Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test Reactive Method Security Exactly Once Semantics 

Issue gh-15592
This commit is contained in:
Josh Cummings 2024-09-12 15:40:03 -06:00
parent 3e1f8bb960
commit 1aec571a81
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
View File

@ -32,7 +32,10 @@ import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import reactor.test.StepVerifier;
import org.springframework.aop.config.AopConfigUtils;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Role;
@ -48,6 +51,7 @@ import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.authorization.method.AuthorizationAdvisor;
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
import org.springframework.security.authorization.method.AuthorizeReturnObject;
import org.springframework.security.authorization.method.PrePostTemplateDefaults;
@ -57,6 +61,7 @@ import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.stereotype.Component;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import static org.assertj.core.api.Assertions.assertThat;
@ -418,6 +423,32 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
this.spring.getContext().getBean(ClassInheritingAbstractClassWithNoAnnotations.class).method();
}
// gh-15592
@Test
void autowireWhenDefaultsThenCreatesExactlyOneAdvisorPerAnnotation() {
this.spring.register(MethodSecurityServiceEnabledConfig.class).autowire();
AuthorizationAdvisorProxyFactory proxyFactory = this.spring.getContext()
.getBean(AuthorizationAdvisorProxyFactory.class);
assertThat(proxyFactory).hasSize(5);
assertThat(this.spring.getContext().getBeanNamesForType(AuthorizationAdvisor.class)).hasSize(5)
.containsExactlyInAnyOrder("preFilterAuthorizationMethodInterceptor",
"preAuthorizeAuthorizationMethodInterceptor", "postAuthorizeAuthorizationMethodInterceptor",
"postFilterAuthorizationMethodInterceptor", "authorizeReturnObjectMethodInterceptor");
}
// gh-15592
@Test
void autowireWhenAspectJAutoProxyAndFactoryBeanThenExactlyOneAdvisorPerAnnotation() {
this.spring.register(AspectJAwareAutoProxyAndFactoryBeansConfig.class).autowire();
AuthorizationAdvisorProxyFactory proxyFactory = this.spring.getContext()
.getBean(AuthorizationAdvisorProxyFactory.class);
assertThat(proxyFactory).hasSize(5);
assertThat(this.spring.getContext().getBeanNamesForType(AuthorizationAdvisor.class)).hasSize(5)
.containsExactlyInAnyOrder("preFilterAuthorizationMethodInterceptor",
"preAuthorizeAuthorizationMethodInterceptor", "postAuthorizeAuthorizationMethodInterceptor",
"postFilterAuthorizationMethodInterceptor", "authorizeReturnObjectMethodInterceptor");
}
@Configuration
@EnableReactiveMethodSecurity
static class MethodSecurityServiceEnabledConfig {
@ -740,4 +771,30 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
}
@Configuration
@EnableReactiveMethodSecurity
static class AspectJAwareAutoProxyAndFactoryBeansConfig {
@Bean
static BeanDefinitionRegistryPostProcessor beanDefinitionRegistryPostProcessor() {
return AopConfigUtils::registerAspectJAnnotationAutoProxyCreatorIfNecessary;
}
@Component
static class MyFactoryBean implements FactoryBean<Object> {
@Override
public Object getObject() throws Exception {
return new Object();
}
@Override
public Class<?> getObjectType() {
return Object.class;
}
}
}
}