From f50cbd31bab4279a4a06ffdf1be42d86a0f756a7 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Thu, 3 Nov 2005 10:05:02 +0000
Subject: [PATCH] SEC-38: Make InMemoryDaoImpl support external Properties
 objects.

---
 .../userdetails/memory/InMemoryDaoImpl.java   | 21 +++++++++-
 .../userdetails/memory/UserMapEditor.java     | 38 +++++++++++--------
 .../dao/memory/InMemoryDaoTests.java          | 16 +++++++-
 3 files changed, 55 insertions(+), 20 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/userdetails/memory/InMemoryDaoImpl.java b/core/src/main/java/org/acegisecurity/userdetails/memory/InMemoryDaoImpl.java
index 5207673a56..b15b251ee4 100644
--- a/core/src/main/java/org/acegisecurity/userdetails/memory/InMemoryDaoImpl.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/memory/InMemoryDaoImpl.java
@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,8 +22,11 @@ import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.dao.DataAccessException;
+
 import org.springframework.util.Assert;
 
+import java.util.Properties;
+
 
 /**
  * Retrieves user details from an in-memory list created by the bean context.
@@ -46,8 +49,22 @@ public class InMemoryDaoImpl implements AuthenticationDao, InitializingBean {
         return userMap;
     }
 
+    /**
+     * Modifies the internal <code>UserMap</code> to reflect the
+     * <code>Properties</code> instance passed. This helps externalise user
+     * information to another file etc.
+     *
+     * @param props the account information in a <code>Properties</code> object
+     *        format
+     */
+    public void setUserProperties(Properties props) {
+        UserMap userMap = new UserMap();
+        this.userMap = UserMapEditor.addUsersFromProperties(userMap, props);
+    }
+
     public void afterPropertiesSet() throws Exception {
-        Assert.notNull(this.userMap, "A list of users, passwords, enabled/disabled status and their granted authorities must be set");
+        Assert.notNull(this.userMap,
+            "A list of users, passwords, enabled/disabled status and their granted authorities must be set");
     }
 
     public UserDetails loadUserByUsername(String username)
diff --git a/core/src/main/java/org/acegisecurity/userdetails/memory/UserMapEditor.java b/core/src/main/java/org/acegisecurity/userdetails/memory/UserMapEditor.java
index 834847436b..7250c0cfff 100644
--- a/core/src/main/java/org/acegisecurity/userdetails/memory/UserMapEditor.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/memory/UserMapEditor.java
@@ -80,29 +80,35 @@ public class UserMapEditor extends PropertyEditorSupport {
             propertiesEditor.setAsText(s);
 
             Properties props = (Properties) propertiesEditor.getValue();
+            addUsersFromProperties(userMap, props);
+        }
 
-            // Now we have properties, process each one individually
-            UserAttributeEditor configAttribEd = new UserAttributeEditor();
+        setValue(userMap);
+    }
 
-            for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
-                String username = (String) iter.next();
-                String value = props.getProperty(username);
+    public static UserMap addUsersFromProperties(UserMap userMap,
+        Properties props) {
+        // Now we have properties, process each one individually
+        UserAttributeEditor configAttribEd = new UserAttributeEditor();
 
-                // Convert value to a password, enabled setting, and list of granted authorities
-                configAttribEd.setAsText(value);
+        for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
+            String username = (String) iter.next();
+            String value = props.getProperty(username);
 
-                UserAttribute attr = (UserAttribute) configAttribEd.getValue();
+            // Convert value to a password, enabled setting, and list of granted authorities
+            configAttribEd.setAsText(value);
 
-                // Make a user object, assuming the properties were properly provided
-                if (attr != null) {
-                    UserDetails user = new User(username, attr.getPassword(),
-                            attr.isEnabled(), true, true, true,
-                            attr.getAuthorities());
-                    userMap.addUser(user);
-                }
+            UserAttribute attr = (UserAttribute) configAttribEd.getValue();
+
+            // Make a user object, assuming the properties were properly provided
+            if (attr != null) {
+                UserDetails user = new User(username, attr.getPassword(),
+                        attr.isEnabled(), true, true, true,
+                        attr.getAuthorities());
+                userMap.addUser(user);
             }
         }
 
-        setValue(userMap);
+        return userMap;
     }
 }
diff --git a/core/src/test/java/org/acegisecurity/providers/dao/memory/InMemoryDaoTests.java b/core/src/test/java/org/acegisecurity/providers/dao/memory/InMemoryDaoTests.java
index 769195a249..9633f0985a 100644
--- a/core/src/test/java/org/acegisecurity/providers/dao/memory/InMemoryDaoTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/dao/memory/InMemoryDaoTests.java
@@ -1,4 +1,4 @@
-/* Copyright 2004 Acegi Technology Pty Limited
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,8 @@ import junit.framework.TestCase;
 
 import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
 
+import java.util.Properties;
+
 
 /**
  * Tests {@link InMemoryDaoImpl}.
@@ -68,7 +70,7 @@ public class InMemoryDaoTests extends TestCase {
         assertEquals("wombat", dao.loadUserByUsername("scott").getPassword());
     }
 
-    public void testLookupSuccessWithMixedeCase() throws Exception {
+    public void testLookupSuccessWithMixedCase() throws Exception {
         InMemoryDaoImpl dao = new InMemoryDaoImpl();
         dao.setUserMap(makeUserMap());
         dao.afterPropertiesSet();
@@ -106,6 +108,16 @@ public class InMemoryDaoTests extends TestCase {
         assertEquals(2, dao.getUserMap().getUserCount());
     }
 
+    public void testUseOfExternalPropertiesObject() throws Exception {
+        InMemoryDaoImpl dao = new InMemoryDaoImpl();
+        Properties props = new Properties();
+        props.put("marissa", "koala,ROLE_ONE,ROLE_TWO,enabled");
+        props.put("scott", "wombat,ROLE_ONE,ROLE_TWO,enabled");
+        dao.setUserProperties(props);
+        assertEquals("koala", dao.loadUserByUsername("marissa").getPassword());
+        assertEquals("wombat", dao.loadUserByUsername("scott").getPassword());
+    }
+
     private UserMap makeUserMap() {
         UserMapEditor editor = new UserMapEditor();
         editor.setAsText(