Following a suggestion from Scott Evans, added support for EL in the authz tag

library: http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html * lib/spring/spring-mock.jar: Added Spring's 1.0.2 mock JAR. * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java: New tests to assert that the taglib recognizes and parses EL expressions. * src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java: Implemented AuthorizeTagExpressionLanguageTests by using Spring's ExpressionEvaluationUtils.
2004-07-23 01:24:55 +00:00 · 2004-07-23 01:24:55 +00:00 · 3d23119b56
parent e3ef88cb91
commit 3d23119b56
2 changed files with 107 additions and 16 deletions
--- a/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
+++ b/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
@ -20,11 +20,12 @@ import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.context.SecureContext;
 import java.util.*;
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 import javax.servlet.jsp.tagext.TagSupport;
 import java.util.*;
 import org.springframework.web.util.ExpressionEvaluationUtils;
 /**
@ -43,7 +44,7 @@ public class AuthorizeTag extends TagSupport {
    //~ Methods ================================================================
-    public void setIfAllGranted(String ifAllGranted) {
+    public void setIfAllGranted(String ifAllGranted) throws JspException {
        this.ifAllGranted = ifAllGranted;
    }
@ -51,7 +52,7 @@ public class AuthorizeTag extends TagSupport {
        return ifAllGranted;
    }
-    public void setIfAnyGranted(String ifAnyGranted) {
+    public void setIfAnyGranted(String ifAnyGranted) throws JspException {
        this.ifAnyGranted = ifAnyGranted;
    }
@ -59,7 +60,7 @@ public class AuthorizeTag extends TagSupport {
        return ifAnyGranted;
    }
-    public void setIfNotGranted(String ifNotGranted) {
+    public void setIfNotGranted(String ifNotGranted) throws JspException {
        this.ifNotGranted = ifNotGranted;
    }
@ -69,31 +70,43 @@ public class AuthorizeTag extends TagSupport {
    public int doStartTag() throws JspException {
        if (((null == ifAllGranted) || "".equals(ifAllGranted))
-            && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
+                && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
-            && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
+                && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
            return Tag.SKIP_BODY;
        }
        final Collection granted = getPrincipalAuthorities();
-        if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
+        final String evaledIfNotGranted =
-            Set grantedCopy = retainAll(granted,
+                ExpressionEvaluationUtils.evaluateString(
-                    parseAuthoritiesString(ifNotGranted));
+                        "ifNotGranted", ifNotGranted, pageContext);
        if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
            Set grantedCopy = retainAll(
                    granted,
                    parseAuthoritiesString(evaledIfNotGranted));
            if (!grantedCopy.isEmpty()) {
                return Tag.SKIP_BODY;
            }
        }
-        if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
+        final String evaledIfAllGranted =
-            if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
+                ExpressionEvaluationUtils.evaluateString(
                        "ifAllGranted", ifAllGranted, pageContext);
        if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
            if (!granted.containsAll(
                    parseAuthoritiesString(evaledIfAllGranted))) {
                return Tag.SKIP_BODY;
            }
        }
-        if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
+        final String evaledIfAnyGranted =
-            Set grantedCopy = retainAll(granted,
+                ExpressionEvaluationUtils.evaluateString(
-                    parseAuthoritiesString(ifAnyGranted));
+                        "ifAnyGranted", ifAnyGranted, pageContext);
        if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
            Set grantedCopy = retainAll(
                    granted,
                    parseAuthoritiesString(evaledIfAnyGranted));
            if (grantedCopy.isEmpty()) {
                return Tag.SKIP_BODY;
@ -135,7 +148,7 @@ public class AuthorizeTag extends TagSupport {
    }
    private Set retainAll(final Collection granted,
-        final Set requiredAuthorities) {
+                          final Set requiredAuthorities) {
        Set grantedCopy = new HashSet(granted);
        grantedCopy.retainAll(requiredAuthorities);
--- a/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java
+++ b/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java
@ -0,0 +1,78 @@
 package net.sf.acegisecurity.taglibs.authz;
 import junit.framework.TestCase;
 import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.context.SecureContextImpl;
 import net.sf.acegisecurity.providers.TestingAuthenticationToken;
 import org.springframework.mock.web.MockPageContext;
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 /**
 * Test case to implement commons-el expression language expansion.
 */
 public class AuthorizeTagExpressionLanguageTests extends TestCase {
    //~ Instance fields ========================================================
    private final AuthorizeTag authorizeTag = new AuthorizeTag();
    private SecureContextImpl context;
    private TestingAuthenticationToken currentUser;
    private MockPageContext pageContext;
    //~ Methods ================================================================
    public void testAllGrantedUsesExpressionLanguageWhenExpressionIsEL()
            throws JspException {
        pageContext.setAttribute("authority", "ROLE_TELLER");
        authorizeTag.setIfAllGranted("${authority}");
        assertEquals(
                "allows body - authority var contains ROLE_TELLER",
                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
    }
    public void testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL()
            throws JspException {
        pageContext.setAttribute("authority", "ROLE_TELLER");
        authorizeTag.setIfAnyGranted("${authority}");
        assertEquals(
                "allows body - authority var contains ROLE_TELLER",
                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
    }
    public void testNotGrantedUsesExpressionLanguageWhenExpressionIsEL()
            throws JspException {
        pageContext.setAttribute("authority", "ROLE_TELLER");
        authorizeTag.setIfNotGranted("${authority}");
        assertEquals(
                "allows body - authority var contains ROLE_TELLER",
                Tag.SKIP_BODY, authorizeTag.doStartTag());
    }
    protected void setUp() throws Exception {
        super.setUp();
        pageContext = new MockPageContext();
        authorizeTag.setPageContext(pageContext);
        currentUser = new TestingAuthenticationToken(
                "abc", "123",
                new GrantedAuthority[]{
                    new GrantedAuthorityImpl("ROLE_TELLER"),
                });
        context = new SecureContextImpl();
        context.setAuthentication(currentUser);
        ContextHolder.setContext(context);
    }
    protected void tearDown() throws Exception {
        ContextHolder.setContext(null);
    }
 }