From 1c8d28501c6e7bf68f6a8f1c3027e88b256a7acb Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 3 Nov 2010 13:45:35 +0000 Subject: [PATCH] SEC-1550: Convert signatures to use Collection where appropriate. --- .../acls/domain/SidRetrievalStrategyImpl.java | 2 +- .../acls/sid/SidRetrievalStrategyTests.java | 5 +-- .../expression/SecurityExpressionRoot.java | 2 +- .../hierarchicalroles/NullRoleHierarchy.java | 2 +- .../hierarchicalroles/RoleHierarchy.java | 2 +- .../hierarchicalroles/RoleHierarchyImpl.java | 2 +- .../hierarchicalroles/UserDetailsWrapper.java | 2 +- .../access/vote/RoleHierarchyVoter.java | 2 +- .../security/access/vote/RoleVoter.java | 4 +-- .../rcp/RemoteAuthenticationManager.java | 4 +-- .../rcp/RemoteAuthenticationManagerImpl.java | 2 +- .../rcp/RemoteAuthenticationProvider.java | 2 +- .../security/core/Authentication.java | 2 +- .../core/authority/AuthorityUtils.java | 2 +- .../core/userdetails/UserDetails.java | 2 +- .../provisioning/JdbcUserDetailsManager.java | 2 +- .../security/provisioning/MutableUser.java | 2 +- .../SecurityExpressionRootTests.java | 2 +- .../HierarchicalRolesTestHelper.java | 6 ++-- .../jaas/JaasAuthenticationProviderTests.java | 2 +- .../RemoteAuthenticationProviderTests.java | 2 +- .../LdapAuthenticationProvider.java | 4 +-- ...etailsServiceLdapAuthoritiesPopulator.java | 2 +- .../InetOrgPersonContextMapper.java | 2 +- .../userdetails/LdapAuthoritiesPopulator.java | 2 +- .../ldap/userdetails/LdapUserDetailsImpl.java | 2 +- .../userdetails/LdapUserDetailsManager.java | 4 +-- .../userdetails/LdapUserDetailsMapper.java | 2 +- .../ldap/userdetails/PersonContextMapper.java | 2 +- .../userdetails/UserDetailsContextMapper.java | 4 +-- ...sServiceLdapAuthoritiesPopulatorTests.java | 6 ++-- .../taglibs/authz/AbstractAuthorizeTag.java | 36 +++++++++---------- .../SwitchUserAuthorityChanger.java | 4 +-- .../switchuser/SwitchUserFilter.java | 4 +-- ...urityContextHolderAwareRequestWrapper.java | 2 +- ...ngSecurityPropagationInterceptorTests.java | 5 ++- .../switchuser/SwitchUserFilterTests.java | 2 +- 37 files changed, 71 insertions(+), 65 deletions(-) diff --git a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java index afed23cd77..4c0c0d6a81 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java @@ -51,7 +51,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy { //~ Methods ======================================================================================================== public List getSids(Authentication authentication) { - Collection authorities = roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()); + Collection authorities = roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()); List sids = new ArrayList(authorities.size() + 1); sids.add(new PrincipalSid(authentication)); diff --git a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java index 0dae7784f5..d4776f0a8d 100644 --- a/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java @@ -4,6 +4,7 @@ import static org.junit.Assert.*; import static org.mockito.Matchers.*; import static org.mockito.Mockito.*; +import java.util.Collection; import java.util.List; import org.junit.Test; @@ -53,8 +54,8 @@ public class SidRetrievalStrategyTests { @Test public void roleHierarchyIsUsedWhenSet() throws Exception { RoleHierarchy rh = mock(RoleHierarchy.class); - List rhAuthorities = AuthorityUtils.createAuthorityList("D"); - when(rh.getReachableGrantedAuthorities(anyList())).thenReturn(rhAuthorities); + List rhAuthorities = AuthorityUtils.createAuthorityList("D"); + when(rh.getReachableGrantedAuthorities(anyCollection())).thenReturn(rhAuthorities); SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh); List sids = strat.getSids(authentication); diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java index ab0ab48ad1..403007dea9 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java @@ -121,7 +121,7 @@ public abstract class SecurityExpressionRoot { private Set getAuthoritySet() { if (roles == null) { roles = new HashSet(); - Collection userAuthorities = authentication.getAuthorities(); + Collection userAuthorities = authentication.getAuthorities(); if (roleHierarchy != null) { userAuthorities = roleHierarchy.getReachableGrantedAuthorities(userAuthorities); diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java index 84654cf548..8003c6767b 100644 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java @@ -11,7 +11,7 @@ import org.springframework.security.core.GrantedAuthority; */ public final class NullRoleHierarchy implements RoleHierarchy { - public Collection getReachableGrantedAuthorities(Collection authorities) { + public Collection getReachableGrantedAuthorities(Collection authorities) { return authorities; } diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java index 2dc14e29c8..9e86c520d4 100755 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchy.java @@ -40,6 +40,6 @@ public interface RoleHierarchy { * @param authorities - List of the directly assigned authorities. * @return List of all reachable authorities given the assigned authorities. */ - public Collection getReachableGrantedAuthorities(Collection authorities); + public Collection getReachableGrantedAuthorities(Collection authorities); } diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java index 00105219fa..0aeb4bd081 100755 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyImpl.java @@ -105,7 +105,7 @@ public class RoleHierarchyImpl implements RoleHierarchy { buildRolesReachableInOneOrMoreStepsMap(); } - public Collection getReachableGrantedAuthorities(Collection authorities) { + public Collection getReachableGrantedAuthorities(Collection authorities) { if (authorities == null || authorities.isEmpty()) { return AuthorityUtils.NO_AUTHORITIES; } diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java index 939a12eb2b..6742f49c46 100755 --- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java +++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/UserDetailsWrapper.java @@ -49,7 +49,7 @@ public class UserDetailsWrapper implements UserDetails { return userDetails.isAccountNonLocked(); } - public Collection getAuthorities() { + public Collection getAuthorities() { return roleHierarchy.getReachableGrantedAuthorities(userDetails.getAuthorities()); } diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java index 6efee48cdc..2a4ab0f731 100644 --- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java @@ -26,7 +26,7 @@ public class RoleHierarchyVoter extends RoleVoter { * Calls the RoleHierarchy to obtain the complete set of user authorities. */ @Override - Collection extractAuthorities(Authentication authentication) { + Collection extractAuthorities(Authentication authentication) { return roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities()); } } diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java index 5f3b16558b..803692f6ff 100644 --- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java @@ -93,7 +93,7 @@ public class RoleVoter implements AccessDecisionVoter { public int vote(Authentication authentication, Object object, Collection attributes) { int result = ACCESS_ABSTAIN; - Collection authorities = extractAuthorities(authentication); + Collection authorities = extractAuthorities(authentication); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { @@ -111,7 +111,7 @@ public class RoleVoter implements AccessDecisionVoter { return result; } - Collection extractAuthorities(Authentication authentication) { + Collection extractAuthorities(Authentication authentication) { return authentication.getAuthorities(); } } diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java index 0fe3211317..5c871354a7 100644 --- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManager.java @@ -30,7 +30,7 @@ public interface RemoteAuthenticationManager { /** * Attempts to authenticate the remote client using the presented username and password. If authentication - * is successful, an array of GrantedAuthority[] objects will be returned. + * is successful, a collection of {@code GrantedAuthority} objects will be returned. *

* In order to maximise remoting protocol compatibility, a design decision was taken to operate with minimal * arguments and return only the minimal amount of information required for remote clients to enable/disable @@ -44,6 +44,6 @@ public interface RemoteAuthenticationManager { * * @throws RemoteAuthenticationException if the authentication failed. */ - Collection attemptAuthentication(String username, String password) + Collection attemptAuthentication(String username, String password) throws RemoteAuthenticationException; } diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java index e9ea7be65f..2983bc78ee 100644 --- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java +++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationManagerImpl.java @@ -44,7 +44,7 @@ public class RemoteAuthenticationManagerImpl implements RemoteAuthenticationMana Assert.notNull(this.authenticationManager, "authenticationManager is required"); } - public Collection attemptAuthentication(String username, String password) + public Collection attemptAuthentication(String username, String password) throws RemoteAuthenticationException { UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password); diff --git a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java index 162c9353dc..be9a3288bb 100644 --- a/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProvider.java @@ -58,7 +58,7 @@ public class RemoteAuthenticationProvider implements AuthenticationProvider, Ini throws AuthenticationException { String username = authentication.getPrincipal().toString(); String password = authentication.getCredentials().toString(); - Collection authorities = remoteAuthenticationManager.attemptAuthentication(username, password); + Collection authorities = remoteAuthenticationManager.attemptAuthentication(username, password); return new UsernamePasswordAuthenticationToken(username, password, authorities); } diff --git a/core/src/main/java/org/springframework/security/core/Authentication.java b/core/src/main/java/org/springframework/security/core/Authentication.java index 7d39bd4121..cc106d5939 100644 --- a/core/src/main/java/org/springframework/security/core/Authentication.java +++ b/core/src/main/java/org/springframework/security/core/Authentication.java @@ -59,7 +59,7 @@ public interface Authentication extends Principal, Serializable { * @return the authorities granted to the principal, or an empty collection if the token has not been authenticated. * Never null. */ - Collection getAuthorities(); + Collection getAuthorities(); /** * The credentials that prove the principal is correct. This is usually a password, but could be anything diff --git a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java index d8790c257e..ab2f9218f7 100644 --- a/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java +++ b/core/src/main/java/org/springframework/security/core/authority/AuthorityUtils.java @@ -35,7 +35,7 @@ public abstract class AuthorityUtils { * Converts an array of GrantedAuthority objects to a Set. * @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority() */ - public static Set authorityListToSet(Collection userAuthorities) { + public static Set authorityListToSet(Collection userAuthorities) { Set set = new HashSet(userAuthorities.size()); for (GrantedAuthority authority: userAuthorities) { diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java index 689c17d018..b5b8e052fa 100644 --- a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java +++ b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java @@ -59,7 +59,7 @@ public interface UserDetails extends Serializable { * * @return the authorities, sorted by natural key (never null) */ - Collection getAuthorities(); + Collection getAuthorities(); /** * Returns the password used to authenticate the user. Cannot return null. diff --git a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java index d965c0b7f6..a49996c9a5 100644 --- a/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java +++ b/core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java @@ -493,7 +493,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa validateAuthorities(user.getAuthorities()); } - private void validateAuthorities(Collection authorities) { + private void validateAuthorities(Collection authorities) { Assert.notNull(authorities, "Authorities list must not be null"); for (GrantedAuthority authority : authorities) { diff --git a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java index 4b392b633f..821a0ea9b3 100644 --- a/core/src/main/java/org/springframework/security/provisioning/MutableUser.java +++ b/core/src/main/java/org/springframework/security/provisioning/MutableUser.java @@ -27,7 +27,7 @@ class MutableUser implements MutableUserDetails { this.password = password; } - public Collection getAuthorities() { + public Collection getAuthorities() { return delegate.getAuthorities(); } diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java index 287ef273ee..a93732cfab 100644 --- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java @@ -46,7 +46,7 @@ public class SecurityExpressionRootTests { SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {}; root.setRoleHierarchy(new RoleHierarchy() { - public Collection getReachableGrantedAuthorities(Collection authorities) { + public Collection getReachableGrantedAuthorities(Collection authorities) { return AuthorityUtils.createAuthorityList("C"); } }); diff --git a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java index 0b90835ff9..6319f878c7 100755 --- a/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java +++ b/core/src/test/java/org/springframework/security/access/hierarchicalroles/HierarchicalRolesTestHelper.java @@ -28,7 +28,7 @@ import org.apache.commons.collections.CollectionUtils; */ public abstract class HierarchicalRolesTestHelper { - public static boolean containTheSameGrantedAuthorities(Collection authorities1, Collection authorities2) { + public static boolean containTheSameGrantedAuthorities(Collection authorities1, Collection authorities2) { if (authorities1 == null && authorities2 == null) { return true; } @@ -39,7 +39,7 @@ public abstract class HierarchicalRolesTestHelper { return CollectionUtils.isEqualCollection(authorities1, authorities2); } - public static boolean containTheSameGrantedAuthoritiesCompareByAuthorityString(Collection authorities1, Collection authorities2) { + public static boolean containTheSameGrantedAuthoritiesCompareByAuthorityString(Collection authorities1, Collection authorities2) { if (authorities1 == null && authorities2 == null) { return true; } @@ -50,7 +50,7 @@ public abstract class HierarchicalRolesTestHelper { return CollectionUtils.isEqualCollection(toCollectionOfAuthorityStrings(authorities1), toCollectionOfAuthorityStrings(authorities2)); } - public static List toCollectionOfAuthorityStrings(Collection authorities) { + public static List toCollectionOfAuthorityStrings(Collection authorities) { if (authorities == null) { return null; } diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java index c922d35729..57ea87a75b 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java @@ -192,7 +192,7 @@ public class JaasAuthenticationProviderTests { assertNotNull(jaasProvider.getLoginConfig()); assertNotNull(jaasProvider.getLoginContextName()); - Collection list = auth.getAuthorities(); + Collection list = auth.getAuthorities(); assertTrue("GrantedAuthorities should contain ROLE_TEST1", list.contains(new GrantedAuthorityImpl("ROLE_TEST1"))); assertTrue("GrantedAuthorities should contain ROLE_TEST2", list.contains(new GrantedAuthorityImpl("ROLE_TEST2"))); diff --git a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java index 52c2f96ebf..616a1be643 100644 --- a/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/rcp/RemoteAuthenticationProviderTests.java @@ -91,7 +91,7 @@ public class RemoteAuthenticationProviderTests extends TestCase { this.grantAccess = grantAccess; } - public Collection attemptAuthentication(String username, String password) + public Collection attemptAuthentication(String username, String password) throws RemoteAuthenticationException { if (grantAccess) { return AuthorityUtils.createAuthorityList("foo"); diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java index fb13b2e285..0b3109f826 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java @@ -251,7 +251,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa try { DirContextOperations userData = getAuthenticator().authenticate(authentication); - Collection extraAuthorities = loadUserAuthorities(userData, username, password); + Collection extraAuthorities = loadUserAuthorities(userData, username, password); UserDetails user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities); @@ -272,7 +272,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa } } - protected Collection loadUserAuthorities(DirContextOperations userData, String username, String password) { + protected Collection loadUserAuthorities(DirContextOperations userData, String username, String password) { return getAuthoritiesPopulator().getGrantedAuthorities(userData, username); } diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java index 687e0dc43d..f95cb3fb02 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/UserDetailsServiceLdapAuthoritiesPopulator.java @@ -24,7 +24,7 @@ public class UserDetailsServiceLdapAuthoritiesPopulator implements LdapAuthoriti this.userDetailsService = userService; } - public Collection getGrantedAuthorities(DirContextOperations userData, String username) { + public Collection getGrantedAuthorities(DirContextOperations userData, String username) { return userDetailsService.loadUserByUsername(username).getAuthorities(); } } diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java index 38e7ae8ef5..05e19e87c2 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPersonContextMapper.java @@ -28,7 +28,7 @@ import org.springframework.util.Assert; */ public class InetOrgPersonContextMapper implements UserDetailsContextMapper { - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { InetOrgPerson.Essence p = new InetOrgPerson.Essence(ctx); p.setUsername(username); diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java index 1249af4056..4c34f3832e 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.java @@ -42,5 +42,5 @@ public interface LdapAuthoritiesPopulator { * @return the granted authorities for the given user. * */ - Collection getGrantedAuthorities(DirContextOperations userData, String username); + Collection getGrantedAuthorities(DirContextOperations userData, String username); } diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java index 6e58c1f22a..2ae9be71ee 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java @@ -222,7 +222,7 @@ public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData instance.accountNonLocked = accountNonLocked; } - public void setAuthorities(Collection authorities) { + public void setAuthorities(Collection authorities) { mutableAuthorities = new ArrayList(); mutableAuthorities.addAll(authorities); } diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java index a7e7fb747a..dfcb645890 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java @@ -310,7 +310,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { userDetailsMapper.mapUserToContext(user, ctx); } - protected void addAuthorities(DistinguishedName userDn, Collection authorities) { + protected void addAuthorities(DistinguishedName userDn, Collection authorities) { modifyAuthorities(userDn, authorities, DirContext.ADD_ATTRIBUTE); } @@ -318,7 +318,7 @@ public class LdapUserDetailsManager implements UserDetailsManager { modifyAuthorities(userDn, authorities, DirContext.REMOVE_ATTRIBUTE); } - private void modifyAuthorities(final DistinguishedName userDn, final Collection authorities, final int modType) { + private void modifyAuthorities(final DistinguishedName userDn, final Collection authorities, final int modType) { template.executeReadWrite(new ContextExecutor() { public Object executeWithContext(DirContext ctx) throws NamingException { for(GrantedAuthority authority : authorities) { diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java index 410397e7d1..f1c6f6486e 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapper.java @@ -45,7 +45,7 @@ public class LdapUserDetailsMapper implements UserDetailsContextMapper { //~ Methods ======================================================================================================== - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { String dn = ctx.getNameInNamespace(); logger.debug("Mapping user details from context with DN: " + dn); diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java index 227308a69e..444c6d7153 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/PersonContextMapper.java @@ -13,7 +13,7 @@ import org.springframework.util.Assert; */ public class PersonContextMapper implements UserDetailsContextMapper { - public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { + public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities) { Person.Essence p = new Person.Essence(ctx); p.setUsername(username); diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java index 766c28ec9d..79c3f60e36 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/UserDetailsContextMapper.java @@ -36,10 +36,10 @@ public interface UserDetailsContextMapper { * * @param ctx the context object which contains the user information. * @param username the user's supplied login name. - * @param authority the list of authorities which the user should be given. + * @param authorities * @return the user object. */ - UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authority); + UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection authorities); /** * Reverse of the above operation. Populates a context object from the supplied user object. diff --git a/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java b/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java index 3b0f162274..b197e0ac89 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/populator/UserDetailsServiceLdapAuthoritiesPopulatorTests.java @@ -4,6 +4,7 @@ import static org.junit.Assert.*; import static org.mockito.Mockito.*; import java.util.Collection; +import java.util.List; import org.junit.Test; import org.springframework.ldap.core.DirContextAdapter; @@ -23,10 +24,11 @@ public class UserDetailsServiceLdapAuthoritiesPopulatorTests { UserDetailsService uds = mock(UserDetailsService.class); UserDetails user = mock(UserDetails.class); when(uds.loadUserByUsername("joe")).thenReturn(user); - when(user.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("ROLE_USER")); + List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); + when(user.getAuthorities()).thenReturn(authorities); UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds); - Collection auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe"); + Collection auths = populator.getGrantedAuthorities(new DirContextAdapter(), "joe"); assertEquals(1, auths.size()); assertTrue(AuthorityUtils.authorityListToSet(auths).contains("ROLE_USER")); diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java index d85a351a5b..e5e599297f 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java @@ -45,17 +45,17 @@ import org.springframework.util.StringUtils; import org.springframework.web.context.support.WebApplicationContextUtils; /** - * A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). - * It treats tag attributes as simple strings rather than strings that may contain expressions with the + * A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). + * It treats tag attributes as simple strings rather than strings that may contain expressions with the * exception of the "access" attribute, which is always expected to contain a Spring EL expression. - * + * * Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate * them as expressions if necessary, and set the String-based attributes of this class. - * + * * @author Francois Beausoleil * @author Luke Taylor * @author Rossen Stoyanchev - * + * * @since 3.1.0 */ public abstract class AbstractAuthorizeTag { @@ -94,9 +94,9 @@ public abstract class AbstractAuthorizeTag { *

  • ifAllGranted, ifAnyGranted, ifNotGranted
    • * * The above combinations are mutually exclusive and evaluated in the given order. - * + * * @return the result of the authorization decision - * + * * @throws IOException */ public boolean authorize() throws IOException { @@ -119,7 +119,7 @@ public abstract class AbstractAuthorizeTag { /** * Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any * combination can be provided. All provided attributes must evaluate to true. - * + * * @return the result of the authorization decision */ public boolean authorizeUsingGrantedAuthorities() { @@ -131,7 +131,7 @@ public abstract class AbstractAuthorizeTag { return false; } - final Collection granted = getPrincipalAuthorities(); + final Collection granted = getPrincipalAuthorities(); if (hasTextAllGranted) { if (!granted.containsAll(toAuthorities(getIfAllGranted()))) { @@ -159,9 +159,9 @@ public abstract class AbstractAuthorizeTag { /** * Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter * in Spring Security for details on what expressions can be used. - * + * * @return the result of the authorization decision - * + * * @throws IOException */ public boolean authorizeUsingAccessExpression() throws IOException { @@ -194,9 +194,9 @@ public abstract class AbstractAuthorizeTag { /** * Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is * allowed to access the given URL as defined. - * + * * @return the result of the authorization decision - * + * * @throws IOException */ public boolean authorizeUsingUrlCheck() throws IOException { @@ -255,7 +255,7 @@ public abstract class AbstractAuthorizeTag { /*------------- Private helper methods -----------------*/ - private Collection getPrincipalAuthorities() { + private Collection getPrincipalAuthorities() { Authentication currentUser = SecurityContextHolder.getContext().getAuthentication(); if (null == currentUser) { return Collections.emptyList(); @@ -269,7 +269,7 @@ public abstract class AbstractAuthorizeTag { return requiredAuthorities; } - private Set retainAll(final Collection granted, + private Set retainAll(final Collection granted, final Set required) { Set grantedRoles = authoritiesToRoles(granted); Set requiredRoles = authoritiesToRoles(required); @@ -278,7 +278,7 @@ public abstract class AbstractAuthorizeTag { return rolesToAuthorities(grantedRoles, granted); } - private Set authoritiesToRoles(Collection c) { + private Set authoritiesToRoles(Collection c) { Set target = new HashSet(); for (GrantedAuthority authority : c) { if (null == authority.getAuthority()) { @@ -291,7 +291,7 @@ public abstract class AbstractAuthorizeTag { return target; } - private Set rolesToAuthorities(Set grantedRoles, Collection granted) { + private Set rolesToAuthorities(Set grantedRoles, Collection granted) { Set target = new HashSet(); for (String role : grantedRoles) { for (GrantedAuthority authority : granted) { @@ -316,7 +316,7 @@ public abstract class AbstractAuthorizeTag { return h; } } - + throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application " + "context. There must be at least one in order to support expressions in JSP 'authorize' tags."); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java index 41ed21a75b..699a4dee0a 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserAuthorityChanger.java @@ -22,10 +22,10 @@ public interface SwitchUserAuthorityChanger { * * @param targetUser the UserDetails representing the identity being switched to * @param currentAuthentication the current Authentication of the principal performing the switching - * @param authoritiesToBeGranted all {@link GrantedAuthority} instances to be granted to the user, + * @param authoritiesToBeGranted all {@link org.springframework.security.core.GrantedAuthority} instances to be granted to the user, * excluding the special "switch user" authority that is used internally (guaranteed never null) * * @return the modified list of granted authorities. */ - Collection modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection authoritiesToBeGranted); + Collection modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection authoritiesToBeGranted); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java index 0e952ac273..935448e10c 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilter.java @@ -291,7 +291,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth); // get the original authorities - Collection orig = targetUser.getAuthorities(); + Collection orig = targetUser.getAuthorities(); // Allow subclasses to change the authorities to be granted if (switchUserAuthorityChanger != null) { @@ -324,7 +324,7 @@ public class SwitchUserFilter extends GenericFilterBean implements ApplicationEv Authentication original = null; // iterate over granted authorities and find the 'switch user' authority - Collection authorities = current.getAuthorities(); + Collection authorities = current.getAuthorities(); for (GrantedAuthority auth : authorities) { // check for switch user type of authority diff --git a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java index 8a8c5221c7..fab111aa5d 100644 --- a/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java +++ b/web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.java @@ -127,7 +127,7 @@ public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequest return false; } - Collection authorities = auth.getAuthorities(); + Collection authorities = auth.getAuthorities(); if (authorities == null) { return false; diff --git a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java index 6bf0b0a7dd..a526a08771 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/preauth/websphere/WebSphere2SpringSecurityPropagationInterceptorTests.java @@ -18,6 +18,8 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsChecker; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider; +import java.util.List; + /** * * @author Luke Taylor @@ -54,7 +56,8 @@ public class WebSphere2SpringSecurityPropagationInterceptorTests { PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider(); AuthenticationUserDetailsService uds = mock(AuthenticationUserDetailsService.class); UserDetails user = mock(UserDetails.class); - when(user.getAuthorities()).thenReturn(AuthorityUtils.createAuthorityList("SOME_ROLE")); + List authorities = AuthorityUtils.createAuthorityList("SOME_ROLE"); + when(user.getAuthorities()).thenReturn(authorities); when(uds.loadUserDetails(any(Authentication.class))).thenReturn(user); provider.setPreAuthenticatedUserDetailsService(uds); provider.setUserDetailsChecker(mock(UserDetailsChecker.class)); diff --git a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java index 1f572a6903..958c25f892 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.java @@ -368,7 +368,7 @@ public class SwitchUserFilterTests { SwitchUserFilter filter = new SwitchUserFilter(); filter.setUserDetailsService(new MockUserDetailsService()); filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() { - public Collection modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection authoritiesToBeGranted) { + public Collection modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, Collection authoritiesToBeGranted) { List auths = new ArrayList(); auths.add(new GrantedAuthorityImpl("ROLE_NEW")); return auths;