From 4def40506759420e9f660c154380284631fca05a Mon Sep 17 00:00:00 2001 From: Dmitry Korotych Date: Thu, 8 Jun 2023 19:58:43 +0300 Subject: [PATCH] Allow authorities to be overridden in UserBuilder Issue gh-12533 --- .../security/core/userdetails/User.java | 1 + .../security/core/userdetails/UserTests.java | 32 ++++++++++++++++--- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java index 8ed14bf1dc8..3629c8bd8e4 100644 --- a/core/src/main/java/org/springframework/security/core/userdetails/User.java +++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java @@ -441,6 +441,7 @@ public UserBuilder authorities(GrantedAuthority... authorities) { */ public UserBuilder authorities(Collection authorities) { Assert.notNull(authorities, "authorities cannot be null"); + this.authorities.clear(); this.authorities.addAll(authorities); return this; } diff --git a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java index 8d3825edc63..9402856b57b 100644 --- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java +++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java @@ -18,18 +18,19 @@ import java.io.ByteArrayOutputStream; import java.io.ObjectOutputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.List; -import java.util.Set; +import java.util.*; import java.util.function.Function; +import java.util.stream.Stream; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.util.CollectionUtils; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -45,6 +46,14 @@ public class UserTests { private static final List ROLE_12 = AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"); + public static Stream testNewAuthoritiesShouldReplacePreviousAuthorities() { + return Stream.of( + Arguments.of((Object) new String[0]), + Arguments.of((Object) new String[]{"B7", "C12", "role"}), + Arguments.of((Object) new String[]{"A1"}) + ); + } + @Test public void equalsReturnsTrueIfUsernamesAreTheSame() { User user1 = new User("rod", "koala", true, true, true, true, ROLE_12); @@ -98,6 +107,19 @@ public void testNullWithinUserAuthoritiesIsRejected() { .authorities(new String[] { null, null }).build()); } + @ParameterizedTest + @MethodSource + public void testNewAuthoritiesShouldReplacePreviousAuthorities(String[] authorities) { + UserDetails parent = User.builder().username("user").password("password").authorities("A1", "A2", "B1").build(); + User.UserBuilder builder = User.withUserDetails(parent).authorities(authorities); + UserDetails user = builder.build(); + assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities); + user = builder.authorities(AuthorityUtils.createAuthorityList(authorities)).build(); + assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities); + user = builder.authorities(AuthorityUtils.createAuthorityList(authorities).toArray(GrantedAuthority[]::new)).build(); + assertThat(AuthorityUtils.authorityListToSet(user.getAuthorities())).containsOnly(authorities); + } + @Test public void testNullValuesRejected() { assertThatIllegalArgumentException().isThrownBy(() -> new User(null, "koala", true, true, true, true, ROLE_12));