For DatabaseOnlyLdap authorities return defaultRole even if user does…

… not exists in DB Fixes #14
grails-plugins · May 4, 2017 · cda0949 · cda0949
1 parent 10c8d9f
commit cda0949
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/...rieve-db-roles/src/integration-test/groovy/com/test/SecureControllerFunctionalSpec.groovy b/...rieve-db-roles/src/integration-test/groovy/com/test/SecureControllerFunctionalSpec.groovy
@@ -67,7 +67,7 @@ class SecureControllerFunctionalSpec extends AbstractSecurityFunctionalSpec {
 		at SecureUserPage
 
 		then:
-		assertContentDoesNotContain 'ROLE_USER' // TODO: is this a bug
+		assertContentContains 'ROLE_USER'
 		assertContentDoesNotContain 'ROLE_SUPERUSER'
 
 		when:

diff --git a/...grails/plugin/springsecurity/ldap/userdetails/DatabaseOnlyLdapAuthoritiesPopulator.groovy b/...grails/plugin/springsecurity/ldap/userdetails/DatabaseOnlyLdapAuthoritiesPopulator.groovy
@@ -40,23 +40,25 @@ class DatabaseOnlyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator,
 
 	Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
 
+		def roles = [] as Set<GrantedAuthority>
+		if (defaultRole) {
+			roles << defaultRole
+		}
+
 		UserDetails dbDetails
 		try {
 			dbDetails = userDetailsService.loadUserByUsername(username, true)
 		}
 		catch (UsernameNotFoundException ignored) {
 			// just looking for roles, so ignore the UsernameNotFoundException
-			return AuthorityUtils.NO_AUTHORITIES
+			return roles ?: AuthorityUtils.NO_AUTHORITIES
 		}
 
 		if (dbDetails.authorities == null) {
-			return AuthorityUtils.NO_AUTHORITIES
+			return roles ?: AuthorityUtils.NO_AUTHORITIES
 		}
 
-		Collection<GrantedAuthority> roles = new HashSet<GrantedAuthority>(dbDetails.authorities)
-		if (defaultRole) {
-			roles << defaultRole
-		}
+		roles.addAll(dbDetails.authorities)
 
 		roles
 	}