Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moved XML test snippet to ConfigTestUtils class and removed context files from core-tiger tests in favour of in-memory XML

Browse Source
This commit is contained in:
Luke Taylor 2008-07-31 21:35:29 +00:00
parent c8b22d8e36
commit 3049b933d9
12 changed files with 158 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
core-tiger/src/test/java/org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.java
View File

@ -1,12 +1,11 @@
package org.springframework.security.config; package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.assertEquals;
import org.junit.After; import org.junit.After;
import org.junit.Test; import org.junit.Test;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException; import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext; import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
@ -19,6 +18,7 @@ import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class GlobalMethodSecurityBeanDefinitionParserTests { public class GlobalMethodSecurityBeanDefinitionParserTests {
@ -27,9 +27,15 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
private BusinessService target; private BusinessService target;
public void loadContext() { public void loadContext() {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/global-method-security.xml"); setContext(
"<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/>" +
"<global-method-security>" +
" <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>" +
" <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/>" +
"</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
target = (BusinessService) appContext.getBean("target"); target = (BusinessService) appContext.getBean("target");
} }
@After @After
public void closeAppContext() { public void closeAppContext() {
@ -41,13 +47,13 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
@Test(expected=AuthenticationCredentialsNotFoundException.class) @Test(expected=AuthenticationCredentialsNotFoundException.class)
public void targetShouldPreventProtectedMethodInvocationWithNoContext() { public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
loadContext(); loadContext();
target.someUserMethod1(); target.someUserMethod1();
} }
@Test @Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() { public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
loadContext(); loadContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")}); new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_USER")});
SecurityContextHolder.getContext().setAuthentication(token); SecurityContextHolder.getContext().setAuthentication(token);
@ -57,20 +63,19 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
@Test(expected=AccessDeniedException.class) @Test(expected=AccessDeniedException.class)
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() { public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
loadContext(); loadContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")}); new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")});
SecurityContextHolder.getContext().setAuthentication(token); SecurityContextHolder.getContext().setAuthentication(token);
target.someAdminMethod(); target.someAdminMethod();
} }
@Test @Test
public void doesntInterfereWithBeanPostProcessing() { public void doesntInterfereWithBeanPostProcessing() {
setContext( setContext(
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" + "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
"<global-method-security />" + "<global-method-security />" +
// "<http auto-config='true'/>" +
"<authentication-provider user-service-ref='myUserService'/>" + "<authentication-provider user-service-ref='myUserService'/>" +
"<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>" "<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>"
); );
@ -82,25 +87,24 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
@Test(expected=AccessDeniedException.class) @Test(expected=AccessDeniedException.class)
public void worksWithAspectJAutoproxy() { public void worksWithAspectJAutoproxy() {
setContext( setContext(
"<global-method-security>" + "<global-method-security>" +
" <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'" + " <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'" +
" access='ROLE_SOMETHING' />" + " access='ROLE_SOMETHING' />" +
"</global-method-security>" + "</global-method-security>" +
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" + "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
"<aop:aspectj-autoproxy />" + "<aop:aspectj-autoproxy />" +
"<authentication-provider user-service-ref='myUserService'/>" "<authentication-provider user-service-ref='myUserService'/>"
); );
UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService"); UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")}); new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")});
SecurityContextHolder.getContext().setAuthentication(token); SecurityContextHolder.getContext().setAuthentication(token);
service.loadUserByUsername("notused"); service.loadUserByUsername("notused");
} }
@Test(expected=BeanDefinitionParsingException.class) @Test(expected=BeanDefinitionParsingException.class)
public void duplicateElementCausesError() { public void duplicateElementCausesError() {
setContext( setContext(
@ -108,7 +112,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
"<global-method-security />" "<global-method-security />"
); );
} }
private void setContext(String context) { private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context); appContext = new InMemoryXmlApplicationContext(context);
} }

13
core-tiger/src/test/java/org/springframework/security/config/Jsr250AnnotationDrivenBeanDefinitionParserTests.java
View File

@ -3,7 +3,6 @@ package org.springframework.security.config;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
@ -11,19 +10,23 @@ import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService; import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class Jsr250AnnotationDrivenBeanDefinitionParserTests { public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
private ClassPathXmlApplicationContext appContext; private InMemoryXmlApplicationContext appContext;
private BusinessService target; private BusinessService target;
@Before @Before
public void loadContext() { public void loadContext() {
appContext = new ClassPathXmlApplicationContext("/org/springframework/security/config/jsr250-annotated-method-security.xml"); appContext = new InMemoryXmlApplicationContext(
"<b:bean id='target' class='org.springframework.security.annotation.Jsr250BusinessServiceImpl'/>" +
"<global-method-security jsr250-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
target = (BusinessService) appContext.getBean("target"); target = (BusinessService) appContext.getBean("target");
} }
@ -48,7 +51,7 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
target.someOther(0); target.someOther(0);
} }
@Test @Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() { public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
@ -66,4 +69,4 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
target.someAdminMethod(); target.someAdminMethod();
} }
} }

9
core-tiger/src/test/java/org/springframework/security/config/SecuredAnnotationDrivenBeanDefinitionParserTests.java
View File

@ -3,7 +3,6 @@ package org.springframework.security.config;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
@ -11,19 +10,23 @@ import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService; import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class SecuredAnnotationDrivenBeanDefinitionParserTests { public class SecuredAnnotationDrivenBeanDefinitionParserTests {
private ClassPathXmlApplicationContext appContext; private InMemoryXmlApplicationContext appContext;
private BusinessService target; private BusinessService target;
@Before @Before
public void loadContext() { public void loadContext() {
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/secured-annotated-method-security.xml"); appContext = new InMemoryXmlApplicationContext(
"<b:bean id='target' class='org.springframework.security.annotation.Jsr250BusinessServiceImpl'/>" +
"<global-method-security secured-annotations='enabled'/>" + ConfigTestUtils.AUTH_PROVIDER_XML
);
target = (BusinessService) appContext.getBean("target"); target = (BusinessService) appContext.getBean("target");
} }

0
core-tiger/src/test/resources/core-tiger.src.test.resources.placeholder
View File

23
core-tiger/src/test/resources/org/springframework/security/config/global-method-security.xml
View File

@ -1,23 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.BusinessServiceImpl"/>
<global-method-security>
<protect-pointcut expression="execution(* *.someUser*(..))" access="ROLE_USER"/>
<protect-pointcut expression="execution(* *.someAdmin*(..))" access="ROLE_ADMIN"/>
</global-method-security>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>

20
core-tiger/src/test/resources/org/springframework/security/config/jsr250-annotated-method-security.xml
View File

@ -1,20 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.Jsr250BusinessServiceImpl"/>
<global-method-security jsr250-annotations="enabled"/>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>

20
core-tiger/src/test/resources/org/springframework/security/config/secured-annotated-method-security.xml
View File

@ -1,20 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<b:bean id="target" class="org.springframework.security.annotation.Jsr250BusinessServiceImpl"/>
<global-method-security secured-annotations="enabled"/>
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B" />
<user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B,AUTH_OTHER" />
</user-service>
</authentication-provider>
</b:beans>

14
core/src/test/java/org/springframework/security/config/ConfigTestUtils.java Normal file
View File

@ -0,0 +1,14 @@
package org.springframework.security.config;
public abstract class ConfigTestUtils {
public static final String AUTH_PROVIDER_XML =
" <authentication-provider>" +
" <user-service id='us'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
" <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />" +
" </user-service>" +
" </authentication-provider>";
}

10
core/src/test/java/org/springframework/security/config/CustomAfterInvocationProviderBeanDefinitionDecoratorTests.java
View File

@ -11,7 +11,7 @@ import org.springframework.security.util.InMemoryXmlApplicationContext;
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests { public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
private AbstractXmlApplicationContext appContext; private AbstractXmlApplicationContext appContext;
@After @After
public void closeAppContext() { public void closeAppContext() {
if (appContext != null) { if (appContext != null) {
@ -19,7 +19,7 @@ public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
appContext = null; appContext = null;
} }
} }
@Test @Test
public void customAfterInvocationProviderIsAddedToInterceptor() { public void customAfterInvocationProviderIsAddedToInterceptor() {
setContext( setContext(
@ -27,11 +27,11 @@ public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
"<b:bean id='aip' class='org.springframework.security.config.MockAfterInvocationProvider'>" + "<b:bean id='aip' class='org.springframework.security.config.MockAfterInvocationProvider'>" +
" <custom-after-invocation-provider />" + " <custom-after-invocation-provider />" +
"</b:bean>" + "</b:bean>" +
HttpSecurityBeanDefinitionParserTests.AUTH_PROVIDER_XML ConfigTestUtils.AUTH_PROVIDER_XML
); );
MethodSecurityInterceptor msi = (MethodSecurityInterceptor) appContext.getBean(BeanIds.METHOD_SECURITY_INTERCEPTOR); MethodSecurityInterceptor msi = (MethodSecurityInterceptor) appContext.getBean(BeanIds.METHOD_SECURITY_INTERCEPTOR);
AfterInvocationProviderManager apm = (AfterInvocationProviderManager) msi.getAfterInvocationManager(); AfterInvocationProviderManager apm = (AfterInvocationProviderManager) msi.getAfterInvocationManager();
assertNotNull(apm); assertNotNull(apm);
assertEquals(1, apm.getProviders().size()); assertEquals(1, apm.getProviders().size());
assertTrue(apm.getProviders().get(0) instanceof MockAfterInvocationProvider); assertTrue(apm.getProviders().get(0) instanceof MockAfterInvocationProvider);

28
core/src/test/java/org/springframework/security/config/FilterInvocationDefinitionSourceParserTests.java
View File

@ -15,36 +15,36 @@ import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.util.InMemoryXmlApplicationContext; import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* *
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$
*/ */
public class FilterInvocationDefinitionSourceParserTests { public class FilterInvocationDefinitionSourceParserTests {
private AbstractXmlApplicationContext appContext; private AbstractXmlApplicationContext appContext;
@After @After
public void closeAppContext() { public void closeAppContext() {
if (appContext != null) { if (appContext != null) {
appContext.close(); appContext.close();
appContext = null; appContext = null;
} }
} }
private void setContext(String context) { private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context); appContext = new InMemoryXmlApplicationContext(context);
} }
@Test @Test
public void parsingMinimalConfigurationIsSuccessful() { public void parsingMinimalConfigurationIsSuccessful() {
setContext( setContext(
"<filter-invocation-definition-source id='fids'>" + "<filter-invocation-definition-source id='fids'>" +
" <intercept-url pattern='/**' access='ROLE_A'/>" + " <intercept-url pattern='/**' access='ROLE_A'/>" +
"</filter-invocation-definition-source>"); "</filter-invocation-definition-source>");
DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) appContext.getBean("fids"); DefaultFilterInvocationDefinitionSource fids = (DefaultFilterInvocationDefinitionSource) appContext.getBean("fids");
ConfigAttributeDefinition cad = fids.getAttributes(createFilterInvocation("/anything", "GET")); ConfigAttributeDefinition cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
assertTrue(cad.contains(new SecurityConfig("ROLE_A"))); assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
} }
@Test @Test
public void parsingWithinFilterSecurityInterceptorIsSuccessful() { public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
setContext( setContext(
@ -57,12 +57,12 @@ public class FilterInvocationDefinitionSourceParserTests {
" <intercept-url pattern='/**' access='ROLE_USER'/>" + " <intercept-url pattern='/**' access='ROLE_USER'/>" +
" </filter-invocation-definition-source>" + " </filter-invocation-definition-source>" +
" </b:property>" + " </b:property>" +
"</b:bean>" + HttpSecurityBeanDefinitionParserTests.AUTH_PROVIDER_XML); "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
} }
private FilterInvocation createFilterInvocation(String path, String method) { private FilterInvocation createFilterInvocation(String path, String method) {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null); request.setRequestURI(null);

149
core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
View File

@ -1,6 +1,7 @@
package org.springframework.security.config; package org.springframework.security.config;
import static org.junit.Assert.*; import static org.junit.Assert.*;
import static org.springframework.security.config.ConfigTestUtils.*;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.Iterator; import java.util.Iterator;
@ -56,13 +57,7 @@ import org.springframework.util.ReflectionUtils;
*/ */
public class HttpSecurityBeanDefinitionParserTests { public class HttpSecurityBeanDefinitionParserTests {
private AbstractXmlApplicationContext appContext; private AbstractXmlApplicationContext appContext;
static final String AUTH_PROVIDER_XML =
" <authentication-provider>" +
" <user-service id='us'>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
" <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />" +
" </user-service>" +
" </authentication-provider>";
@After @After
public void closeAppContext() { public void closeAppContext() {
@ -76,7 +71,7 @@ public class HttpSecurityBeanDefinitionParserTests {
public void minimalConfigurationParses() { public void minimalConfigurationParses() {
setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML); setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
} }
@Test @Test
public void httpAutoConfigSetsUpCorrectFilterList() throws Exception { public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' />" + AUTH_PROVIDER_XML);
@ -90,18 +85,18 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test(expected=BeanDefinitionParsingException.class) @Test(expected=BeanDefinitionParsingException.class)
public void duplicateElementCausesError() throws Exception { public void duplicateElementCausesError() throws Exception {
setContext("<http auto-config='true' /><http auto-config='true' />" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' /><http auto-config='true' />" + AUTH_PROVIDER_XML);
} }
private void checkAutoConfigFilters(List filterList) throws Exception { private void checkAutoConfigFilters(List filterList) throws Exception {
assertEquals("Expected 11 filters in chain", 11, filterList.size()); assertEquals("Expected 11 filters in chain", 11, filterList.size());
Iterator filters = filterList.iterator(); Iterator filters = filterList.iterator();
assertTrue(filters.next() instanceof HttpSessionContextIntegrationFilter); assertTrue(filters.next() instanceof HttpSessionContextIntegrationFilter);
assertTrue(filters.next() instanceof LogoutFilter); assertTrue(filters.next() instanceof LogoutFilter);
Object authProcFilter = filters.next(); Object authProcFilter = filters.next();
assertTrue(authProcFilter instanceof AuthenticationProcessingFilter); assertTrue(authProcFilter instanceof AuthenticationProcessingFilter);
// Check RememberMeServices has been set on AuthenticationProcessingFilter // Check RememberMeServices has been set on AuthenticationProcessingFilter
Object rms = FieldUtils.getFieldValue(authProcFilter, "rememberMeServices"); Object rms = FieldUtils.getFieldValue(authProcFilter, "rememberMeServices");
assertNotNull(rms); assertNotNull(rms);
assertTrue(rms instanceof RememberMeServices); assertTrue(rms instanceof RememberMeServices);
@ -112,7 +107,7 @@ public class HttpSecurityBeanDefinitionParserTests {
assertTrue(filters.next() instanceof RememberMeProcessingFilter); assertTrue(filters.next() instanceof RememberMeProcessingFilter);
assertTrue(filters.next() instanceof AnonymousProcessingFilter); assertTrue(filters.next() instanceof AnonymousProcessingFilter);
assertTrue(filters.next() instanceof ExceptionTranslationFilter); assertTrue(filters.next() instanceof ExceptionTranslationFilter);
assertTrue(filters.next() instanceof SessionFixationProtectionFilter); assertTrue(filters.next() instanceof SessionFixationProtectionFilter);
Object fsiObj = filters.next(); Object fsiObj = filters.next();
assertTrue(fsiObj instanceof FilterSecurityInterceptor); assertTrue(fsiObj instanceof FilterSecurityInterceptor);
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) fsiObj; FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) fsiObj;
@ -185,34 +180,34 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http>" + "<http>" +
" <form-login login-page='noLeadingSlash'/>" + " <form-login login-page='noLeadingSlash'/>" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
} }
@Test(expected=BeanCreationException.class) @Test(expected=BeanCreationException.class)
public void invalidDefaultTargetUrlIsDetected() throws Exception { public void invalidDefaultTargetUrlIsDetected() throws Exception {
setContext( setContext(
"<http>" + "<http>" +
" <form-login default-target-url='noLeadingSlash'/>" + " <form-login default-target-url='noLeadingSlash'/>" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
} }
@Test(expected=BeanCreationException.class) @Test(expected=BeanCreationException.class)
public void invalidLogoutUrlIsDetected() throws Exception { public void invalidLogoutUrlIsDetected() throws Exception {
setContext( setContext(
"<http>" + "<http>" +
" <logout logout-url='noLeadingSlash'/>" + " <logout logout-url='noLeadingSlash'/>" +
" <form-login />" + " <form-login />" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
} }
@Test(expected=BeanCreationException.class) @Test(expected=BeanCreationException.class)
public void invalidLogoutSuccessUrlIsDetected() throws Exception { public void invalidLogoutSuccessUrlIsDetected() throws Exception {
setContext( setContext(
"<http>" + "<http>" +
" <logout logout-success-url='noLeadingSlash'/>" + " <logout logout-success-url='noLeadingSlash'/>" +
" <form-login />" + " <form-login />" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
} }
@Test @Test
public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSource() throws Exception { public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSource() throws Exception {
setContext( setContext(
@ -254,27 +249,27 @@ public class HttpSecurityBeanDefinitionParserTests {
public void oncePerRequestAttributeIsSupported() throws Exception { public void oncePerRequestAttributeIsSupported() throws Exception {
setContext("<http once-per-request='false'><http-basic /></http>" + AUTH_PROVIDER_XML); setContext("<http once-per-request='false'><http-basic /></http>" + AUTH_PROVIDER_XML);
List filters = getFilters("/someurl"); List filters = getFilters("/someurl");
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) filters.get(filters.size() - 1); FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) filters.get(filters.size() - 1);
assertFalse(fsi.isObserveOncePerRequest()); assertFalse(fsi.isObserveOncePerRequest());
} }
@Test @Test
public void accessDeniedPageAttributeIsSupported() throws Exception { public void accessDeniedPageAttributeIsSupported() throws Exception {
setContext("<http access-denied-page='/access-denied'><http-basic /></http>" + AUTH_PROVIDER_XML); setContext("<http access-denied-page='/access-denied'><http-basic /></http>" + AUTH_PROVIDER_XML);
List filters = getFilters("/someurl"); List filters = getFilters("/someurl");
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) filters.get(filters.size() - 3); ExceptionTranslationFilter etf = (ExceptionTranslationFilter) filters.get(filters.size() - 3);
assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage")); assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage"));
} }
@Test(expected=BeanDefinitionStoreException.class) @Test(expected=BeanDefinitionStoreException.class)
public void invalidAccessDeniedUrlIsDetected() throws Exception { public void invalidAccessDeniedUrlIsDetected() throws Exception {
setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>" + AUTH_PROVIDER_XML);
} }
@Test @Test
public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() throws Exception { public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() throws Exception {
setContext( setContext(
@ -313,21 +308,21 @@ public class HttpSecurityBeanDefinitionParserTests {
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter1' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" + "<b:bean id='userFilter1' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" + " <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'>" + "<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'>" +
" <custom-filter position='FIRST'/>" + " <custom-filter position='FIRST'/>" +
"</b:bean>" + "</b:bean>" +
"<b:bean id='userFilter3' class='org.springframework.security.util.MockFilter'/>" + "<b:bean id='userFilter3' class='org.springframework.security.util.MockFilter'/>" +
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>" "<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
); );
List filters = getFilters("/someurl"); List filters = getFilters("/someurl");
assertEquals(14, filters.size()); assertEquals(14, filters.size());
assertTrue(filters.get(0) instanceof MockFilter); assertTrue(filters.get(0) instanceof MockFilter);
assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter); assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter); assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
} }
@Test(expected=BeanCreationException.class) @Test(expected=BeanCreationException.class)
public void twoFiltersWithSameOrderAreRejected() { public void twoFiltersWithSameOrderAreRejected() {
setContext( setContext(
@ -346,7 +341,7 @@ public class HttpSecurityBeanDefinitionParserTests {
"<b:bean id='tokenRepo' " + "<b:bean id='tokenRepo' " +
"class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML); "class='org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl'/> " + AUTH_PROVIDER_XML);
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices); assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
} }
@ -360,11 +355,11 @@ public class HttpSecurityBeanDefinitionParserTests {
" <b:constructor-arg value='tokendb'/>" + " <b:constructor-arg value='tokendb'/>" +
"</b:bean>" + AUTH_PROVIDER_XML); "</b:bean>" + AUTH_PROVIDER_XML);
Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); Object rememberMeServices = appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices); assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
} }
@Test @Test
public void rememberMeServiceWorksWithExternalServicesImpl() throws Exception { public void rememberMeServiceWorksWithExternalServicesImpl() throws Exception {
setContext( setContext(
@ -377,11 +372,11 @@ public class HttpSecurityBeanDefinitionParserTests {
" <b:property name='tokenValiditySeconds' value='5000'/>" + " <b:property name='tokenValiditySeconds' value='5000'/>" +
"</b:bean>" + "</b:bean>" +
AUTH_PROVIDER_XML); AUTH_PROVIDER_XML);
assertEquals(5000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), assertEquals(5000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES),
"tokenValiditySeconds")); "tokenValiditySeconds"));
// SEC-909 // SEC-909
LogoutHandler[] logoutHandlers = (LogoutHandler[]) FieldUtils.getFieldValue(appContext.getBean(BeanIds.LOGOUT_FILTER), "handlers"); LogoutHandler[] logoutHandlers = (LogoutHandler[]) FieldUtils.getFieldValue(appContext.getBean(BeanIds.LOGOUT_FILTER), "handlers");
assertEquals(2, logoutHandlers.length); assertEquals(2, logoutHandlers.length);
assertEquals(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), logoutHandlers[1]); assertEquals(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), logoutHandlers[1]);
} }
@ -392,10 +387,10 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http auto-config='true'>" + "<http auto-config='true'>" +
" <remember-me key='ourkey' token-validity-seconds='10000' />" + " <remember-me key='ourkey' token-validity-seconds='10000' />" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
assertEquals(10000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), assertEquals(10000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES),
"tokenValiditySeconds")); "tokenValiditySeconds"));
} }
@Test @Test
public void rememberMeServiceConfigurationParsesWithCustomUserService() { public void rememberMeServiceConfigurationParsesWithCustomUserService() {
setContext( setContext(
@ -405,8 +400,8 @@ public class HttpSecurityBeanDefinitionParserTests {
"<b:bean id='userService' class='org.springframework.security.userdetails.MockUserDetailsService'/> " + "<b:bean id='userService' class='org.springframework.security.userdetails.MockUserDetailsService'/> " +
AUTH_PROVIDER_XML); AUTH_PROVIDER_XML);
// AbstractRememberMeServices rememberMeServices = (AbstractRememberMeServices) appContext.getBean(BeanIds.REMEMBER_ME_SERVICES); // AbstractRememberMeServices rememberMeServices = (AbstractRememberMeServices) appContext.getBean(BeanIds.REMEMBER_ME_SERVICES);
} }
@Test @Test
public void x509SupportAddsFilterAtExpectedPosition() throws Exception { public void x509SupportAddsFilterAtExpectedPosition() throws Exception {
setContext( setContext(
@ -425,11 +420,11 @@ public class HttpSecurityBeanDefinitionParserTests {
" <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" + " <concurrent-session-control session-registry-alias='seshRegistry' expired-url='/expired'/>" +
"</http>" + AUTH_PROVIDER_XML); "</http>" + AUTH_PROVIDER_XML);
List filters = getFilters("/someurl"); List filters = getFilters("/someurl");
assertTrue(filters.get(0) instanceof ConcurrentSessionFilter); assertTrue(filters.get(0) instanceof ConcurrentSessionFilter);
assertNotNull(appContext.getBean("seshRegistry")); assertNotNull(appContext.getBean("seshRegistry"));
assertNotNull(appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER)); assertNotNull(appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER));
} }
@Test @Test
public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception { public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception {
@ -441,12 +436,12 @@ public class HttpSecurityBeanDefinitionParserTests {
AUTH_PROVIDER_XML); AUTH_PROVIDER_XML);
Object sessionRegistry = appContext.getBean("seshRegistry"); Object sessionRegistry = appContext.getBean("seshRegistry");
Object sessionRegistryFromFilter = FieldUtils.getFieldValue( Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.CONCURRENT_SESSION_FILTER),"sessionRegistry"); appContext.getBean(BeanIds.CONCURRENT_SESSION_FILTER),"sessionRegistry");
Object sessionRegistryFromController = FieldUtils.getFieldValue( Object sessionRegistryFromController = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER),"sessionRegistry"); appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER),"sessionRegistry");
Object sessionRegistryFromFixationFilter = FieldUtils.getFieldValue( Object sessionRegistryFromFixationFilter = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER),"sessionRegistry"); appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER),"sessionRegistry");
assertSame(sessionRegistry, sessionRegistryFromFilter); assertSame(sessionRegistry, sessionRegistryFromFilter);
assertSame(sessionRegistry, sessionRegistryFromController); assertSame(sessionRegistry, sessionRegistryFromController);
assertSame(sessionRegistry, sessionRegistryFromFixationFilter); assertSame(sessionRegistry, sessionRegistryFromFixationFilter);
@ -478,8 +473,8 @@ public class HttpSecurityBeanDefinitionParserTests {
" </b:property>" + " </b:property>" +
"</b:bean>" + "</b:bean>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML); "<authentication-manager alias='authManager' session-controller-ref='sc'/>" + AUTH_PROVIDER_XML);
} }
@Test(expected=ConcurrentLoginException.class) @Test(expected=ConcurrentLoginException.class)
public void concurrentSessionMaxSessionsIsCorrectlyConfigured() throws Exception { public void concurrentSessionMaxSessionsIsCorrectlyConfigured() throws Exception {
setContext( setContext(
@ -493,16 +488,16 @@ public class HttpSecurityBeanDefinitionParserTests {
req.setSession(new MockHttpSession()); req.setSession(new MockHttpSession());
auth.setDetails(new WebAuthenticationDetails(req)); auth.setDetails(new WebAuthenticationDetails(req));
try { try {
seshController.checkAuthenticationAllowed(auth); seshController.checkAuthenticationAllowed(auth);
} catch (ConcurrentLoginException e) { } catch (ConcurrentLoginException e) {
fail("First login should be allowed"); fail("First login should be allowed");
} }
seshController.registerSuccessfulAuthentication(auth); seshController.registerSuccessfulAuthentication(auth);
req.setSession(new MockHttpSession()); req.setSession(new MockHttpSession());
try { try {
seshController.checkAuthenticationAllowed(auth); seshController.checkAuthenticationAllowed(auth);
} catch (ConcurrentLoginException e) { } catch (ConcurrentLoginException e) {
fail("Second login should be allowed"); fail("Second login should be allowed");
} }
auth.setDetails(new WebAuthenticationDetails(req)); auth.setDetails(new WebAuthenticationDetails(req));
seshController.registerSuccessfulAuthentication(auth); seshController.registerSuccessfulAuthentication(auth);
@ -519,10 +514,10 @@ public class HttpSecurityBeanDefinitionParserTests {
" <b:constructor-arg value='/customlogin'/>" + " <b:constructor-arg value='/customlogin'/>" +
"</b:bean>" + AUTH_PROVIDER_XML); "</b:bean>" + AUTH_PROVIDER_XML);
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(8); ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilters("/someurl").get(8);
assertTrue("ExceptionTranslationFilter should be configured with custom entry point", assertTrue("ExceptionTranslationFilter should be configured with custom entry point",
etf.getAuthenticationEntryPoint() instanceof MockAuthenticationEntryPoint); etf.getAuthenticationEntryPoint() instanceof MockAuthenticationEntryPoint);
} }
@Test @Test
/** SEC-742 */ /** SEC-742 */
public void rememberMeServicesWorksWithoutBasicProcessingFilter() { public void rememberMeServicesWorksWithoutBasicProcessingFilter() {
@ -543,7 +538,7 @@ public class HttpSecurityBeanDefinitionParserTests {
assertFalse(filters.get(1) instanceof SessionFixationProtectionFilter); assertFalse(filters.get(1) instanceof SessionFixationProtectionFilter);
} }
/** /**
* See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss * See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
* additional processing. In this method we have a UserDetailsService which is referenced from the namespace * additional processing. In this method we have a UserDetailsService which is referenced from the namespace
@ -562,18 +557,18 @@ public class HttpSecurityBeanDefinitionParserTests {
assertEquals("Hello from the post processor!", service.getPostProcessorWasHere()); assertEquals("Hello from the post processor!", service.getPostProcessorWasHere());
} }
/** /**
* SEC-795. Two methods that exercise the scenarios that will or won't result in a protected login page warning. * SEC-795. Two methods that exercise the scenarios that will or won't result in a protected login page warning.
* Check the log. * Check the log.
*/ */
@Test @Test
public void unprotectedLoginPageDoesntResultInWarning() { public void unprotectedLoginPageDoesntResultInWarning() {
// Anonymous access configured // Anonymous access configured
setContext( setContext(
" <http>" + " <http>" +
" <intercept-url pattern='/login.jsp*' access='IS_AUTHENTICATED_ANONYMOUSLY'/>" + " <intercept-url pattern='/login.jsp*' access='IS_AUTHENTICATED_ANONYMOUSLY'/>" +
" <intercept-url pattern='/**' access='ROLE_A'/>" + " <intercept-url pattern='/**' access='ROLE_A'/>" +
" <anonymous />" + " <anonymous />" +
" <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>" + " <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>" +
" </http>" + AUTH_PROVIDER_XML); " </http>" + AUTH_PROVIDER_XML);
@ -585,9 +580,9 @@ public class HttpSecurityBeanDefinitionParserTests {
" <intercept-url pattern='/**' access='ROLE_A'/>" + " <intercept-url pattern='/**' access='ROLE_A'/>" +
" <anonymous />" + " <anonymous />" +
" <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>" + " <form-login login-page='/login.jsp' default-target-url='/messageList.html'/>" +
" </http>" + AUTH_PROVIDER_XML); " </http>" + AUTH_PROVIDER_XML);
} }
@Test @Test
public void protectedLoginPageResultsInWarning() { public void protectedLoginPageResultsInWarning() {
// Protected, no anonymous filter configured. // Protected, no anonymous filter configured.
@ -610,16 +605,16 @@ public class HttpSecurityBeanDefinitionParserTests {
public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception { public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception {
setContext("<http auto-config='true' create-session='always'/>" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' create-session='always'/>" + AUTH_PROVIDER_XML);
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation")); assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation"));
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation")); assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation"));
} }
@Test @Test
public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception { public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception {
setContext("<http auto-config='true' create-session='never'/>" + AUTH_PROVIDER_XML); setContext("<http auto-config='true' create-session='never'/>" + AUTH_PROVIDER_XML);
assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation")); assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "forceEagerSessionCreation"));
assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation")); assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(appContext.getBean(BeanIds.HTTP_SESSION_CONTEXT_INTEGRATION_FILTER), "allowSessionCreation"));
} }
/* SEC-934 */ /* SEC-934 */
@Test @Test
public void supportsTwoIdenticalInterceptUrls() { public void supportsTwoIdenticalInterceptUrls() {
@ -635,7 +630,7 @@ public class HttpSecurityBeanDefinitionParserTests {
assertEquals(1, attrDef.getConfigAttributes().size()); assertEquals(1, attrDef.getConfigAttributes().size());
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B"))); assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
} }
private void setContext(String context) { private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context); appContext = new InMemoryXmlApplicationContext(context);
} }

35
core/src/test/java/org/springframework/security/config/SessionRegistryInjectionBeanPostProcessorTests.java
View File

@ -12,12 +12,13 @@ import org.springframework.security.util.FieldUtils;
import org.springframework.security.util.InMemoryXmlApplicationContext; import org.springframework.security.util.InMemoryXmlApplicationContext;
/** /**
* *
* @author Luke Taylor * @author Luke Taylor
* $Id$
*/ */
public class SessionRegistryInjectionBeanPostProcessorTests { public class SessionRegistryInjectionBeanPostProcessorTests {
private AbstractXmlApplicationContext appContext; private AbstractXmlApplicationContext appContext;
@After @After
public void closeAppContext() { public void closeAppContext() {
if (appContext != null) { if (appContext != null) {
@ -36,31 +37,31 @@ public class SessionRegistryInjectionBeanPostProcessorTests {
"<http auto-config='true'/>" + "<http auto-config='true'/>" +
"<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" + "<b:bean id='sc' class='org.springframework.security.concurrent.ConcurrentSessionControllerImpl'>" +
" <b:property name='sessionRegistry'>" + " <b:property name='sessionRegistry'>" +
" <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + " <b:bean class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
" </b:property>" + " </b:property>" +
"</b:bean>" + "</b:bean>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
HttpSecurityBeanDefinitionParserTests.AUTH_PROVIDER_XML); ConfigTestUtils.AUTH_PROVIDER_XML);
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry")); assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry")); assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry"));
} }
@Test @Test
public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithNonStandardController() throws Exception { public void sessionRegistryIsSetOnFiltersWhenUsingCustomControllerWithNonStandardController() throws Exception {
setContext( setContext(
"<http auto-config='true'/>" + "<http auto-config='true'/>" +
"<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" + "<b:bean id='sc' class='org.springframework.security.config.SessionRegistryInjectionBeanPostProcessorTests$MockConcurrentSessionController'/>" +
"<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" + "<b:bean id='sessionRegistry' class='org.springframework.security.concurrent.SessionRegistryImpl'/>" +
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" + "<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
HttpSecurityBeanDefinitionParserTests.AUTH_PROVIDER_XML); ConfigTestUtils.AUTH_PROVIDER_XML);
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry")); assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER), "sessionRegistry"));
assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry")); assertNotNull(FieldUtils.getFieldValue(appContext.getBean(BeanIds.FORM_LOGIN_FILTER), "sessionRegistry"));
} }
public static class MockConcurrentSessionController implements ConcurrentSessionController { public static class MockConcurrentSessionController implements ConcurrentSessionController {
public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException { public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException {
} }
public void registerSuccessfulAuthentication(Authentication authentication) { public void registerSuccessfulAuthentication(Authentication authentication) {
} }
} }
} }