuthorityDefaults.class);
+		}
+	}
+
 }
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.ldap.userdetails;
+
+import org.junit.Test;
+
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.ldap.core.ContextSource;
+import org.springframework.security.config.GrantedAuthorityDefaults;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+/**
+ * @author Eddú Meléndez
+ */
+public class DefaultLdapAuthoritiesPopulatorTests {
+
+	@Test
+	public void testDefaultRolePrefix() {
+		AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
+		context.register(LdapAuthoritiesPopulatorConfiguration.class);
+		context.refresh();
+
+		DefaultLdapAuthoritiesPopulator ldapPopulator = context.getBean(DefaultLdapAuthoritiesPopulator.class);
+		assertThat(ldapPopulator.getRolePrefix()).isEqualTo("ROL_");
+	}
+
+	@Configuration
+	static class LdapAuthoritiesPopulatorConfiguration {
+
+		@Bean
+		public GrantedAuthorityDefaults authorityDefaults() {
+			return new GrantedAuthorityDefaults("ROL_");
+		}
+
+		@Bean
+		public DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
+			ContextSource contextSource = mock(ContextSource.class);
+			return new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups");
+		}
+
+	}
+
+}
@@ -21,9 +21,14 @@ import javax.naming.directory.BasicAttributes;

 import org.junit.Test;

+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.security.config.GrantedAuthorityDefaults;
 import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.test.util.ReflectionTestUtils;

 import static org.assertj.core.api.Assertions.assertThat;

@@ -94,4 +99,32 @@ public class LdapUserDetailsMapperTests {

 		assertThat(user.getPassword()).isEqualTo("mypassword");
 	}
+
+	@Test
+	public void testDefaultRolePrefix() {
+		AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
+		context.register(LdapUserDetailsMapperConfiguration.class);
+		context.refresh();
+
+		LdapUserDetailsMapper ldapUserDetailsMapper = context.getBean(LdapUserDetailsMapper.class);
+
+		GrantedAuthorityDefaults rolePrefix = (GrantedAuthorityDefaults) ReflectionTestUtils.getField(ldapUserDetailsMapper, "rolePrefix");
+		assertThat(rolePrefix.getRolePrefix()).isEqualTo("ROL_");
+	}
+
+	@Configuration
+	static class LdapUserDetailsMapperConfiguration {
+
+		@Bean
+		public GrantedAuthorityDefaults authorityDefaults() {
+			return new GrantedAuthorityDefaults("ROL_");
+		}
+
+		@Bean
+		public LdapUserDetailsMapper ldapUserDetailsMapper() {
+			return new LdapUserDetailsMapper();
+		}
+
+	}
+
 }