SEC-836: Made LDAP namespace elements use subtree group searching by default.

18 years ago · 45c3084502
3 changed files with 5 additions and 4 deletions
--- a/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java
@ -123,6 +123,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
				@@ -123,6 +123,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
        populator.addConstructorArg(parseServerReference(elt, parserContext));
        populator.addConstructorArg(groupSearchBase);
        populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
+        populator.addPropertyValue("searchSubtree", Boolean.TRUE);
        
        if (StringUtils.hasText(rolePrefix)) {
            if ("none".equals(rolePrefix)) {
--- a/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapProviderBeanDefinitionParserTests.java
@ -38,8 +38,8 @@ public class LdapProviderBeanDefinitionParserTests {
				@@ -38,8 +38,8 @@ public class LdapProviderBeanDefinitionParserTests {
        Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
        LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal();

-        assertEquals(2, ben.getAuthorities().length);
-    }  
+        assertEquals(3, ben.getAuthorities().length);
+    }
    
    @Test(expected = SecurityConfigurationException.class)
    public void missingServerEltCausesConfigException() {
--- a/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParserTests.java
@ -42,7 +42,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
				@@ -42,7 +42,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
        UserDetails ben = uds.loadUserByUsername("ben");

        Set authorities = AuthorityUtils.authorityArrayToSet(ben.getAuthorities());
-        assertEquals(2, authorities.size());
+        assertEquals(3, authorities.size());
        assertTrue(authorities.contains("ROLE_DEVELOPERS"));
    }

@ -88,7 +88,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
				@@ -88,7 +88,7 @@ public class LdapUserServiceBeanDefinitionParserTests {
        UserDetails ben = uds.loadUserByUsername("ben");

        Set authorities = AuthorityUtils.authorityArrayToSet(ben.getAuthorities());
-        assertEquals(2, authorities.size());
+        assertEquals(3, authorities.size());
        assertTrue(authorities.contains(new GrantedAuthorityImpl("ROLE_DEVELOPER")));
        
    }