Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-903: Wrong attribute mapping when using jdbc-user-service bean #1156

spring-issuemaster opened this issue Jul 1, 2008 · 1 comment


Copy link

@spring-issuemaster spring-issuemaster commented Jul 1, 2008

Stéphane Sandon(Migrated from SEC-903) said:

The JdbcUserServiceBeanDefinitionParser adds the wrong property when detecting groupAuthoritiesByUsernameQuery.

It adds authoritiesByUsernameQuery instead of groupAuthoritiesByUsernameQuery.

Thus after that the JdbcDaoImpl use its default value for groupAuthoritiesByUsernameQuery instead of the one passed
in parameter by the bean.

I guess that if authoritiesByusernameQuery is passed also, there should be a mismatch between the two queries.
This is a side effect.

Correction tested :
In the class JdbcUserServiceBeanDefinitionParser

if (StringUtils.hasText(groupAuthoritiesQuery)) {
builder.addPropertyValue(“enableGroups”, Boolean.TRUE);
//builder.addPropertyValue(“authoritiesByUsernameQuery”, groupAuthoritiesQuery);
// should be
builder.addPropertyValue(“groupAuthoritiesByUsernameQuery”, groupAuthoritiesQuery);
// end correction

With that the JdbcDaoImplTests testLookupFailsIfUserHasNoGrantedAuthorities() will fail.
When looking at it, it seems that it is not functionaly correct.


This comment has been minimized.

Copy link

@spring-issuemaster spring-issuemaster commented Jul 15, 2008

Luke Taylor said:

Thanks for spotting this. I’ve changed the bean parser to set the correct property name (groupAuthoritiesByUsernameQuery).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.