Fixed data source validation

spring-projects · Mar 27, 2024 · e084eef · e084eef
1 parent ef3bc34
commit e084eef
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 1 deletion.
diff --git a/...g/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java b/...g/springframework/security/config/authentication/JdbcUserServiceBeanDefinitionParser.java
@@ -42,7 +42,14 @@ protected String getBeanClassName(Element element) {
 	@Override
 	protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
 		String dataSource = element.getAttribute(ATT_DATA_SOURCE);
-		builder.addPropertyReference("dataSource", dataSource);
+		if (StringUtils.hasText(dataSource)) {
+			builder.addPropertyReference("dataSource", dataSource);
+		}
+		else {
+			parserContext.getReaderContext()
+				.error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
+						parserContext.extractSource(element));
+		}
 		String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
 		String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
 		String groupAuthoritiesQuery = element.getAttribute(ATT_GROUP_AUTHORITIES_QUERY);

diff --git a/...ingframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java b/...ingframework/security/config/authentication/JdbcUserServiceBeanDefinitionParserTests.java
@@ -16,10 +16,12 @@
 
 package org.springframework.security.config.authentication;
 
+import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.w3c.dom.Element;
 
+import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.CachingUserDetailsService;
 import org.springframework.security.authentication.ProviderManager;
@@ -160,6 +162,44 @@ public void rolePrefixIsUsedWhenSet() {
 		assertThat(AuthorityUtils.authorityListToSet(rod.getAuthorities())).contains("PREFIX_ROLE_SUPERVISOR");
 	}
 
+	@Test
+	public void testEmptyDataSourceRef() {
+		// @formatter:off
+		String xml = "<authentication-manager>"
+					+ "  <authentication-provider>"
+					+ "    <jdbc-user-service data-source-ref=''/>"
+					+ "  </authentication-provider>"
+					+ "</authentication-manager>";
+		// @formatter:on
+
+		try {
+			setContext(xml);
+			Assertions.fail("Expected exception due to empty data-source-ref");
+		}
+		catch (BeanDefinitionStoreException ex) {
+			assertThat(ex.getMessage()).contains("data-source-ref is required");
+		}
+	}
+
+	@Test
+	public void testMissingDataSourceRef() {
+		// @formatter:off
+		String xml = "<authentication-manager>"
+					+ "  <authentication-provider>"
+					+ "    <jdbc-user-service/>"
+					+ "  </authentication-provider>"
+					+ "</authentication-manager>";
+		// @formatter:on
+
+		try {
+			setContext(xml);
+			Assertions.fail("Expected exception due to missing data-source-ref");
+		}
+		catch (BeanDefinitionStoreException ex) {
+			assertThat(ex.getMessage()).contains("XML document from").contains("is invalid");
+		}
+	}
+
 	private void setContext(String context) {
 		this.appContext = new InMemoryXmlApplicationContext(context);
 	}