Following a suggestion from Scott Evans, added support for EL in the authz tag

library:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html

* lib/spring/spring-mock.jar:
  Added Spring's 1.0.2 mock JAR.

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java:
  New tests to assert that the taglib recognizes and parses EL expressions.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  Implemented AuthorizeTagExpressionLanguageTests by using Spring's
  ExpressionEvaluationUtils.
This commit is contained in:
Francois Beausoleil 2004-07-23 01:24:55 +00:00
parent e3ef88cb91
commit 3d23119b56
2 changed files with 107 additions and 16 deletions

View File

@ -20,11 +20,12 @@ import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import java.util.*;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import java.util.*;
import org.springframework.web.util.ExpressionEvaluationUtils;
/**
@ -43,7 +44,7 @@ public class AuthorizeTag extends TagSupport {
//~ Methods ================================================================
public void setIfAllGranted(String ifAllGranted) {
public void setIfAllGranted(String ifAllGranted) throws JspException {
this.ifAllGranted = ifAllGranted;
}
@ -51,7 +52,7 @@ public class AuthorizeTag extends TagSupport {
return ifAllGranted;
}
public void setIfAnyGranted(String ifAnyGranted) {
public void setIfAnyGranted(String ifAnyGranted) throws JspException {
this.ifAnyGranted = ifAnyGranted;
}
@ -59,7 +60,7 @@ public class AuthorizeTag extends TagSupport {
return ifAnyGranted;
}
public void setIfNotGranted(String ifNotGranted) {
public void setIfNotGranted(String ifNotGranted) throws JspException {
this.ifNotGranted = ifNotGranted;
}
@ -76,24 +77,36 @@ public class AuthorizeTag extends TagSupport {
final Collection granted = getPrincipalAuthorities();
if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
Set grantedCopy = retainAll(granted,
parseAuthoritiesString(ifNotGranted));
final String evaledIfNotGranted =
ExpressionEvaluationUtils.evaluateString(
"ifNotGranted", ifNotGranted, pageContext);
if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
Set grantedCopy = retainAll(
granted,
parseAuthoritiesString(evaledIfNotGranted));
if (!grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;
}
}
if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
final String evaledIfAllGranted =
ExpressionEvaluationUtils.evaluateString(
"ifAllGranted", ifAllGranted, pageContext);
if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
if (!granted.containsAll(
parseAuthoritiesString(evaledIfAllGranted))) {
return Tag.SKIP_BODY;
}
}
if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
Set grantedCopy = retainAll(granted,
parseAuthoritiesString(ifAnyGranted));
final String evaledIfAnyGranted =
ExpressionEvaluationUtils.evaluateString(
"ifAnyGranted", ifAnyGranted, pageContext);
if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
Set grantedCopy = retainAll(
granted,
parseAuthoritiesString(evaledIfAnyGranted));
if (grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;

View File

@ -0,0 +1,78 @@
package net.sf.acegisecurity.taglibs.authz;
import junit.framework.TestCase;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.mock.web.MockPageContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
/**
* Test case to implement commons-el expression language expansion.
*/
public class AuthorizeTagExpressionLanguageTests extends TestCase {
//~ Instance fields ========================================================
private final AuthorizeTag authorizeTag = new AuthorizeTag();
private SecureContextImpl context;
private TestingAuthenticationToken currentUser;
private MockPageContext pageContext;
//~ Methods ================================================================
public void testAllGrantedUsesExpressionLanguageWhenExpressionIsEL()
throws JspException {
pageContext.setAttribute("authority", "ROLE_TELLER");
authorizeTag.setIfAllGranted("${authority}");
assertEquals(
"allows body - authority var contains ROLE_TELLER",
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
}
public void testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL()
throws JspException {
pageContext.setAttribute("authority", "ROLE_TELLER");
authorizeTag.setIfAnyGranted("${authority}");
assertEquals(
"allows body - authority var contains ROLE_TELLER",
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
}
public void testNotGrantedUsesExpressionLanguageWhenExpressionIsEL()
throws JspException {
pageContext.setAttribute("authority", "ROLE_TELLER");
authorizeTag.setIfNotGranted("${authority}");
assertEquals(
"allows body - authority var contains ROLE_TELLER",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
protected void setUp() throws Exception {
super.setUp();
pageContext = new MockPageContext();
authorizeTag.setPageContext(pageContext);
currentUser = new TestingAuthenticationToken(
"abc", "123",
new GrantedAuthority[]{
new GrantedAuthorityImpl("ROLE_TELLER"),
});
context = new SecureContextImpl();
context.setAuthentication(currentUser);
ContextHolder.setContext(context);
}
protected void tearDown() throws Exception {
ContextHolder.setContext(null);
}
}