Add grantedAuthorityMapper as a class member

- Add unit tests for setGrantedAuthorityMapper method

Signed-off-by: dae won <[email protected]>

Author: big-cir

config/src/main/resources/org/springframework/security/config/spring-security-6.4.xsd

@@ -124,7 +124,7 @@
       </xs:annotation>
       <xs:complexType/>
    </xs:element>
-  
+
   <xs:attributeGroup name="password-encoder.attlist">
       <xs:attribute name="ref" type="xs:token">
          <xs:annotation>
@@ -408,7 +408,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="ldap-ap.attlist">
       <xs:attribute name="server-ref" type="xs:token">
          <xs:annotation>
@@ -488,7 +488,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="password-compare.attlist">
       <xs:attribute name="password-attribute" type="xs:token">
          <xs:annotation>
@@ -554,7 +554,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="protect.attlist">
       <xs:attribute name="method" use="required" type="xs:token">
          <xs:annotation>
@@ -892,13 +892,13 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
-  
-  
-  
-  
-  
-  
+
+
+
+
+
+
+
   <xs:attributeGroup name="protect-pointcut.attlist">
       <xs:attribute name="expression" use="required" type="xs:string">
          <xs:annotation>
@@ -1402,7 +1402,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="access-denied-handler.attlist">
       <xs:attribute name="ref" type="xs:token">
          <xs:annotation>
@@ -1427,7 +1427,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="intercept-url.attlist">
       <xs:attribute name="pattern" type="xs:token">
          <xs:annotation>
@@ -1484,7 +1484,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="logout.attlist">
       <xs:attribute name="logout-url" type="xs:token">
          <xs:annotation>
@@ -1531,7 +1531,7 @@
          <xs:attributeGroup ref="security:ref"/>
       </xs:complexType>
    </xs:element>
-  
+
   <xs:attributeGroup name="form-login.attlist">
       <xs:attribute name="login-processing-url" type="xs:token">
          <xs:annotation>
@@ -2064,7 +2064,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="saml2-login.attlist">
       <xs:attribute name="relying-party-registration-repository-ref" type="xs:token">
          <xs:annotation>
@@ -2121,7 +2121,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="saml2-logout.attlist">
       <xs:attribute name="logout-url" type="xs:token">
          <xs:annotation>
@@ -2583,7 +2583,7 @@
          </xs:simpleType>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="http-basic.attlist">
       <xs:attribute name="entry-point-ref" type="xs:token">
          <xs:annotation>
@@ -2616,7 +2616,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="session-management.attlist">
       <xs:attribute name="authentication-strategy-explicit-invocation" type="xs:boolean">
          <xs:annotation>
@@ -2679,7 +2679,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="concurrency-control.attlist">
       <xs:attribute name="max-sessions" type="xs:token">
          <xs:annotation>
@@ -2726,7 +2726,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="remember-me.attlist">
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
@@ -2824,7 +2824,7 @@
   <xs:attributeGroup name="remember-me-data-source-ref">
       <xs:attributeGroup ref="security:data-source-ref"/>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="anonymous.attlist">
       <xs:attribute name="key" type="xs:token">
          <xs:annotation>
@@ -2857,8 +2857,8 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
-  
+
+
   <xs:attributeGroup name="http-port">
       <xs:attribute name="http" use="required" type="xs:token">
          <xs:annotation>
@@ -2875,7 +2875,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="x509.attlist">
       <xs:attribute name="subject-principal-regex" type="xs:token">
          <xs:annotation>
@@ -3018,7 +3018,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="ap.attlist">
       <xs:attribute name="ref" type="xs:token">
          <xs:annotation>
@@ -3070,7 +3070,7 @@
          </xs:annotation>
       </xs:attribute>
   </xs:attributeGroup>
-  
+
   <xs:attributeGroup name="user.attlist">
       <xs:attribute name="name" use="required" type="xs:token">
          <xs:annotation>
@@ -3819,4 +3819,4 @@
          <xs:enumeration value="LAST"/>
       </xs:restriction>
   </xs:simpleType>
-</xs:schema>
+</xs:schema>

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java

@@ -159,6 +159,8 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 
 	private RowMapper<UserDetails> userDetailsMapper = this::mapToUser;
 
+	private RowMapper<GrantedAuthority> grantedAuthorityMapper = this::mapToGrantedAuthority;
+
 	public JdbcUserDetailsManager() {
 	}
 
@@ -182,6 +184,21 @@ public void setUserDetailsMapper(RowMapper<UserDetails> mapper) {
 		this.userDetailsMapper = mapper;
 	}
 
+	/**
+	 * Sets the {@code RowMapper} to convert each authority result row into a
+	 * {@link GrantedAuthority} object.
+	 *
+	 * The default mapper expects columns with names like 'authority' or 'role', and maps
+	 * them directly to SimpleGrantedAuthority objects.
+	 * @param mapper the {@code RowMapper} to use for mapping rows in the database to
+	 * GrantedAuthority objects, must not be null
+	 * @since 6.5
+	 */
+	public void setGrantedAuthorityMapper(RowMapper<GrantedAuthority> mapper) {
+		Assert.notNull(mapper, "grantedAuthorityMapper cannot be null");
+		this.grantedAuthorityMapper = mapper;
+	}
+
 	@Override
 	protected void initDao() throws ApplicationContextException {
 		if (this.authenticationManager == null) {
@@ -197,7 +214,7 @@ protected void initDao() throws ApplicationContextException {
 	 */
 	@Override
 	protected List<UserDetails> loadUsersByUsername(String username) {
-		return getJdbcTemplate().query(getUsersByUsernameQuery(), userDetailsMapper, username);
+		return getJdbcTemplate().query(getUsersByUsernameQuery(), this.userDetailsMapper, username);
 	}
 
 	private UserDetails mapToUser(ResultSet rs, int rowNum) throws SQLException {
@@ -406,10 +423,10 @@ public List<GrantedAuthority> findGroupAuthorities(String groupName) {
 		this.logger.debug("Loading authorities for group '" + groupName + "'");
 		Assert.hasText(groupName, "groupName should have text");
 		return getJdbcTemplate().query(this.groupAuthoritiesSql, new String[] { groupName },
-				this::mapToGrantedAuthority);
+				this.grantedAuthorityMapper);
 	}
 
-	protected GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {
+	private GrantedAuthority mapToGrantedAuthority(ResultSet rs, int rowNum) throws SQLException {
 		String roleName = getRolePrefix() + rs.getString(3);
 		return new SimpleGrantedAuthority(roleName);
 	}

core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java

@@ -52,9 +52,8 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+import static org.mockito.BDDMockito.mock;
+import static org.mockito.BDDMockito.verify;
 
 /**
  * Tests for {@link JdbcUserDetailsManager}
@@ -373,21 +372,39 @@ public void createNewAuthenticationUsesNullPasswordToKeepPassordsSave() {
 	@Test
 	public void setUserDetailsMapperWithNullMapperThrowsException() {
 		assertThatExceptionOfType(IllegalArgumentException.class)
-				.isThrownBy(() -> this.manager.setUserDetailsMapper(null))
-				.withMessage("userDetailsMapper cannot be null");
+			.isThrownBy(() -> this.manager.setUserDetailsMapper(null))
+			.withMessage("userDetailsMapper cannot be null");
 	}
 
 	@Test
 	public void setUserDetailsMapperWithMockMapper() throws SQLException {
 		RowMapper<UserDetails> mockMapper = mock(RowMapper.class);
-		when(mockMapper.mapRow(any(), anyInt())).thenReturn(joe);
+		given(mockMapper.mapRow(any(), anyInt())).willReturn(joe);
 		this.manager.setUserDetailsMapper(mockMapper);
 		insertJoe();
 		UserDetails newJoe = this.manager.loadUserByUsername("joe");
 		assertThat(joe).isEqualTo(newJoe);
 		verify(mockMapper).mapRow(any(), anyInt());
 	}
 
+	@Test
+	public void setGrantedAuthorityMapperWithNullMapperThrowsException() {
+		assertThatExceptionOfType(IllegalArgumentException.class)
+			.isThrownBy(() -> this.manager.setGrantedAuthorityMapper(null))
+			.withMessage("grantedAuthorityMapper cannot be null");
+	}
+
+	@Test
+	public void setGrantedAuthorityMapperWithMockMapper() throws SQLException {
+		RowMapper<GrantedAuthority> mockMapper = mock(RowMapper.class);
+		GrantedAuthority mockAuthority = new SimpleGrantedAuthority("ROLE_MOCK");
+		given(mockMapper.mapRow(any(), anyInt())).willReturn(mockAuthority);
+		this.manager.setGrantedAuthorityMapper(mockMapper);
+		List<GrantedAuthority> authGroup = this.manager.findGroupAuthorities("GROUP_0");
+		assertThat(authGroup.get(0)).isEqualTo(mockAuthority);
+		verify(mockMapper).mapRow(any(), anyInt());
+	}
+
 	private Authentication authenticateJoe() {
 		UsernamePasswordAuthenticationToken auth = UsernamePasswordAuthenticationToken.authenticated("joe", "password",
 				joe.getAuthorities());