Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2768: DefaultMessageSecurityExpressionHandler sets PermissionEvaluator

This commit is contained in:
Rob Winch 2014-11-19 11:58:32 -06:00
parent 95c70f29bd
commit 002a78d87d
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
View File

@ -39,6 +39,7 @@ public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurity
@Override @Override
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message<T> invocation) { protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message<T> invocation) {
MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication,invocation); MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication,invocation);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(trustResolver); root.setTrustResolver(trustResolver);
root.setRoleHierarchy(getRoleHierarchy()); root.setRoleHierarchy(getRoleHierarchy());
return root; return root;

3
messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
View File

@ -27,7 +27,10 @@ import org.springframework.security.core.Authentication;
*/ */
final class MessageSecurityExpressionRoot extends SecurityExpressionRoot { final class MessageSecurityExpressionRoot extends SecurityExpressionRoot {
public final Message<?> message;
public MessageSecurityExpressionRoot(Authentication authentication, Message<?> message) { public MessageSecurityExpressionRoot(Authentication authentication, Message<?> message) {
super(authentication); super(authentication);
this.message = message;
} }
} }

13
messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
View File

@ -27,6 +27,7 @@ import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression; import org.springframework.expression.Expression;
import org.springframework.messaging.Message; import org.springframework.messaging.Message;
import org.springframework.messaging.support.GenericMessage; import org.springframework.messaging.support.GenericMessage;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.ExpressionUtils; import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken;
@ -39,6 +40,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
public class DefaultMessageSecurityExpressionHandlerTests { public class DefaultMessageSecurityExpressionHandlerTests {
@Mock @Mock
AuthenticationTrustResolver trustResolver; AuthenticationTrustResolver trustResolver;
@Mock
PermissionEvaluator permissionEvaluator;
DefaultMessageSecurityExpressionHandler<Object> handler; DefaultMessageSecurityExpressionHandler<Object> handler;
@ -89,4 +92,14 @@ public class DefaultMessageSecurityExpressionHandlerTests {
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
} }
@Test
public void permissionEvaluator() {
handler.setPermissionEvaluator(permissionEvaluator);
EvaluationContext context = handler.createEvaluationContext(authentication, message);
Expression expression = handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
when(permissionEvaluator.hasPermission(authentication, message, "read")).thenReturn(true);
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
}
} }