Following a suggestion from Scott Evans, added support for EL in the authz tag

library: http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html * lib/spring/spring-mock.jar: Added Spring's 1.0.2 mock JAR. * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java: New tests to assert that the taglib recognizes and parses EL expressions. * src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java: Implemented AuthorizeTagExpressionLanguageTests by using Spring's ExpressionEvaluationUtils.
2004-07-23 01:24:55 +00:00 · 2004-07-23 01:24:55 +00:00 · 3d23119b56
parent e3ef88cb91
commit 3d23119b56
2 changed files with 107 additions and 16 deletions
--- a/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
+++ b/core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
@ -20,11 +20,12 @@ import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.context.SecureContext;

-import java.util.*;
-
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 import javax.servlet.jsp.tagext.TagSupport;
+import java.util.*;
+
+import org.springframework.web.util.ExpressionEvaluationUtils;


 /**
@ -43,7 +44,7 @@ public class AuthorizeTag extends TagSupport {

    //~ Methods ================================================================

-    public void setIfAllGranted(String ifAllGranted) {
+    public void setIfAllGranted(String ifAllGranted) throws JspException {
        this.ifAllGranted = ifAllGranted;
    }

@ -51,7 +52,7 @@ public class AuthorizeTag extends TagSupport {
        return ifAllGranted;
    }

-    public void setIfAnyGranted(String ifAnyGranted) {
+    public void setIfAnyGranted(String ifAnyGranted) throws JspException {
        this.ifAnyGranted = ifAnyGranted;
    }

@ -59,7 +60,7 @@ public class AuthorizeTag extends TagSupport {
        return ifAnyGranted;
    }

-    public void setIfNotGranted(String ifNotGranted) {
+    public void setIfNotGranted(String ifNotGranted) throws JspException {
        this.ifNotGranted = ifNotGranted;
    }

@ -69,31 +70,43 @@ public class AuthorizeTag extends TagSupport {

    public int doStartTag() throws JspException {
        if (((null == ifAllGranted) || "".equals(ifAllGranted))
-            && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
-            && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
+                && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
+                && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
            return Tag.SKIP_BODY;
        }

        final Collection granted = getPrincipalAuthorities();

-        if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
-            Set grantedCopy = retainAll(granted,
-                    parseAuthoritiesString(ifNotGranted));
+        final String evaledIfNotGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifNotGranted", ifNotGranted, pageContext);
+        if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
+            Set grantedCopy = retainAll(
+                    granted,
+                    parseAuthoritiesString(evaledIfNotGranted));

            if (!grantedCopy.isEmpty()) {
                return Tag.SKIP_BODY;
            }
        }

-        if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
-            if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
+        final String evaledIfAllGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifAllGranted", ifAllGranted, pageContext);
+        if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
+            if (!granted.containsAll(
+                    parseAuthoritiesString(evaledIfAllGranted))) {
                return Tag.SKIP_BODY;
            }
        }

-        if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
-            Set grantedCopy = retainAll(granted,
-                    parseAuthoritiesString(ifAnyGranted));
+        final String evaledIfAnyGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifAnyGranted", ifAnyGranted, pageContext);
+        if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
+            Set grantedCopy = retainAll(
+                    granted,
+                    parseAuthoritiesString(evaledIfAnyGranted));

            if (grantedCopy.isEmpty()) {
                return Tag.SKIP_BODY;
@ -135,7 +148,7 @@ public class AuthorizeTag extends TagSupport {
    }

    private Set retainAll(final Collection granted,
-        final Set requiredAuthorities) {
+                          final Set requiredAuthorities) {
        Set grantedCopy = new HashSet(granted);
        grantedCopy.retainAll(requiredAuthorities);

--- a/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java
+++ b/core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java
@ -0,0 +1,78 @@
+package net.sf.acegisecurity.taglibs.authz;
+
+import junit.framework.TestCase;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.SecureContextImpl;
+import net.sf.acegisecurity.providers.TestingAuthenticationToken;
+import org.springframework.mock.web.MockPageContext;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.Tag;
+
+/**
+ * Test case to implement commons-el expression language expansion.
+ */
+public class AuthorizeTagExpressionLanguageTests extends TestCase {
+    //~ Instance fields ========================================================
+
+    private final AuthorizeTag authorizeTag = new AuthorizeTag();
+    private SecureContextImpl context;
+    private TestingAuthenticationToken currentUser;
+    private MockPageContext pageContext;
+
+    //~ Methods ================================================================
+
+    public void testAllGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfAllGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
+    }
+
+    public void testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfAnyGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
+    }
+
+    public void testNotGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfNotGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.SKIP_BODY, authorizeTag.doStartTag());
+    }
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        pageContext = new MockPageContext();
+        authorizeTag.setPageContext(pageContext);
+
+        currentUser = new TestingAuthenticationToken(
+                "abc", "123",
+                new GrantedAuthority[]{
+                    new GrantedAuthorityImpl("ROLE_TELLER"),
+                });
+
+        context = new SecureContextImpl();
+        context.setAuthentication(currentUser);
+
+        ContextHolder.setContext(context);
+    }
+
+    protected void tearDown() throws Exception {
+        ContextHolder.setContext(null);
+    }
+}