diff --git a/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java index 71d263f11d..1e2ad55b9e 100644 --- a/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java @@ -54,10 +54,6 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, this.authenticationDao = authenticationDao; } - public AuthenticationDao getAuthenticationDao() { - return authenticationDao; - } - /** * Sets the regular expression which will by used to extract the user name * from the certificate's Subject DN. diff --git a/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java b/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java index 4d7590d650..b79dc46c2b 100644 --- a/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java +++ b/core/src/test/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulatorTests.java @@ -8,6 +8,7 @@ import net.sf.acegisecurity.providers.x509.X509TestUtils; import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; +import net.sf.acegisecurity.BadCredentialsException; import org.springframework.dao.DataAccessException; import java.security.cert.X509Certificate; @@ -32,6 +33,28 @@ public class DaoX509AuthoritiesPopulatorTests extends TestCase { super.setUp(); } + public void testRequiresDao() throws Exception { + DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); + try { + populator.afterPropertiesSet(); + fail("Should have thrown IllegalArgumentException"); + } catch(IllegalArgumentException failed) { + // ignored + } + } + + public void testInvalidRegexFails() throws Exception { + DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); + populator.setAuthenticationDao(new MockAuthenticationDaoMatchesNameOrEmail()); + populator.setSubjectDNRegex("CN=(.*?,"); // missing closing bracket on group + try { + populator.afterPropertiesSet(); + fail("Should have thrown IllegalArgumentException"); + } catch(IllegalArgumentException failed) { + // ignored + } + } + public void testDefaultCNPatternMatch() throws Exception{ X509Certificate cert = X509TestUtils.buildTestCertificate(); DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); @@ -51,6 +74,36 @@ public class DaoX509AuthoritiesPopulatorTests extends TestCase { populator.getUserDetails(cert); } + public void testPatternWithNoGroupFails() throws Exception { + X509Certificate cert = X509TestUtils.buildTestCertificate(); + DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); + + populator.setAuthenticationDao(new MockAuthenticationDaoMatchesNameOrEmail()); + populator.setSubjectDNRegex("CN=.*?,"); + populator.afterPropertiesSet(); + try { + populator.getUserDetails(cert); + fail("Should have thrown IllegalArgumentException for regexp without group"); + } catch (IllegalArgumentException e) { + // ignored + } + } + + public void testMatchOnShoeSizeFieldInDNFails() throws Exception { + X509Certificate cert = X509TestUtils.buildTestCertificate(); + DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator(); + + populator.setAuthenticationDao(new MockAuthenticationDaoMatchesNameOrEmail()); + populator.setSubjectDNRegex("shoeSize=(.*?),"); + populator.afterPropertiesSet(); + try { + populator.getUserDetails(cert); + fail("Should have thrown BadCredentialsException."); + } catch (BadCredentialsException failed) { + // ignored + } + } + //~ Inner Classes ========================================================== private class MockAuthenticationDaoMatchesNameOrEmail implements AuthenticationDao {