Examples of org.springframework.security.core.userdetails.UserDetails

• org.springframework.security.core.userdetails.UserDetails
  Provides core user information.

  Implementations are not used directly by Spring Security for security purposes. They simply store user information which is later encapsulated into {@link Authentication} objects. This allows non-security related userinformation (such as email addresses, telephone numbers etc) to be stored in a convenient location.

  Concrete implementations must take particular care to ensure the non-null contract detailed for each method is enforced. See {@link org.springframework.security.core.userdetails.User} for areference implementation (which you might like to extend or use in your code). @see UserDetailsService @see UserCache @author Ben Alex

        }

        // Check the user exists.
        // Defer lookup until after expiry time checked, to possibly avoid expensive database call.

        UserDetails userDetails = getUserDetailsService().loadUserByUsername(cookieTokens[0]);

        // Check signature of token matches remaining details.
        // Must do this after user lookup, as we need the DAO-derived password.
        // If efficiency was a major issue, just add in a UserCache implementation,
        // but recall that this method is usually only called once per HttpSession - if the token is valid,
        // it will cause SecurityContextHolder population, whilst if invalid, will cause the cookie to be cancelled.
        String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails.getUsername(),
                userDetails.getPassword());

        if (!equals(expectedTokenSignature,cookieTokens[2])) {
            throw new InvalidCookieException("Cookie token[2] contained signature '" + cookieTokens[2]
                                                                                                    + "' but expected '" + expectedTokenSignature + "'");
        }

        Assert.notNull(password, "Null password was supplied in authentication token");

        DirContextOperations userData = doAuthentication(userToken);

        UserDetails user = userDetailsContextMapper.mapUserFromContext(userData, authentication.getName(),
                    loadUserAuthorities(userData, authentication.getName(), (String)authentication.getCredentials()));

        return createSuccessfulAuthentication(userToken, user);
    }

        LdapUserDetailsService service =
                new LdapUserDetailsService(new MockUserSearch(userData), new MockAuthoritiesPopulator());
        service.setUserDetailsMapper(new LdapUserDetailsMapper());

        UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");

        Set<String> authorities = AuthorityUtils.authorityListToSet(user.getAuthorities());
        assertEquals(1, authorities.size());
        assertTrue(authorities.contains("ROLE_FROM_POPULATOR"));
    }

    @Test
    public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() throws Exception {
        DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));

        LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData));
        UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
        assertEquals(0, user.getAuthorities().size());
    }

    @Test
    public void createUserInsertsCorrectData() {
        manager.createUser(joe);

        UserDetails joe2 = manager.loadUserByUsername("joe");

        assertEquals(joe, joe2);
    }

        User newJoe = new User("joe","newpassword",false,true,true,true,
                AuthorityUtils.createAuthorityList(new String[]{"D","F","E"}));

        manager.updateUser(newJoe);

        UserDetails joe = manager.loadUserByUsername("joe");

        assertEquals(newJoe, joe);
        assertFalse(cache.getUserMap().containsKey("joe"));
    }

    @Test
    public void changePasswordSucceedsWithAuthenticatedUserAndNoAuthenticationManagerSet() {
        insertJoe();
        authenticateJoe();
        manager.changePassword("wrongpassword", "newPassword");
        UserDetails newJoe = manager.loadUserByUsername("joe");

        assertEquals("newPassword", newJoe.getPassword());
        assertFalse(cache.getUserMap().containsKey("joe"));
    }

        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(currentAuth)).thenReturn(currentAuth);

        manager.setAuthenticationManager(am);
        manager.changePassword("password", "newPassword");
        UserDetails newJoe = manager.loadUserByUsername("joe");

        assertEquals("newPassword", newJoe.getPassword());
        // The password in the context should also be altered
        Authentication newAuth = SecurityContextHolder.getContext().getAuthentication();
        assertEquals("joe", newAuth.getName());
        assertEquals(currentAuth.getDetails(), newAuth.getDetails());
        assertThat(newAuth.getCredentials()).isNull();

            fail("Expected BadCredentialsException");
        } catch (BadCredentialsException expected) {
        }

        // Check password hasn't changed.
        UserDetails newJoe = manager.loadUserByUsername("joe");
        assertEquals("password", newJoe.getPassword());
        assertEquals("password", SecurityContextHolder.getContext().getAuthentication().getCredentials());
        assertTrue(cache.getUserMap().containsKey("joe"));
    }

public class UserDetailsServiceLdapAuthoritiesPopulatorTests {

    @Test
    public void delegationToUserDetailsServiceReturnsCorrectRoles() throws Exception {
        UserDetailsService uds = mock(UserDetailsService.class);
        UserDetails user = mock(UserDetails.class);
        when(uds.loadUserByUsername("joe")).thenReturn(user);
        List authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
        when(user.getAuthorities()).thenReturn(authorities);

        UserDetailsServiceLdapAuthoritiesPopulator populator = new UserDetailsServiceLdapAuthoritiesPopulator(uds);
        Collection<? extends GrantedAuthority> auths =  populator.getGrantedAuthorities(new DirContextAdapter(), "joe");

        assertEquals(1, auths.size());