From 49da801096caef6cbf1d2acc1af50dd20dcc4d26 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 14 Jun 2006 22:44:39 +0000 Subject: [PATCH] SEC-303: Check from null role attribute in LdapUserDetailsMapper --- .../ldap/LdapUserDetailsMapper.java | 5 ++ .../ldap/LdapUserDetailsMapperTests.java | 67 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java diff --git a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java index 5947ae430f..50fed353da 100644 --- a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java +++ b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapper.java @@ -72,6 +72,11 @@ public class LdapUserDetailsMapper implements LdapEntryMapper { for (int i = 0; (roleAttributes != null) && (i < roleAttributes.length); i++) { Attribute roleAttribute = attributes.get(roleAttributes[i]); + if(roleAttribute == null) { + logger.debug("Couldn't read role attribute '" + roleAttributes[i] + "' for user " + dn); + continue; + } + NamingEnumeration attributeRoles = roleAttribute.getAll(); while (attributeRoles.hasMore()) { diff --git a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java new file mode 100644 index 0000000000..e11749b5a6 --- /dev/null +++ b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsMapperTests.java @@ -0,0 +1,67 @@ +/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.acegisecurity.userdetails.ldap; + +import junit.framework.TestCase; + +import javax.naming.directory.BasicAttributes; +import javax.naming.directory.BasicAttribute; + +/** + * Tests {@link LdapUserDetailsMapper}. + * + * @author Luke Taylor + * @version $Id$ + */ +public class LdapUserDetailsMapperTests extends TestCase { + + + public void testMultipleRoleAttributeValuesAreMappedToAuthorities() throws Exception { + LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); + mapper.setConvertToUpperCase(false); + mapper.setRolePrefix(""); + + mapper.setRoleAttributes(new String[] {"userRole"}); + + BasicAttributes attrs = new BasicAttributes(); + BasicAttribute roleAttribute = new BasicAttribute("userRole"); + roleAttribute.add("X"); + roleAttribute.add("Y"); + roleAttribute.add("Z"); + attrs.put(roleAttribute); + + LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs); + + assertEquals(3, user.getGrantedAuthorities().length); + } + + /** + * SEC-303. Non-retrieved role attribute causes NullPointerException + */ + public void testNonRetrievedRoleAttributeIsIgnored() throws Exception { + LdapUserDetailsMapper mapper = new LdapUserDetailsMapper(); + + mapper.setRoleAttributes(new String[] {"userRole", "nonRetrievedAttribute"}); + + BasicAttributes attrs = new BasicAttributes(); + attrs.put(new BasicAttribute("userRole", "x")); + + LdapUserDetailsImpl.Essence user = (LdapUserDetailsImpl.Essence) mapper.mapAttributes("cn=someName", attrs); + + assertEquals(1, user.getGrantedAuthorities().length); + assertEquals("ROLE_X", user.getGrantedAuthorities()[0].getAuthority()); + } +}