Menu

#47 XmlAuthenticationManager failes to delete principal

v1.1.0
open
nobody
authentication (16)
5
2010-02-15
2010-02-15
Lennart Schedin
No

How to reproduce:
Extract attached zip file.
Run "mvn test"

Result:
The call to xmlAuthenticationManager.deletePrincipal(rolePrincipal2) failes to delete my previously added principal.

Expected result:
Any call to deletePrincipal() should delete a previously added principal (and the test case should pass)

Test system:
I wrote my test case in Java 5 with Eclipse. Can also be run with maven. I used 1.0.4 och JGuard but I guess that it is the same for later versions.

The important test code is this:
@Test
public void testRemovePrincipal() throws Exception {
//Make sure there are no RolePrincipals
assertEquals(0, getNumberOfRolePrincipals(xmlAuthenticationManager));

//Add one RolePrincipal and make sure it is added correctly
RolePrincipal rolePrincipal1 = new RolePrincipal();
rolePrincipal1.setLocalName("myprincipal1");
xmlAuthenticationManager.createPrincipal(rolePrincipal1);
assertEquals(1, getNumberOfRolePrincipals(xmlAuthenticationManager));

//Add another RolePrincipal and make sure it is added correctly
RolePrincipal rolePrincipal2 = new RolePrincipal();
rolePrincipal2.setLocalName("myprincipal2");
xmlAuthenticationManager.createPrincipal(rolePrincipal2);
assertEquals(2, getNumberOfRolePrincipals(xmlAuthenticationManager));

//Remove the latest inserted RolePrincipal and make sure it is really removed
xmlAuthenticationManager.deletePrincipal(rolePrincipal2);
assertEquals(1, getNumberOfRolePrincipals(xmlAuthenticationManager));

//Remove the last RolePrincipal and make sure it is really removed
xmlAuthenticationManager.deletePrincipal(rolePrincipal1);
assertEquals(0, getNumberOfRolePrincipals(xmlAuthenticationManager));
}

Analysis:
The problem is probably in XmlAuthenticationManager.java. The method deletePrincipal checks the Set "principals" attribute and does not remove the principal from the XML file unless it is found in the attribute. However the method createPrincipal or persistPrincipal does not add it the attribute. The only time the "principals" attribute is updated correctly is the init method.

Discussion

  • Lennart Schedin

    Lennart Schedin - 2010-02-15

    jguard-xml-problem.zip

     
    jguard-xml-problem.zip

  • Lennart Schedin

    Lennart Schedin - 2010-02-15

    What I think is missing is the following:
    protected void persistPrincipal(Principal principal) throws AuthenticationException {
    this.principals.put(principal.getName(), principal);
    this.principalsSet.add(principal);
    ...other code...

    }

    public boolean deletePrincipal(Principal principal) throws AuthenticationException {
    ...other code...

    Principal oldPal = (Principal)localPrincipals.remove(principal.getName());
    localPrincipalsSet.remove(oldPal);
    }

    So the problem looks to be two folded: during persist the local attributes are not updated and during delete the AbstractAuthenticationManager:s attribuate are not updated.

    JdbcAuthenticationManager does not have any local variables for the principals. Is it necessary for XmlAuthenticationManager to have it?

     

Log in to post a comment.