Expand test coverage. Clover via Maven (without excluding appropriate patterns like *Exception and debug messages) has modified coverage from 77.2% to 95%.

This commit is contained in:
Ben Alex 2004-12-03 06:46:41 +00:00
parent 88fbac9755
commit 41b41ba316
44 changed files with 3939 additions and 74 deletions

View File

@ -24,6 +24,8 @@ package net.sf.acegisecurity;
public interface ITargetObject {
//~ Methods ================================================================
public Integer computeHashCode(String input);
public int countLength(String input);
public String makeLowerCase(String input);

View File

@ -0,0 +1,66 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity;
import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager;
/**
* Returns the indicated collection of <code>AclEntry</code>s when the given
* <code>Authentication</code> principal is presented for the indicated domain
* <code>Object</code> instance.
*
* @author Ben Alex
* @version $Id$
*/
public class MockAclManager implements AclManager {
//~ Instance fields ========================================================
private Object object;
private Object principal;
private AclEntry[] acls;
//~ Constructors ===========================================================
public MockAclManager(Object domainObject, Object principal, AclEntry[] acls) {
this.object = domainObject;
this.principal = principal;
this.acls = acls;
}
private MockAclManager() {}
//~ Methods ================================================================
public AclEntry[] getAcls(Object domainInstance,
Authentication authentication) {
if (domainInstance.equals(object)
&& authentication.getPrincipal().equals(principal)) {
return acls;
} else {
return null;
}
}
public AclEntry[] getAcls(Object domainInstance) {
if (domainInstance.equals(object)) {
return acls;
} else {
return null;
}
}
}

View File

@ -0,0 +1,60 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity;
import java.util.Iterator;
/**
* If there is a configuration attribute of "AFTER_INVOCATION_MOCK", modifies
* the return value to null.
*
* @author Ben Alex
* @version $Id$
*/
public class MockAfterInvocationManager implements AfterInvocationManager {
//~ Methods ================================================================
public Object decide(Authentication authentication, Object object,
ConfigAttributeDefinition config, Object returnedObject)
throws AccessDeniedException {
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
if (this.supports(attr)) {
return null;
}
}
// this "after invocation" hasn't got a config attribute asking
// for this mock to modify the returned object
return returnedObject;
}
public boolean supports(ConfigAttribute attribute) {
if (attribute.getAttribute().equals("AFTER_INVOCATION_MOCK")) {
return true;
} else {
return false;
}
}
public boolean supports(Class clazz) {
return true;
}
}

View File

@ -0,0 +1,36 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Simply returns an <code>ApplicationContext</code> which has a couple of
* <code>ApplicationEvent</code> listeners.
*
* @author Ben Alex
* @version $Id$
*/
public class MockApplicationContext {
//~ Methods ================================================================
public static ConfigurableApplicationContext getContext() {
return new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/applicationContext.xml");
}
}

View File

@ -0,0 +1,162 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.reflect.CodeSignature;
import org.aspectj.lang.reflect.SourceLocation;
import java.lang.reflect.Method;
/**
* A mock AspectJ <code>JoinPoint</code>.
*
* @author Ben Alex
* @version $Id$
*/
public class MockJoinPoint implements JoinPoint {
//~ Instance fields ========================================================
private Method beingInvoked;
private Object object;
//~ Constructors ===========================================================
public MockJoinPoint(Object object, Method beingInvoked) {
this.object = object;
this.beingInvoked = beingInvoked;
}
private MockJoinPoint() {}
//~ Methods ================================================================
public Object[] getArgs() {
throw new UnsupportedOperationException("mock not implemented");
}
public String getKind() {
throw new UnsupportedOperationException("mock not implemented");
}
public Signature getSignature() {
throw new UnsupportedOperationException("mock not implemented");
}
public SourceLocation getSourceLocation() {
throw new UnsupportedOperationException("mock not implemented");
}
public StaticPart getStaticPart() {
return new MockStaticPart(beingInvoked);
}
public Object getTarget() {
return object;
}
public Object getThis() {
throw new UnsupportedOperationException("mock not implemented");
}
public String toLongString() {
throw new UnsupportedOperationException("mock not implemented");
}
public String toShortString() {
throw new UnsupportedOperationException("mock not implemented");
}
//~ Inner Classes ==========================================================
private class MockCodeSignature implements CodeSignature {
private Method beingInvoked;
public MockCodeSignature(Method beingInvoked) {
this.beingInvoked = beingInvoked;
}
private MockCodeSignature() {}
public Class getDeclaringType() {
throw new UnsupportedOperationException("mock not implemented");
}
public String getDeclaringTypeName() {
throw new UnsupportedOperationException("mock not implemented");
}
public Class[] getExceptionTypes() {
throw new UnsupportedOperationException("mock not implemented");
}
public int getModifiers() {
throw new UnsupportedOperationException("mock not implemented");
}
public String getName() {
return beingInvoked.getName();
}
public String[] getParameterNames() {
throw new UnsupportedOperationException("mock not implemented");
}
public Class[] getParameterTypes() {
return beingInvoked.getParameterTypes();
}
public String toLongString() {
throw new UnsupportedOperationException("mock not implemented");
}
public String toShortString() {
throw new UnsupportedOperationException("mock not implemented");
}
}
private class MockStaticPart implements StaticPart {
private Method beingInvoked;
public MockStaticPart(Method beingInvoked) {
this.beingInvoked = beingInvoked;
}
private MockStaticPart() {}
public String getKind() {
throw new UnsupportedOperationException("mock not implemented");
}
public Signature getSignature() {
return new MockCodeSignature(beingInvoked);
}
public SourceLocation getSourceLocation() {
throw new UnsupportedOperationException("mock not implemented");
}
public String toLongString() {
throw new UnsupportedOperationException("mock not implemented");
}
public String toShortString() {
throw new UnsupportedOperationException("mock not implemented");
}
}
}

View File

@ -22,20 +22,34 @@ import java.lang.reflect.Method;
/**
* DOCUMENT ME!
* Represents the AOP Alliance <code>MethodInvocation</code> secure object.
*
* @author Ben Alex
* @version $Id$
*/
public class MockMethodInvocation implements MethodInvocation {
//~ Instance fields ========================================================
private Method method;
private Object[] arguments;
//~ Constructors ===========================================================
public MockMethodInvocation(Method method, Object[] arguments) {
this.method = method;
this.arguments = arguments;
}
public MockMethodInvocation() {}
//~ Methods ================================================================
public Object[] getArguments() {
throw new UnsupportedOperationException("mock method not implemented");
return arguments;
}
public Method getMethod() {
throw new UnsupportedOperationException("mock method not implemented");
return method;
}
public AccessibleObject getStaticPart() {

View File

@ -47,7 +47,7 @@ public class MockRunAsManager implements RunAsManager {
}
public boolean supports(ConfigAttribute attribute) {
if ("RUN_AS".equals(attribute.getAttribute())) {
if (attribute.getAttribute().startsWith("RUN_AS")) {
return true;
} else {
return false;

View File

@ -29,6 +29,10 @@ import net.sf.acegisecurity.context.SecureContext;
public class TargetObject implements ITargetObject {
//~ Methods ================================================================
public Integer computeHashCode(String input) {
return new Integer(input.hashCode());
}
public int countLength(String input) {
return input.length();
}

View File

@ -292,6 +292,11 @@ public class BasicAclProviderTests extends TestCase {
assertFalse(provider.supports(new MockDomain(4)));
}
public void testSupportsReturnsNullIfObjectNull() {
BasicAclProvider provider = new BasicAclProvider();
assertFalse(provider.supports(new Integer(34)));
}
private JdbcDaoImpl makePopulatedJdbcDao() throws Exception {
JdbcDaoImpl dao = new JdbcDaoImpl();
dao.setDataSource(PopulatedDatabase.getDataSource());

View File

@ -82,6 +82,10 @@ public class SimpleAclEntryTests extends TestCase {
assertFalse(acl.isPermitted(SimpleAclEntry.ADMINISTRATION));
acl.togglePermission(SimpleAclEntry.CREATE);
assertFalse(acl.isPermitted(SimpleAclEntry.CREATE));
acl.togglePermission(SimpleAclEntry.DELETE);
assertTrue(acl.isPermitted(SimpleAclEntry.DELETE));
assertEquals("----D", acl.printPermissionsBlock());
}
public void testDetectsNullOnMainConstructor() {

View File

@ -0,0 +1,336 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.acl.basic.jdbc;
import junit.framework.TestCase;
import net.sf.acegisecurity.PopulatedDatabase;
import net.sf.acegisecurity.acl.basic.AclObjectIdentity;
import net.sf.acegisecurity.acl.basic.BasicAclEntry;
import net.sf.acegisecurity.acl.basic.NamedEntityObjectIdentity;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.jdbc.object.MappingSqlQuery;
import java.sql.ResultSet;
import java.sql.SQLException;
/**
* Tests {@link JdbcExtendedDaoImpl}.
*
* @author Ben Alex
* @version $Id$
*/
public class JdbcExtendedDaoImplTests extends TestCase {
//~ Static fields/initializers =============================================
public static final String OBJECT_IDENTITY = "net.sf.acegisecurity.acl.DomainObject";
//~ Constructors ===========================================================
public JdbcExtendedDaoImplTests() {
super();
}
public JdbcExtendedDaoImplTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(JdbcExtendedDaoImplTests.class);
}
public void testChangeMask() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"204");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"1");
// Create a BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl1 = new SimpleAclEntry("marissa", identity,
parentIdentity, SimpleAclEntry.CREATE);
dao.create(simpleAcl1);
// Create another BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl2 = new SimpleAclEntry("scott", identity,
parentIdentity, SimpleAclEntry.READ);
dao.create(simpleAcl2);
// Check creation was successful
BasicAclEntry[] acls = dao.getAcls(identity);
assertEquals(2, acls.length);
assertEquals(SimpleAclEntry.CREATE, acls[0].getMask());
assertEquals(SimpleAclEntry.READ, acls[1].getMask());
// Attempt to change mask
dao.changeMask(identity, "marissa",
new Integer(SimpleAclEntry.ADMINISTRATION));
dao.changeMask(identity, "scott", new Integer(SimpleAclEntry.NOTHING));
acls = dao.getAcls(identity);
assertEquals(2, acls.length);
assertEquals("marissa", acls[0].getRecipient());
assertEquals(SimpleAclEntry.ADMINISTRATION, acls[0].getMask());
assertEquals("scott", acls[1].getRecipient());
assertEquals(SimpleAclEntry.NOTHING, acls[1].getMask());
}
public void testChangeMaskThrowsExceptionWhenExistingRecordNotFound()
throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"205");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"1");
// Create at least one record for this AclObjectIdentity
SimpleAclEntry simpleAcl1 = new SimpleAclEntry("marissa", identity,
parentIdentity, SimpleAclEntry.CREATE);
dao.create(simpleAcl1);
// Attempt to change mask, but for a recipient we don't have
try {
dao.changeMask(identity, "scott",
new Integer(SimpleAclEntry.ADMINISTRATION));
fail("Should have thrown DataRetrievalFailureException");
} catch (DataRetrievalFailureException expected) {
assertTrue(true);
}
}
public void testConvertAclObjectIdentity() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
try {
dao.convertAclObjectIdentityToString(new AclObjectIdentity() {
// not a NamedEntityObjectIdentity
});
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testCreationOfIdentityThenAclInSeparateInvocations()
throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"206");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"1");
// Create just the object identity (NB: recipient and mask is null)
SimpleAclEntry simpleAcl1 = new SimpleAclEntry();
simpleAcl1.setAclObjectIdentity(identity);
simpleAcl1.setAclObjectParentIdentity(parentIdentity);
dao.create(simpleAcl1);
// Delete it
dao.delete(identity);
}
public void testDeletionOfAllRecipients() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"203");
// Create a BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl1 = new SimpleAclEntry("marissa", identity,
null, SimpleAclEntry.CREATE);
dao.create(simpleAcl1);
// Create another BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl2 = new SimpleAclEntry("scott", identity, null,
SimpleAclEntry.READ);
dao.create(simpleAcl2);
// Check creation was successful
BasicAclEntry[] acls = dao.getAcls(identity);
assertEquals(2, acls.length);
// Attempt deletion and check delete successful
dao.delete(identity);
assertNull(dao.getAcls(identity));
}
public void testDeletionOfSpecificRecipient() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"202");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"1");
// Create a BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl1 = new SimpleAclEntry("marissa", identity,
parentIdentity, SimpleAclEntry.CREATE);
dao.create(simpleAcl1);
// Create another BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl2 = new SimpleAclEntry("scott", identity,
parentIdentity, SimpleAclEntry.READ);
dao.create(simpleAcl2);
// Check creation was successful
BasicAclEntry[] acls = dao.getAcls(identity);
assertEquals(2, acls.length);
// Attempt deletion and check delete successful
dao.delete(identity, "scott");
acls = dao.getAcls(identity);
assertEquals(1, acls.length);
assertEquals(simpleAcl1.getRecipient(), acls[0].getRecipient());
}
public void testGettersSetters() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
assertNotNull(dao.getAclObjectIdentityDelete());
dao.setAclObjectIdentityDelete(null);
assertNull(dao.getAclObjectIdentityDelete());
assertNotNull(dao.getAclObjectIdentityInsert());
dao.setAclObjectIdentityInsert(null);
assertNull(dao.getAclObjectIdentityInsert());
assertNotNull(dao.getAclPermissionDelete());
dao.setAclPermissionDelete(null);
assertNull(dao.getAclPermissionDelete());
assertNotNull(dao.getAclPermissionInsert());
dao.setAclPermissionInsert(null);
assertNull(dao.getAclPermissionInsert());
assertNotNull(dao.getAclPermissionUpdate());
dao.setAclPermissionUpdate(null);
assertNull(dao.getAclPermissionUpdate());
assertNotNull(dao.getAclsByObjectIdentity());
dao.setAclsByObjectIdentity(null);
assertNull(dao.getAclsByObjectIdentity());
assertNotNull(dao.getLookupPermissionIdMapping());
dao.setLookupPermissionIdMapping(null);
assertNull(dao.getLookupPermissionIdMapping());
assertNotNull(dao.getAclObjectIdentityDeleteStatement());
dao.setAclObjectIdentityDeleteStatement("SELECT ...");
assertEquals("SELECT ...", dao.getAclObjectIdentityDeleteStatement());
assertNotNull(dao.getAclObjectIdentityInsertStatement());
dao.setAclObjectIdentityInsertStatement("SELECT ...");
assertEquals("SELECT ...", dao.getAclObjectIdentityInsertStatement());
assertNotNull(dao.getAclPermissionDeleteStatement());
dao.setAclPermissionDeleteStatement("SELECT ...");
assertEquals("SELECT ...", dao.getAclPermissionDeleteStatement());
assertNotNull(dao.getAclPermissionInsertStatement());
dao.setAclPermissionInsertStatement("SELECT ...");
assertEquals("SELECT ...", dao.getAclPermissionInsertStatement());
assertNotNull(dao.getAclPermissionUpdateStatement());
dao.setAclPermissionUpdateStatement("SELECT ...");
assertEquals("SELECT ...", dao.getAclPermissionUpdateStatement());
assertNotNull(dao.getAclsByObjectIdentityQuery());
dao.setAclsByObjectIdentityQuery("SELECT ...");
assertEquals("SELECT ...", dao.getAclsByObjectIdentityQuery());
assertNotNull(dao.getLookupPermissionIdQuery());
dao.setLookupPermissionIdQuery("SELECT ...");
assertEquals("SELECT ...", dao.getLookupPermissionIdQuery());
}
public void testNormalCreationAndDuplicateDetection()
throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"200");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"1");
// Create a BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl1 = new SimpleAclEntry("marissa", identity,
parentIdentity, SimpleAclEntry.CREATE);
dao.create(simpleAcl1);
// Create another BasicAclEntry for this AclObjectIdentity
SimpleAclEntry simpleAcl2 = new SimpleAclEntry("scott", identity,
parentIdentity, SimpleAclEntry.READ);
dao.create(simpleAcl2);
// Check creation was successful
BasicAclEntry[] acls = dao.getAcls(identity);
assertEquals(2, acls.length);
assertEquals(simpleAcl1.getRecipient(), acls[0].getRecipient());
assertEquals(simpleAcl1.getMask(), acls[0].getMask());
assertEquals(simpleAcl2.getRecipient(), acls[1].getRecipient());
assertEquals(simpleAcl2.getMask(), acls[1].getMask());
// Check it rejects an attempt to create another identical entry
try {
dao.create(simpleAcl1);
fail("Should have thrown DataIntegrityViolationException");
} catch (DataIntegrityViolationException expected) {
assertTrue(true);
}
}
public void testRejectsInvalidParent() throws Exception {
JdbcExtendedDaoImpl dao = makePopulatedJdbcDao();
AclObjectIdentity identity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"201");
AclObjectIdentity parentIdentity = new NamedEntityObjectIdentity(OBJECT_IDENTITY,
"987987987987986");
SimpleAclEntry simpleAcl = new SimpleAclEntry("marissa", identity,
parentIdentity, SimpleAclEntry.CREATE);
try {
dao.create(simpleAcl);
fail("Should have thrown DataRetrievalFailureException");
} catch (DataRetrievalFailureException expected) {
assertTrue(true);
}
}
private JdbcExtendedDaoImpl makePopulatedJdbcDao()
throws Exception {
JdbcExtendedDaoImpl dao = new JdbcExtendedDaoImpl();
dao.setDataSource(PopulatedDatabase.getDataSource());
dao.afterPropertiesSet();
return dao;
}
//~ Inner Classes ==========================================================
private class MockMappingSqlQuery extends MappingSqlQuery {
protected Object mapRow(ResultSet arg0, int arg1)
throws SQLException {
return null;
}
}
}

View File

@ -0,0 +1,223 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.afterinvocation;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.intercept.web.FilterInvocation;
import org.aopalliance.intercept.MethodInvocation;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link AfterInvocationProviderManager}.
*
* @author Ben Alex
* @version $Id$
*/
public class AfterInvocationProviderManagerTests extends TestCase {
//~ Constructors ===========================================================
public AfterInvocationProviderManagerTests() {
super();
}
public AfterInvocationProviderManagerTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AfterInvocationProviderManagerTests.class);
}
public void testCorrectOperation() throws Exception {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
list.add(new MockAfterInvocationProvider("swap1",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
list.add(new MockAfterInvocationProvider("swap2",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
list.add(new MockAfterInvocationProvider("swap3",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
manager.setProviders(list);
assertEquals(list, manager.getProviders());
manager.afterPropertiesSet();
ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition();
attr1.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP1"));
ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition();
attr2.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP2"));
ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition();
attr3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP3"));
ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition();
attr2and3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP2"));
attr2and3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP3"));
ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition();
attr4.addConfigAttribute(new SecurityConfig("NEVER_CAUSES_SWAP"));
assertEquals("swap1",
manager.decide(null, new MockMethodInvocation(), attr1,
"content-before-swapping"));
assertEquals("swap2",
manager.decide(null, new MockMethodInvocation(), attr2,
"content-before-swapping"));
assertEquals("swap3",
manager.decide(null, new MockMethodInvocation(), attr3,
"content-before-swapping"));
assertEquals("content-before-swapping",
manager.decide(null, new MockMethodInvocation(), attr4,
"content-before-swapping"));
assertEquals("swap3",
manager.decide(null, new MockMethodInvocation(), attr2and3,
"content-before-swapping"));
}
public void testRejectsEmptyProvidersList() {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
try {
manager.setProviders(list);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testRejectsNonAfterInvocationProviders() {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
list.add(new MockAfterInvocationProvider("swap1",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
list.add(new Integer(45));
list.add(new MockAfterInvocationProvider("swap3",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
try {
manager.setProviders(list);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testRejectsNullProvidersList() throws Exception {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
try {
manager.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testSupportsConfigAttributeIteration()
throws Exception {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
list.add(new MockAfterInvocationProvider("swap1",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
list.add(new MockAfterInvocationProvider("swap2",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
list.add(new MockAfterInvocationProvider("swap3",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
manager.setProviders(list);
manager.afterPropertiesSet();
assertFalse(manager.supports(new SecurityConfig("UNKNOWN_ATTRIB")));
assertTrue(manager.supports(new SecurityConfig("GIVE_ME_SWAP2")));
}
public void testSupportsSecureObjectIteration() throws Exception {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
list.add(new MockAfterInvocationProvider("swap1",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
list.add(new MockAfterInvocationProvider("swap2",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
list.add(new MockAfterInvocationProvider("swap3",
MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
manager.setProviders(list);
manager.afterPropertiesSet();
assertFalse(manager.supports(FilterInvocation.class));
assertTrue(manager.supports(MethodInvocation.class));
}
//~ Inner Classes ==========================================================
/**
* Always returns the constructor-defined <code>forceReturnObject</code>,
* provided the same configuration attribute was provided. Also stores the
* secure object it supports.
*/
private class MockAfterInvocationProvider implements AfterInvocationProvider {
private Class secureObject;
private ConfigAttribute configAttribute;
private Object forceReturnObject;
public MockAfterInvocationProvider(Object forceReturnObject,
Class secureObject, ConfigAttribute configAttribute) {
this.forceReturnObject = forceReturnObject;
this.secureObject = secureObject;
this.configAttribute = configAttribute;
}
private MockAfterInvocationProvider() {}
public Object decide(Authentication authentication, Object object,
ConfigAttributeDefinition config, Object returnedObject)
throws AccessDeniedException {
if (config.contains(configAttribute)) {
return forceReturnObject;
}
return returnedObject;
}
public boolean supports(Class clazz) {
return secureObject.isAssignableFrom(clazz);
}
public boolean supports(ConfigAttribute attribute) {
return attribute.equals(configAttribute);
}
}
}

View File

@ -0,0 +1,373 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.afterinvocation;
import junit.framework.TestCase;
import net.sf.acegisecurity.AuthorizationServiceException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockAclManager;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.MockAclObjectIdentity;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import java.util.List;
import java.util.Vector;
/**
* Tests {@link BasicAclEntryAfterInvocationCollectionFilteringProvider}.
*
* @author Ben Alex
* @version $Id$
*/
public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests
extends TestCase {
//~ Constructors ===========================================================
public BasicAclEntryAfterInvocationCollectionFilteringProviderTests() {
super();
}
public BasicAclEntryAfterInvocationCollectionFilteringProviderTests(
String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BasicAclEntryAfterInvocationCollectionFilteringProviderTests.class);
}
public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject()
throws Exception {
// Create an AclManager, granting scott only ADMINISTRATION rights
AclManager aclManager = new MockAclManager("belmont", "scott",
new AclEntry[] {new SimpleAclEntry("scott",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION)});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create a Collection containing many items
List list = new Vector();
list.add("sydney");
list.add("melbourne");
list.add("belmont");
list.add("brisbane");
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, list);
assertEquals(0, filteredList.size());
}
public void testCorrectOperationWhenPrincipalHasNoPermissionToDomainObject()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create a Collection containing many items, which only "belmont"
// should remain in after filtering by provider
List list = new Vector();
list.add("sydney");
list.add("melbourne");
list.add("belmont");
list.add("brisbane");
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, list);
assertEquals(0, filteredList.size());
}
public void testCorrectOperationWhenPrincipalIsAuthorised()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
assertEquals(aclManager, provider.getAclManager());
provider.afterPropertiesSet();
// Create a Collection containing many items, which only "belmont"
// should remain in after filtering by provider
List list = new Vector();
list.add("sydney");
list.add("melbourne");
list.add("belmont");
list.add("brisbane");
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, list);
assertEquals(1, filteredList.size());
assertEquals("belmont", filteredList.get(0));
}
public void testDetectsIfReturnedObjectIsNotACollection()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE), new MockAclEntry()});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
try {
provider.decide(auth, new MockMethodInvocation(), attr,
new String("RETURN_OBJECT_NOT_COLLECTION"));
fail("Should have thrown AuthorizationServiceException");
} catch (AuthorizationServiceException expected) {
assertTrue(true);
}
}
public void testGrantsAccessIfReturnedObjectIsNull()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE), new MockAclEntry()});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, null);
assertNull(filteredList);
}
public void testRespectsModificationsToProcessConfigAttribute()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new MockAclEntry()});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
assertEquals("AFTER_ACL_COLLECTION_READ",
provider.getProcessConfigAttribute());
provider.setProcessConfigAttribute("AFTER_ACL_COLLECTION_ADMIN");
assertEquals("AFTER_ACL_COLLECTION_ADMIN",
provider.getProcessConfigAttribute());
provider.afterPropertiesSet();
// Create a Collection containing many items, which only "sydney"
// should remain in after filtering by provider
List list = new Vector();
list.add("sydney");
list.add("melbourne");
list.add("belmont");
list.add("brisbane");
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// As no matching config attrib, ensure provider doesn't change list
assertEquals(4,
((List) provider.decide(auth, new MockMethodInvocation(), attr, list))
.size());
// Filter, this time with the conf attrib provider setup to answer
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, list);
assertEquals(1, filteredList.size());
assertEquals("sydney", filteredList.get(0));
}
public void testRespectsModificationsToRequirePermissions()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
provider.setAclManager(aclManager);
assertEquals(SimpleAclEntry.READ, provider.getRequirePermission()[0]);
provider.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION});
assertEquals(SimpleAclEntry.ADMINISTRATION,
provider.getRequirePermission()[0]);
provider.afterPropertiesSet();
// Create a Collection containing many items, which only "sydney"
// should remain in after filtering by provider
List list = new Vector();
list.add("sydney");
list.add("melbourne");
list.add("belmont");
list.add("brisbane");
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
// Filter
List filteredList = (List) provider.decide(auth,
new MockMethodInvocation(), attr, list);
assertEquals(1, filteredList.size());
assertEquals("sydney", filteredList.get(0));
}
public void testStartupDetectsMissingAclManager() throws Exception {
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("An aclManager is mandatory", expected.getMessage());
}
}
public void testStartupDetectsMissingProcessConfigAttribute()
throws Exception {
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
provider.setAclManager(aclManager);
provider.setProcessConfigAttribute(null);
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("A processConfigAttribute is mandatory",
expected.getMessage());
}
}
public void testStartupDetectsMissingRequirePermission()
throws Exception {
BasicAclEntryAfterInvocationCollectionFilteringProvider provider = new BasicAclEntryAfterInvocationCollectionFilteringProvider();
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
provider.setAclManager(aclManager);
provider.setRequirePermission(null);
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("One or more requirePermission entries is mandatory",
expected.getMessage());
}
}
public void testSupportsAnything() {
assertTrue(new BasicAclEntryAfterInvocationCollectionFilteringProvider()
.supports(String.class));
}
//~ Inner Classes ==========================================================
private class MockAclEntry implements AclEntry {
// just so AclTag iterates some different types of AclEntrys
}
}

View File

@ -0,0 +1,284 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.afterinvocation;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockAclManager;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.MockAclObjectIdentity;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link BasicAclEntryAfterInvocationProvider}.
*
* @author Ben Alex
* @version $Id$
*/
public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
//~ Constructors ===========================================================
public BasicAclEntryAfterInvocationProviderTests() {
super();
}
public BasicAclEntryAfterInvocationProviderTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BasicAclEntryAfterInvocationProviderTests.class);
}
public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject()
throws Exception {
// Create an AclManager, granting scott only ADMINISTRATION rights
AclManager aclManager = new MockAclManager("belmont", "scott",
new AclEntry[] {new SimpleAclEntry("scott",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION)});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
try {
provider.decide(auth, new MockMethodInvocation(), attr, "belmont");
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
}
public void testCorrectOperationWhenPrincipalHasNoPermissionToDomainObject()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
try {
provider.decide(auth, new MockMethodInvocation(), attr, "belmont");
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
}
public void testCorrectOperationWhenPrincipalIsAuthorised()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
assertEquals(aclManager, provider.getAclManager());
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
// Filter
assertEquals("belmont",
provider.decide(auth, new MockMethodInvocation(), attr, "belmont"));
}
public void testGrantsAccessIfReturnedObjectIsNull()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("belmont", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE), new MockAclEntry()});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
// Filter
assertNull(provider.decide(auth, new MockMethodInvocation(), attr, null));
}
public void testRespectsModificationsToProcessConfigAttribute()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new MockAclEntry()});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
assertEquals("AFTER_ACL_READ", provider.getProcessConfigAttribute());
provider.setProcessConfigAttribute("AFTER_ACL_ADMIN");
assertEquals("AFTER_ACL_ADMIN", provider.getProcessConfigAttribute());
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
// As no matching config attrib, ensure provider returns original obj
assertEquals("sydney",
provider.decide(auth, new MockMethodInvocation(), attr, "sydney"));
// Filter, this time with the conf attrib provider setup to answer
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_ADMIN"));
assertEquals("sydney",
provider.decide(auth, new MockMethodInvocation(), attr, "sydney"));
}
public void testRespectsModificationsToRequirePermissions()
throws Exception {
// Create an AclManager
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
provider.setAclManager(aclManager);
assertEquals(SimpleAclEntry.READ, provider.getRequirePermission()[0]);
provider.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION});
assertEquals(SimpleAclEntry.ADMINISTRATION,
provider.getRequirePermission()[0]);
provider.afterPropertiesSet();
// Create the Authentication and Config Attribs we'll be presenting
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("marissa",
"NOT_USED");
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
// Filter
assertEquals("sydney",
provider.decide(auth, new MockMethodInvocation(), attr, "sydney"));
}
public void testStartupDetectsMissingAclManager() throws Exception {
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("An aclManager is mandatory", expected.getMessage());
}
}
public void testStartupDetectsMissingProcessConfigAttribute()
throws Exception {
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
provider.setAclManager(aclManager);
provider.setProcessConfigAttribute(null);
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("A processConfigAttribute is mandatory",
expected.getMessage());
}
}
public void testStartupDetectsMissingRequirePermission()
throws Exception {
BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
AclManager aclManager = new MockAclManager("sydney", "marissa",
new AclEntry[] {new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
provider.setAclManager(aclManager);
provider.setRequirePermission(null);
try {
provider.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("One or more requirePermission entries is mandatory",
expected.getMessage());
}
}
public void testSupportsAnything() {
assertTrue(new BasicAclEntryAfterInvocationProvider().supports(
String.class));
}
//~ Inner Classes ==========================================================
private class MockAclEntry implements AclEntry {
// just so AclTag iterates some different types of AclEntrys
}
}

View File

@ -0,0 +1,125 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept;
import junit.framework.TestCase;
import net.sf.acegisecurity.MockAccessDecisionManager;
import net.sf.acegisecurity.MockAfterInvocationManager;
import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.MockRunAsManager;
import net.sf.acegisecurity.intercept.method.MockMethodDefinitionSource;
/**
* Tests some {@link AbstractSecurityInterceptor} methods. Most of the testing
* for this class is found in the <code>MethodSecurityInterceptorTests</code>
* class.
*
* @author Ben Alex
* @version $Id$
*/
public class AbstractSecurityInterceptorTests extends TestCase {
//~ Constructors ===========================================================
public AbstractSecurityInterceptorTests() {
super();
}
public AbstractSecurityInterceptorTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AbstractSecurityInterceptorTests.class);
}
public void testDetectsIfInvocationPassedIncompatibleSecureObject()
throws Exception {
MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
si.setRunAsManager(new MockRunAsManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setAfterInvocationManager(new MockAfterInvocationManager());
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
try {
si.beforeInvocation(new MockMethodInvocation());
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("Security invocation attempted for object"));
}
}
public void testDetectsViolationOfGetSecureObjectClassMethod()
throws Exception {
MockSecurityInterceptorReturnsNull si = new MockSecurityInterceptorReturnsNull();
si.setRunAsManager(new MockRunAsManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setAfterInvocationManager(new MockAfterInvocationManager());
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
try {
si.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("Subclass must provide a non-null response to getSecureObjectClass()",
expected.getMessage());
}
}
//~ Inner Classes ==========================================================
private class MockSecurityInterceptorReturnsNull
extends AbstractSecurityInterceptor {
private ObjectDefinitionSource objectDefinitionSource;
public void setObjectDefinitionSource(
ObjectDefinitionSource objectDefinitionSource) {
this.objectDefinitionSource = objectDefinitionSource;
}
public Class getSecureObjectClass() {
return null;
}
public ObjectDefinitionSource obtainObjectDefinitionSource() {
return objectDefinitionSource;
}
}
private class MockSecurityInterceptorWhichOnlySupportsStrings
extends AbstractSecurityInterceptor {
private ObjectDefinitionSource objectDefinitionSource;
public void setObjectDefinitionSource(
ObjectDefinitionSource objectDefinitionSource) {
this.objectDefinitionSource = objectDefinitionSource;
}
public Class getSecureObjectClass() {
return String.class;
}
public ObjectDefinitionSource obtainObjectDefinitionSource() {
return objectDefinitionSource;
}
}
}

View File

@ -0,0 +1,74 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept;
import junit.framework.TestCase;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.aopalliance.intercept.MethodInvocation;
/**
* Tests {@link InterceptorStatusToken}.
*
* @author Ben Alex
* @version $Id$
*/
public class InterceptorStatusTokenTests extends TestCase {
//~ Constructors ===========================================================
public InterceptorStatusTokenTests() {
super();
}
public InterceptorStatusTokenTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(InterceptorStatusTokenTests.class);
}
public void testDefaultConstructor() {
try {
new InterceptorStatusToken();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testOperation() {
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO"));
MethodInvocation mi = new MockMethodInvocation();
InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken(
"marissa", "koala"), true, attr, mi);
assertTrue(token.isContextHolderRefreshRequired());
assertEquals(attr, token.getAttr());
assertEquals(mi, token.getSecureObject());
assertEquals("marissa", token.getAuthentication().getPrincipal());
}
}

View File

@ -0,0 +1,74 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
/**
* Tests {@link AuthenticationCredentialsNotFoundEvent}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
//~ Constructors ===========================================================
public AuthenticationCredentialsNotFoundEventTests() {
super();
}
public AuthenticationCredentialsNotFoundEventTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationCredentialsNotFoundEventTests.class);
}
public void testRejectsNulls() {
try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(null,
new ConfigAttributeDefinition(),
new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(),
null, new AuthenticationCredentialsNotFoundException("test"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

View File

@ -0,0 +1,88 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link AuthenticationFailureEvent}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationFailureEventTests extends TestCase {
//~ Constructors ===========================================================
public AuthenticationFailureEventTests() {
super();
}
public AuthenticationFailureEventTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationFailureEventTests.class);
}
public void testRejectsNulls() {
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(null,
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"),
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
null,
new UsernamePasswordAuthenticationToken("foo", "bar"),
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null,
new BadCredentialsException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthenticationFailureEvent event = new AuthenticationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

View File

@ -0,0 +1,88 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link AuthorizationFailureEvent}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthorizationFailureEventTests extends TestCase {
//~ Constructors ===========================================================
public AuthorizationFailureEventTests() {
super();
}
public AuthorizationFailureEventTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthorizationFailureEventTests.class);
}
public void testRejectsNulls() {
try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(null,
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"),
new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(),
null,
new UsernamePasswordAuthenticationToken("foo", "bar"),
new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null,
new AccessDeniedException("error"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

View File

@ -0,0 +1,74 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.event;
import junit.framework.TestCase;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link AuthorizedEvent}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthorizedEventTests extends TestCase {
//~ Constructors ===========================================================
public AuthorizedEventTests() {
super();
}
public AuthorizedEventTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthorizedEventTests.class);
}
public void testRejectsNulls() {
try {
AuthorizedEvent event = new AuthorizedEvent(null,
new ConfigAttributeDefinition(),
new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthorizedEvent event = new AuthorizedEvent(new MockMethodInvocation(),
null, new UsernamePasswordAuthenticationToken("foo", "bar"));
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
try {
AuthorizedEvent event = new AuthorizedEvent(new MockMethodInvocation(),
new ConfigAttributeDefinition(), null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
}

View File

@ -32,16 +32,13 @@ import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.beans.factory.support.PropertiesBeanDefinitionReader;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
@ -228,47 +225,10 @@ public class MethodDefinitionAttributesTests extends TestCase {
}
private ITargetObject makeInterceptedTarget() {
String PREFIX = "beans.";
DefaultListableBeanFactory lbf = new DefaultListableBeanFactory();
Properties p = new Properties();
p.setProperty(PREFIX + "authentication.class",
"net.sf.acegisecurity.MockAuthenticationManager");
p.setProperty(PREFIX + "accessDecision.class",
"net.sf.acegisecurity.MockAccessDecisionManager");
p.setProperty(PREFIX + "runAs.class",
"net.sf.acegisecurity.MockRunAsManager");
p.setProperty(PREFIX + "attributes.class",
"net.sf.acegisecurity.intercept.method.MockAttributes");
ApplicationContext context = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/intercept/method/applicationContext.xml");
p.setProperty(PREFIX + "objectDefinitionSource.class",
"net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes");
p.setProperty(PREFIX + "objectDefinitionSource.attributes(ref)",
"attributes");
p.setProperty(PREFIX + "securityInterceptor.class",
"net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor");
p.setProperty(PREFIX + "securityInterceptor.authenticationManager(ref)",
"authentication");
p.setProperty(PREFIX + "securityInterceptor.accessDecisionManager(ref)",
"accessDecision");
p.setProperty(PREFIX + "securityInterceptor.runAsManager(ref)", "runAs");
p.setProperty(PREFIX
+ "securityInterceptor.objectDefinitionSource(ref)",
"objectDefinitionSource");
p.setProperty(PREFIX + "targetObject.class",
"net.sf.acegisecurity.TargetObject");
p.setProperty(PREFIX + "target.class",
"org.springframework.aop.framework.ProxyFactoryBean");
p.setProperty(PREFIX + "target.proxyInterfaces",
"net.sf.acegisecurity.ITargetObject");
p.setProperty(PREFIX + "target.interceptorNames",
"securityInterceptor,targetObject");
(new PropertiesBeanDefinitionReader(lbf)).registerBeanDefinitions(p,
PREFIX);
return (ITargetObject) lbf.getBean("target");
return (ITargetObject) context.getBean("target");
}
/**

View File

@ -18,6 +18,7 @@ package net.sf.acegisecurity.intercept.method;
import junit.framework.TestCase;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockJoinPoint;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.TargetObject;
@ -57,6 +58,28 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
junit.textui.TestRunner.run(MethodDefinitionSourceEditorTests.class);
}
public void testAspectJJointPointLookup() throws Exception {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"net.sf.acegisecurity.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
Class clazz = TargetObject.class;
Method method = clazz.getMethod("countLength",
new Class[] {String.class});
MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
ConfigAttributeDefinition returnedCountLength = map.getAttributes(joinPoint);
ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition();
expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_TWO"));
expectedCountLength.addConfigAttribute(new SecurityConfig(
"RUN_AS_ENTRY"));
assertEquals(expectedCountLength, returnedCountLength);
}
public void testClassNameNotFoundResultsInException() {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
@ -160,7 +183,7 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
"net.sf.acegisecurity.TargetObject.*=ROLE_GENERAL\r\nnet.sf.acegisecurity.TargetObject.makeLower*=ROLE_LOWER\r\nnet.sf.acegisecurity.TargetObject.make*=ROLE_MAKE\r\nnet.sf.acegisecurity.TargetObject.makeUpper*=ROLE_UPPER");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
assertEquals(4, map.getMethodMapSize());
assertEquals(5, map.getMethodMapSize());
ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(
TargetObject.class, "makeLowerCase",

View File

@ -85,6 +85,49 @@ public class MethodDefinitionSourceAdvisorTests extends TestCase {
}
}
public void testUnsupportedOperations() throws Throwable {
Class clazz = TargetObject.class;
Method method = clazz.getMethod("countLength",
new Class[] {String.class});
MethodDefinitionSourceAdvisor.InternalMethodInvocation imi = new MethodDefinitionSourceAdvisor(getInterceptor()).new InternalMethodInvocation(method);
try {
imi.getArguments();
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
try {
imi.getStaticPart();
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
try {
imi.getThis();
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
try {
imi.proceed();
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
try {
new MethodDefinitionSourceAdvisor(getInterceptor()).new InternalMethodInvocation();
fail("Should have thrown UnsupportedOperationException");
} catch (UnsupportedOperationException expected) {
assertTrue(true);
}
}
private MethodSecurityInterceptor getInterceptor() {
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(

View File

@ -19,14 +19,17 @@ import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDecisionManager;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.AfterInvocationManager;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationCredentialsNotFoundException;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.ITargetObject;
import net.sf.acegisecurity.MockAccessDecisionManager;
import net.sf.acegisecurity.MockAfterInvocationManager;
import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockRunAsManager;
import net.sf.acegisecurity.RunAsManager;
@ -139,17 +142,20 @@ public class MethodSecurityInterceptorTests extends TestCase {
MockAuthenticationManager authManager = new MockAuthenticationManager();
MockMethodDefinitionSource methodSource = new MockMethodDefinitionSource(false,
true);
MockAfterInvocationManager afterInvocation = new MockAfterInvocationManager();
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(accessDecision);
si.setRunAsManager(runAs);
si.setAuthenticationManager(authManager);
si.setObjectDefinitionSource(methodSource);
si.setAfterInvocationManager(afterInvocation);
assertEquals(accessDecision, si.getAccessDecisionManager());
assertEquals(runAs, si.getRunAsManager());
assertEquals(authManager, si.getAuthenticationManager());
assertEquals(methodSource, si.getObjectDefinitionSource());
assertEquals(afterInvocation, si.getAfterInvocationManager());
}
public void testMethodCallWithRunAsReplacement() throws Exception {
@ -178,7 +184,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
context.setAuthentication(token);
ContextHolder.setContext(context);
ITargetObject target = makeInterceptedTarget();
ITargetObject target = makeInterceptedTargetWithoutAnAfterInvocationManager();
String result = target.makeLowerCase("HELLO");
// Note we check the isAuthenticated becomes true in following line
@ -234,7 +240,8 @@ public class MethodSecurityInterceptorTests extends TestCase {
ContextHolder.setContext(null);
}
public void testRejectsAccessDecisionManagersThatDoNotSupportMethodInvocation() {
public void testRejectsAccessDecisionManagersThatDoNotSupportMethodInvocation()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManagerWhichOnlySupportsStrings());
si.setAuthenticationManager(new MockAuthenticationManager());
@ -250,6 +257,28 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testRejectsCallsWhenAuthenticationIsIncorrect()
throws Exception {
SecureContext context = new SecureContextImpl();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")});
assertTrue(!token.isAuthenticated());
context.setAuthentication(token);
ContextHolder.setContext(context);
ITargetObject target = makeInterceptedTargetRejectsAuthentication();
try {
target.makeLowerCase("HELLO");
fail("Should have thrown AuthenticationException");
} catch (AuthenticationException expected) {
assertTrue(true);
}
ContextHolder.setContext(null);
}
public void testRejectsCallsWhenObjectDefinitionSourceDoesNotSupportObject()
throws Throwable {
MethodSecurityInterceptor interceptor = new MethodSecurityInterceptor();
@ -278,12 +307,14 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testRejectsRunAsManagersThatDoNotSupportMethodInvocation() {
public void testRejectsRunAsManagersThatDoNotSupportMethodInvocation()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
si.setRunAsManager(new MockRunAsManagerWhichOnlySupportsStrings());
si.setAfterInvocationManager(new MockAfterInvocationManager());
try {
si.afterPropertiesSet();
@ -294,10 +325,12 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testStartupCheckForAccessDecisionManager() {
public void testStartupCheckForAccessDecisionManager()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setRunAsManager(new MockRunAsManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setAfterInvocationManager(new MockAfterInvocationManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
@ -310,10 +343,12 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testStartupCheckForAuthenticationManager() {
public void testStartupCheckForAuthenticationManager()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setRunAsManager(new MockRunAsManager());
si.setAfterInvocationManager(new MockAfterInvocationManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
@ -326,7 +361,8 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testStartupCheckForMethodDefinitionSource() {
public void testStartupCheckForMethodDefinitionSource()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
@ -340,7 +376,7 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testStartupCheckForRunAsManager() {
public void testStartupCheckForRunAsManager() throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
@ -356,7 +392,25 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testValidationFailsIfInvalidAttributePresented() {
public void testStartupCheckForValidAfterInvocationManager()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setRunAsManager(new MockRunAsManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setAfterInvocationManager(new MockAfterInvocationManagerWhichOnlySupportsStrings());
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
try {
si.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(expected.getMessage().startsWith("AfterInvocationManager does not support secure object class:"));
}
}
public void testValidationFailsIfInvalidAttributePresented()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
@ -374,7 +428,8 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
public void testValidationNotAttemptedIfIsValidateConfigAttributesSetToFalse() {
public void testValidationNotAttemptedIfIsValidateConfigAttributesSetToFalse()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
@ -388,7 +443,8 @@ public class MethodSecurityInterceptorTests extends TestCase {
assertTrue(true);
}
public void testValidationNotAttemptedIfMethodDefinitionSourceCannotReturnIterator() {
public void testValidationNotAttemptedIfMethodDefinitionSourceCannotReturnIterator()
throws Exception {
MethodSecurityInterceptor si = new MethodSecurityInterceptor();
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setRunAsManager(new MockRunAsManager());
@ -407,6 +463,29 @@ public class MethodSecurityInterceptorTests extends TestCase {
return (ITargetObject) context.getBean("target");
}
private ITargetObject makeInterceptedTargetRejectsAuthentication() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
MockAuthenticationManager authenticationManager = new MockAuthenticationManager(false);
MethodSecurityInterceptor si = (MethodSecurityInterceptor) context
.getBean("securityInterceptor");
si.setAuthenticationManager(authenticationManager);
return (ITargetObject) context.getBean("target");
}
private ITargetObject makeInterceptedTargetWithoutAnAfterInvocationManager() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
MethodSecurityInterceptor si = (MethodSecurityInterceptor) context
.getBean("securityInterceptor");
si.setAfterInvocationManager(null);
return (ITargetObject) context.getBean("target");
}
//~ Inner Classes ==========================================================
private class MockAccessDecisionManagerWhichOnlySupportsStrings
@ -430,6 +509,28 @@ public class MethodSecurityInterceptorTests extends TestCase {
}
}
private class MockAfterInvocationManagerWhichOnlySupportsStrings
implements AfterInvocationManager {
public Object decide(Authentication authentication, Object object,
ConfigAttributeDefinition config, Object returnedObject)
throws AccessDeniedException {
throw new UnsupportedOperationException(
"mock method not implemented");
}
public boolean supports(Class clazz) {
if (String.class.isAssignableFrom(clazz)) {
return true;
} else {
return false;
}
}
public boolean supports(ConfigAttribute attribute) {
return true;
}
}
private class MockObjectDefinitionSourceWhichOnlySupportsStrings
extends AbstractMethodDefinitionSource {
public Iterator getConfigAttributeDefinitions() {

View File

@ -0,0 +1,163 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept.method.aspectj;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MockAccessDecisionManager;
import net.sf.acegisecurity.MockApplicationContext;
import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockJoinPoint;
import net.sf.acegisecurity.MockRunAsManager;
import net.sf.acegisecurity.TargetObject;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.intercept.method.MethodDefinitionMap;
import net.sf.acegisecurity.intercept.method.MethodDefinitionSourceEditor;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import java.lang.reflect.Method;
/**
* Tests {@link AspectJSecurityInterceptor}.
*
* @author Ben Alex
* @version $Id$
*/
public class AspectJSecurityInterceptorTests extends TestCase {
//~ Constructors ===========================================================
public AspectJSecurityInterceptorTests() {
super();
}
public AspectJSecurityInterceptorTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AspectJSecurityInterceptorTests.class);
}
public void testCallbackIsInvokedWhenPermissionGranted()
throws Exception {
AspectJSecurityInterceptor si = new AspectJSecurityInterceptor();
si.setApplicationContext(MockApplicationContext.getContext());
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setRunAsManager(new MockRunAsManager());
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"net.sf.acegisecurity.TargetObject.countLength=MOCK_ONE,MOCK_TWO");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
si.setObjectDefinitionSource(map);
assertEquals(map, si.getObjectDefinitionSource());
si.afterPropertiesSet();
Class clazz = TargetObject.class;
Method method = clazz.getMethod("countLength",
new Class[] {String.class});
MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
MockAspectJCallback aspectJCallback = new MockAspectJCallback();
SecureContext secureContext = new SecureContextImpl();
secureContext.setAuthentication(new TestingAuthenticationToken(
"marissa", "koala",
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_ONE")}));
ContextHolder.setContext(secureContext);
Object result = si.invoke(joinPoint, aspectJCallback);
assertEquals("object proceeded", result);
ContextHolder.setContext(null);
}
public void testCallbackIsNotInvokedWhenPermissionDenied()
throws Exception {
AspectJSecurityInterceptor si = new AspectJSecurityInterceptor();
si.setApplicationContext(MockApplicationContext.getContext());
si.setAccessDecisionManager(new MockAccessDecisionManager());
si.setAuthenticationManager(new MockAuthenticationManager());
si.setRunAsManager(new MockRunAsManager());
MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
editor.setAsText(
"net.sf.acegisecurity.TargetObject.countLength=MOCK_ONE,MOCK_TWO");
MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
si.setObjectDefinitionSource(map);
si.afterPropertiesSet();
Class clazz = TargetObject.class;
Method method = clazz.getMethod("countLength",
new Class[] {String.class});
MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
MockAspectJCallback aspectJCallback = new MockAspectJCallback();
aspectJCallback.setThrowExceptionIfInvoked(true);
SecureContext secureContext = new SecureContextImpl();
secureContext.setAuthentication(new TestingAuthenticationToken(
"marissa", "koala", new GrantedAuthority[] {}));
ContextHolder.setContext(secureContext);
try {
si.invoke(joinPoint, aspectJCallback);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
ContextHolder.setContext(null);
}
//~ Inner Classes ==========================================================
private class MockAspectJCallback implements AspectJCallback {
private boolean throwExceptionIfInvoked = false;
private MockAspectJCallback() {}
public void setThrowExceptionIfInvoked(boolean throwExceptionIfInvoked) {
this.throwExceptionIfInvoked = throwExceptionIfInvoked;
}
public Object proceedWithObject() {
if (throwExceptionIfInvoked) {
throw new IllegalStateException("AspectJCallback proceeded");
}
return "object proceeded";
}
}
}

View File

@ -25,6 +25,7 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MockAccessDecisionManager;
import net.sf.acegisecurity.MockApplicationContext;
import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpServletResponse;
@ -74,7 +75,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
junit.textui.TestRunner.run(FilterSecurityInterceptorTests.class);
}
public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() {
public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass()
throws Exception {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAuthenticationManager(new MockAuthenticationManager());
interceptor.setObjectDefinitionSource(new RegExpBasedFilterInvocationDefinitionMap());
@ -106,7 +108,8 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
}
public void testEnsuresRunAsManagerSupportsFilterInvocationClass() {
public void testEnsuresRunAsManagerSupportsFilterInvocationClass()
throws Exception {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
@ -138,7 +141,51 @@ public class FilterSecurityInterceptorTests extends TestCase {
}
}
public void testNormalStartupAndGetter() {
public void testHttpsInvocationReflectsPortNumber()
throws Throwable {
// Setup the FilterSecurityInterceptor
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
interceptor.setRunAsManager(new MockRunAsManager());
interceptor.setApplicationContext(MockApplicationContext.getContext());
// Setup a mock config attribute definition
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig("MOCK_OK"));
MockFilterInvocationDefinitionMap mockSource = new MockFilterInvocationDefinitionMap("/secure/page.html",
def);
interceptor.setObjectDefinitionSource(mockSource);
// Setup our expectation that the filter chain will be invoked, as access is granted
MockFilterChain chain = new MockFilterChain(true);
// Setup our HTTPS request and response
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setServletPath("/secure/page.html");
request.setScheme("https");
request.setServerPort(443);
// Setup a Context
SecureContext context = new SecureContextImpl();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_OK")});
context.setAuthentication(token);
ContextHolder.setContext(context);
// Create and test our secure object
FilterInvocation fi = new FilterInvocation(request, response, chain);
interceptor.invoke(fi);
// Destroy the Context
ContextHolder.setContext(null);
}
public void testNormalStartupAndGetter() throws Exception {
FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
@ -164,6 +211,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
interceptor.setAccessDecisionManager(new MockAccessDecisionManager());
interceptor.setAuthenticationManager(new MockAuthenticationManager());
interceptor.setRunAsManager(new MockRunAsManager());
interceptor.setApplicationContext(MockApplicationContext.getContext());
// Setup a mock config attribute definition
ConfigAttributeDefinition def = new ConfigAttributeDefinition();

View File

@ -174,6 +174,8 @@ public class CasAuthenticationTokenTests extends TestCase {
assertEquals("PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt",
token.getProxyGrantingTicketIou());
assertEquals(proxyList, token.getProxyList());
assertEquals(makeUserDetails().getUsername(),
token.getUserDetails().getUsername());
}
public void testNoArgConstructor() {

View File

@ -31,6 +31,8 @@ import net.sf.acegisecurity.providers.dao.cache.NullUserCache;
import net.sf.acegisecurity.providers.dao.salt.SystemWideSaltSource;
import net.sf.acegisecurity.providers.encoding.ShaPasswordEncoder;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;
@ -103,6 +105,22 @@ public class DaoAuthenticationProviderTests extends TestCase {
}
}
public void testAuthenticateFailsWithEmptyUsername() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null,
"koala");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setAuthenticationDao(new MockAuthenticationDaoUserMarissa());
provider.setUserCache(new MockUserCache());
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
} catch (BadCredentialsException expected) {
assertTrue(true);
}
}
public void testAuthenticateFailsWithInvalidPassword() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
"INVALID_PASSWORD");
@ -247,6 +265,27 @@ public class DaoAuthenticationProviderTests extends TestCase {
assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
}
public void testAuthenticatesWithForcePrincipalAsString() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
"koala");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setAuthenticationDao(new MockAuthenticationDaoUserMarissa());
provider.setUserCache(new MockUserCache());
provider.setForcePrincipalAsString(true);
Authentication result = provider.authenticate(token);
if (!(result instanceof UsernamePasswordAuthenticationToken)) {
fail(
"Should have returned instance of UsernamePasswordAuthenticationToken");
}
UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
assertEquals(String.class, castResult.getPrincipal().getClass());
assertEquals("marissa", castResult.getPrincipal());
}
public void testGettersSetters() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(new ShaPasswordEncoder());
@ -264,6 +303,41 @@ public class DaoAuthenticationProviderTests extends TestCase {
assertFalse(provider.isForcePrincipalAsString());
provider.setForcePrincipalAsString(true);
assertTrue(provider.isForcePrincipalAsString());
provider.setApplicationContext(new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/util/filtertest-valid.xml"));
assertEquals(ClassPathXmlApplicationContext.class.getName(),
provider.getContext().getClass().getName());
}
public void testGoesBackToAuthenticationDaoToObtainLatestPasswordIfCachedPasswordSeemsIncorrect() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
"koala");
MockAuthenticationDaoUserMarissa authenticationDao = new MockAuthenticationDaoUserMarissa();
MockUserCache cache = new MockUserCache();
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setAuthenticationDao(authenticationDao);
provider.setUserCache(cache);
// This will work, as password still "koala"
provider.authenticate(token);
// Check "marissa = koala" ended up in the cache
assertEquals("koala", cache.getUserFromCache("marissa").getPassword());
// Now change the password the AuthenticationDao will return
authenticationDao.setPassword("easternLongNeckTurtle");
// Now try authentication again, with the new password
token = new UsernamePasswordAuthenticationToken("marissa",
"easternLongNeckTurtle");
provider.authenticate(token);
// To get this far, the new password was accepted
// Check the cache was updated
assertEquals("easternLongNeckTurtle",
cache.getUserFromCache("marissa").getPassword());
}
public void testStartupFailsIfNoAuthenticationDao()
@ -320,10 +394,16 @@ public class DaoAuthenticationProviderTests extends TestCase {
}
private class MockAuthenticationDaoUserMarissa implements AuthenticationDao {
private String password = "koala";
public void setPassword(String password) {
this.password = password;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if ("marissa".equals(username)) {
return new User("marissa", "koala", true,
return new User("marissa", password, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl(
"ROLE_TWO")});
} else {

View File

@ -198,6 +198,27 @@ public class PasswordDaoAuthenticationProviderTests extends TestCase {
assertEquals(result.getCredentials(), result2.getCredentials());
}
public void testAuthenticatesWithForcePrincipalAsString() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("marissa",
"koala");
PasswordDaoAuthenticationProvider provider = new PasswordDaoAuthenticationProvider();
provider.setPasswordAuthenticationDao(new MockAuthenticationDaoUserMarissa());
provider.setUserCache(new MockUserCache());
provider.setForcePrincipalAsString(true);
Authentication result = provider.authenticate(token);
if (!(result instanceof UsernamePasswordAuthenticationToken)) {
fail(
"Should have returned instance of UsernamePasswordAuthenticationToken");
}
UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
assertEquals(String.class, castResult.getPrincipal().getClass());
assertEquals("marissa", castResult.getPrincipal());
}
public void testGettersSetters() {
PasswordDaoAuthenticationProvider provider = new PasswordDaoAuthenticationProvider();
provider.setUserCache(new EhCacheBasedUserCache());

View File

@ -65,6 +65,22 @@ public class LoggerListenerTests extends TestCase {
assertTrue(true);
}
public void testLogsUsernameNotFoundEvents() {
AuthenticationFailureUsernameNotFoundEvent event = new AuthenticationFailureUsernameNotFoundEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
public void testLogsUsernameOfPasswordEvent() {
AuthenticationFailureUsernameOrPasswordEvent event = new AuthenticationFailureUsernameOrPasswordEvent(getAuthentication(),
getUser());
LoggerListener listener = new LoggerListener();
listener.onApplicationEvent(event);
assertTrue(true);
}
private Authentication getAuthentication() {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("Principal",
"Credentials");

View File

@ -0,0 +1,226 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.taglibs.authz;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.MockAclManager;
import net.sf.acegisecurity.MockApplicationContext;
import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.MockAclObjectIdentity;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ConfigurableApplicationContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
/**
* Tests {@link AclTag}.
*
* @author Ben Alex
* @version $Id$
*/
public class AclTagTests extends TestCase {
//~ Instance fields ========================================================
private final MyAclTag aclTag = new MyAclTag();
//~ Methods ================================================================
public void testInclusionDeniedWhenAclManagerUnawareOfObject()
throws JspException {
Authentication auth = new TestingAuthenticationToken("marissa",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(new Long(SimpleAclEntry.ADMINISTRATION)
.toString());
aclTag.setDomainObject(new Integer(54));
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionDeniedWhenAuthenticationEmpty()
throws JspException {
ContextHolder.setContext(new SecureContextImpl());
aclTag.setHasPermission(new Long(SimpleAclEntry.ADMINISTRATION)
.toString());
aclTag.setDomainObject("object1");
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionDeniedWhenContextHolderEmpty()
throws JspException {
ContextHolder.setContext(null);
aclTag.setHasPermission(new Long(SimpleAclEntry.ADMINISTRATION)
.toString());
aclTag.setDomainObject("object1");
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionDeniedWhenNoListOfPermissionsGiven()
throws JspException {
Authentication auth = new TestingAuthenticationToken("marissa",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(null);
aclTag.setDomainObject("object1");
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionDeniedWhenPrincipalDoesNotHoldAnyPermissions()
throws JspException {
Authentication auth = new TestingAuthenticationToken("john", "crow",
new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(new Integer(SimpleAclEntry.ADMINISTRATION)
+ "," + new Integer(SimpleAclEntry.READ));
assertEquals(new Integer(SimpleAclEntry.ADMINISTRATION) + ","
+ new Integer(SimpleAclEntry.READ), aclTag.getHasPermission());
aclTag.setDomainObject("object1");
assertEquals("object1", aclTag.getDomainObject());
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionDeniedWhenPrincipalDoesNotHoldRequiredPermissions()
throws JspException {
Authentication auth = new TestingAuthenticationToken("marissa",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(new Integer(SimpleAclEntry.DELETE).toString());
aclTag.setDomainObject("object1");
assertEquals(Tag.SKIP_BODY, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testInclusionPermittedWhenDomainObjectIsNull()
throws JspException {
aclTag.setHasPermission(new Integer(SimpleAclEntry.READ).toString());
aclTag.setDomainObject(null);
assertEquals(Tag.EVAL_BODY_INCLUDE, aclTag.doStartTag());
}
public void testJspExceptionThrownIfHasPermissionNotValidFormat()
throws JspException {
Authentication auth = new TestingAuthenticationToken("john", "crow",
new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission("0,5, 6"); // shouldn't be any space
try {
aclTag.doStartTag();
fail("Should have thrown JspException");
} catch (JspException expected) {
assertTrue(true);
}
ContextHolder.setContext(null);
}
public void testOperationWhenPrincipalHoldsPermissionOfMultipleList()
throws JspException {
Authentication auth = new TestingAuthenticationToken("marissa",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(new Integer(SimpleAclEntry.ADMINISTRATION)
+ "," + new Integer(SimpleAclEntry.READ));
aclTag.setDomainObject("object1");
assertEquals(Tag.EVAL_BODY_INCLUDE, aclTag.doStartTag());
ContextHolder.setContext(null);
}
public void testOperationWhenPrincipalHoldsPermissionOfSingleList()
throws JspException {
Authentication auth = new TestingAuthenticationToken("marissa",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
aclTag.setHasPermission(new Integer(SimpleAclEntry.READ).toString());
aclTag.setDomainObject("object1");
assertEquals(Tag.EVAL_BODY_INCLUDE, aclTag.doStartTag());
ContextHolder.setContext(null);
}
//~ Inner Classes ==========================================================
private class MockAclEntry implements AclEntry {
// just so AclTag iterates some different types of AclEntrys
}
private class MyAclTag extends AclTag {
protected ApplicationContext getContext(PageContext pageContext) {
ConfigurableApplicationContext context = MockApplicationContext
.getContext();
// Create an AclManager
AclManager aclManager = new MockAclManager("object1", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ)});
// Register the AclManager into our ApplicationContext
context.getBeanFactory().registerSingleton("aclManager", aclManager);
return context;
}
}
}

View File

@ -0,0 +1,133 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.taglibs.authz;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import net.sf.acegisecurity.providers.dao.User;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
/**
* Tests {@link AuthenticationTag}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationTagTests extends TestCase {
//~ Instance fields ========================================================
private final MyAuthenticationTag authenticationTag = new MyAuthenticationTag();
//~ Methods ================================================================
public void testOperationWhenAuthenticationIsNull()
throws JspException {
ContextHolder.setContext(new SecureContextImpl());
authenticationTag.setOperation("principal");
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
assertEquals(null, authenticationTag.getLastMessage());
ContextHolder.setContext(null);
}
public void testOperationWhenContextHolderIsNull()
throws JspException {
ContextHolder.setContext(null);
authenticationTag.setOperation("principal");
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
assertEquals(null, authenticationTag.getLastMessage());
}
public void testOperationWhenPrincipalIsAString() throws JspException {
Authentication auth = new TestingAuthenticationToken("marissaAsString",
"koala", new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
authenticationTag.setOperation("principal");
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
assertEquals("marissaAsString", authenticationTag.getLastMessage());
}
public void testOperationWhenPrincipalIsAUserDetailsInstance()
throws JspException {
Authentication auth = new TestingAuthenticationToken(new User(
"marissaUserDetails", "koala", true,
new GrantedAuthority[] {}), "koala",
new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
authenticationTag.setOperation("principal");
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
assertEquals("marissaUserDetails", authenticationTag.getLastMessage());
}
public void testOperationWhenPrincipalIsNull() throws JspException {
Authentication auth = new TestingAuthenticationToken(null, "koala",
new GrantedAuthority[] {});
SecureContext sc = new SecureContextImpl();
sc.setAuthentication(auth);
ContextHolder.setContext(sc);
authenticationTag.setOperation("principal");
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
}
public void testSkipsBodyIfNullOrEmptyOperation() throws Exception {
authenticationTag.setOperation("");
assertEquals("", authenticationTag.getOperation());
assertEquals(Tag.SKIP_BODY, authenticationTag.doStartTag());
}
public void testThrowsExceptionForUnrecognisedOperation() {
authenticationTag.setOperation("qsq");
try {
authenticationTag.doStartTag();
fail("Should have throwns JspException");
} catch (JspException expected) {
assertTrue(true);
}
}
//~ Inner Classes ==========================================================
private class MyAuthenticationTag extends AuthenticationTag {
String lastMessage = null;
public String getLastMessage() {
return lastMessage;
}
protected void writeMessage(String msg) throws JspException {
lastMessage = msg;
}
}
}

View File

@ -179,6 +179,10 @@ public class AbstractProcessingFilterTests extends TestCase {
filter.setAuthenticationProxyUntrustedFailureUrl("/proxy");
assertEquals("/proxy",
filter.getAuthenticationProxyUntrustedFailureUrl());
filter.setAuthenticationServiceFailureUrl("/serviceFailure");
assertEquals("/serviceFailure",
filter.getAuthenticationServiceFailureUrl());
}
public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl()
@ -365,7 +369,9 @@ public class AbstractProcessingFilterTests extends TestCase {
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setDefaultTargetUrl("/foobar");
assertFalse(filter.isAlwaysUseDefaultTargetUrl()); // check default
filter.setAlwaysUseDefaultTargetUrl(true);
assertTrue(filter.isAlwaysUseDefaultTargetUrl()); // check changed
// Test
executeFilterInContainerSimulator(config, filter, request, response,

View File

@ -0,0 +1,143 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui.httpinvoker;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
/**
* Tests {@link AuthenticationSimpleHttpInvokerRequestExecutor}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticationSimpleHttpInvokerRequestExecutorTests
extends TestCase {
//~ Constructors ===========================================================
public AuthenticationSimpleHttpInvokerRequestExecutorTests() {
super();
}
public AuthenticationSimpleHttpInvokerRequestExecutorTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationSimpleHttpInvokerRequestExecutorTests.class);
}
public void testNormalOperation() throws Exception {
// Setup client-side context
SecureContext clientSideContext = new SecureContextImpl();
Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("Aladdin",
"open sesame");
clientSideContext.setAuthentication(clientSideAuthentication);
ContextHolder.setContext(clientSideContext);
// Create a connection and ensure our executor sets its
// properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL(
"http://localhost/"));
executor.prepareConnection(conn, 10);
// Check connection properties
// See http://www.faqs.org/rfcs/rfc1945.html section 11.1 for example
// we are comparing against
assertEquals("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
conn.getRequestProperty("Authorization"));
ContextHolder.setContext(null);
}
public void testNullAuthenticationIsNull() throws Exception {
// Setup client-side context
SecureContext clientSideContext = new SecureContextImpl();
clientSideContext.setAuthentication(null);
ContextHolder.setContext(clientSideContext);
// Create a connection and ensure our executor sets its
// properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL(
"http://localhost/"));
executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header)
assertNull(conn.getRequestProperty("Authorization"));
}
public void testNullContextHolderIsNull() throws Exception {
ContextHolder.setContext(null); // just to be explicit
// Create a connection and ensure our executor sets its
// properties correctly
AuthenticationSimpleHttpInvokerRequestExecutor executor = new AuthenticationSimpleHttpInvokerRequestExecutor();
HttpURLConnection conn = new MockHttpURLConnection(new URL(
"http://localhost/"));
executor.prepareConnection(conn, 10);
// Check connection properties (shouldn't be an Authorization header)
assertNull(conn.getRequestProperty("Authorization"));
}
//~ Inner Classes ==========================================================
private class MockHttpURLConnection extends HttpURLConnection {
private Map requestProperties = new HashMap();
public MockHttpURLConnection(URL u) {
super(u);
}
public void setRequestProperty(String key, String value) {
requestProperties.put(key, value);
}
public String getRequestProperty(String key) {
return (String) requestProperties.get(key);
}
public void connect() throws IOException {
throw new UnsupportedOperationException("mock not implemented");
}
public void disconnect() {
throw new UnsupportedOperationException("mock not implemented");
}
public boolean usingProxy() {
throw new UnsupportedOperationException("mock not implemented");
}
}
}

View File

@ -0,0 +1,102 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui.rmi;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.TargetObject;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.aopalliance.intercept.MethodInvocation;
import java.lang.reflect.Method;
/**
* Tests {@link ContextPropagatingRemoteInvocation} and {@link
* ContextPropagatingRemoteInvocationFactory}.
*
* @author Ben Alex
* @version $Id$
*/
public class ContextPropagatingRemoteInvocationTests extends TestCase {
//~ Constructors ===========================================================
public ContextPropagatingRemoteInvocationTests() {
super();
}
public ContextPropagatingRemoteInvocationTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(ContextPropagatingRemoteInvocationTests.class);
}
public void testNormalOperation() throws Exception {
// Setup client-side context
SecureContext clientSideContext = new SecureContextImpl();
Authentication clientSideAuthentication = new UsernamePasswordAuthenticationToken("marissa",
"koala");
clientSideContext.setAuthentication(clientSideAuthentication);
ContextHolder.setContext(clientSideContext);
ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
// Set to null, as ContextPropagatingRemoteInvocation already obtained
// a copy and nulling is necessary to ensure the Context delivered by
// ContextPropagatingRemoteInvocation is used on server-side
ContextHolder.setContext(null);
// The result from invoking the TargetObject should contain the
// Authentication class delivered via the ContextHolder
assertEquals("some_string net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken false",
remoteInvocation.invoke(new TargetObject()));
}
public void testNullContextHolderDoesNotCauseInvocationProblems()
throws Exception {
ContextHolder.setContext(null); // just to be explicit
ContextPropagatingRemoteInvocation remoteInvocation = getRemoteInvocation();
ContextHolder.setContext(null); // unnecessary, but for explicitness
assertEquals("some_string ContextHolder Not Security Aware",
remoteInvocation.invoke(new TargetObject()));
}
private ContextPropagatingRemoteInvocation getRemoteInvocation()
throws Exception {
Class clazz = TargetObject.class;
Method method = clazz.getMethod("makeLowerCase",
new Class[] {String.class});
MethodInvocation mi = new MockMethodInvocation(method,
new Object[] {"SOME_STRING"});
ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory();
return (ContextPropagatingRemoteInvocation) factory
.createRemoteInvocation(mi);
}
}

View File

@ -98,7 +98,8 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
assertTrue(ep.getForceHttps());
}
public void testHttpsOperation() throws Exception {
public void testHttpsOperationFromOriginalHttpUrl()
throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(
"/some_path");
request.setScheme("http");
@ -150,6 +151,36 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
response.getRedirect());
}
public void testHttpsOperationFromOriginalHttpsUrl()
throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(
"/some_path");
request.setScheme("https");
request.setServerName("www.example.com");
request.setContextPath("/bigWebApp");
request.setServerPort(443);
MockHttpServletResponse response = new MockHttpServletResponse();
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");
ep.setPortMapper(new PortMapperImpl());
ep.setForceHttps(true);
ep.setPortMapper(new PortMapperImpl());
ep.setPortResolver(new MockPortResolver(80, 443));
ep.afterPropertiesSet();
ep.commence(request, response);
assertEquals("https://www.example.com/bigWebApp/hello",
response.getRedirect());
request.setServerPort(8443);
ep.setPortResolver(new MockPortResolver(8080, 8443));
ep.commence(request, response);
assertEquals("https://www.example.com:8443/bigWebApp/hello",
response.getRedirect());
}
public void testNormalOperation() throws Exception {
AuthenticationProcessingFilterEntryPoint ep = new AuthenticationProcessingFilterEntryPoint();
ep.setLoginFormUrl("/hello");

View File

@ -226,6 +226,26 @@ public class FilterToBeanProxyTests extends TestCase {
chain);
}
public void testNullDelegateDoesNotCauseNullPointerException()
throws Exception {
// Setup our filter
MockFilterConfig config = new MockFilterConfig();
config.setInitParmeter("targetBean", "aFilterThatDoesntExist");
config.setInitParmeter("init", "lazy");
// Setup our expectation that the filter chain will be invoked
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest("/go");
FilterToBeanProxy filter = new MockFilterToBeanProxy(
"net/sf/acegisecurity/util/filtertest-valid.xml");
// do not init (which would hapen if called .doFilter)
filter.destroy();
}
private void executeFilterInContainerSimulator(FilterConfig filterConfig,
Filter filter, ServletRequest request, ServletResponse response,
FilterChain filterChain) throws ServletException, IOException {

View File

@ -67,6 +67,18 @@ public class PortResolverImplTests extends TestCase {
assertEquals(8443, pr.getServerPort(request));
}
public void testDetectsEmptyPortMapper() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
pr.setPortMapper(null);
try {
pr.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testGettersSetters() throws Exception {
PortResolverImpl pr = new PortResolverImpl();
assertTrue(pr.getPortMapper() != null);

View File

@ -0,0 +1,485 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import junit.framework.TestCase;
import net.sf.acegisecurity.AuthorizationServiceException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.MockAclManager;
import net.sf.acegisecurity.MockMethodInvocation;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.MockAclObjectIdentity;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import java.lang.reflect.Method;
/**
* Tests {@link BasicAclEntryVoter}.
*
* @author Ben Alex
* @version $Id$
*/
public class BasicAclEntryVoterTests extends TestCase {
//~ Constructors ===========================================================
public BasicAclEntryVoterTests() {
super();
}
public BasicAclEntryVoterTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(BasicAclEntryVoterTests.class);
}
public void testNormalOperation() throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject, "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
assertEquals(aclManager, voter.getAclManager());
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
assertEquals("FOO_ADMIN_OR_WRITE_ACCESS",
voter.getProcessConfigAttribute());
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
assertEquals(2, voter.getRequirePermission().length);
voter.setProcessDomainObjectClass(SomeDomainObject.class);
assertEquals(SomeDomainObject.class, voter.getProcessDomainObjectClass());
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(
new UsernamePasswordAuthenticationToken("marissa", null), mi,
attr));
}
public void testOnlySupportsMethodInvocation() {
BasicAclEntryVoter voter = new BasicAclEntryVoter();
assertTrue(voter.supports(MethodInvocation.class));
assertFalse(voter.supports(JoinPoint.class));
}
public void testStartupRejectsMissingAclManager() throws Exception {
AclManager aclManager = new MockAclManager("domain1", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
try {
voter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testStartupRejectsMissingProcessConfigAttribute()
throws Exception {
AclManager aclManager = new MockAclManager("domain1", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
try {
voter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testStartupRejectsMissingProcessDomainObjectClass()
throws Exception {
AclManager aclManager = new MockAclManager("domain1", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
try {
voter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testStartupRejectsMissingRequirePermission()
throws Exception {
AclManager aclManager = new MockAclManager("domain1", "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setProcessDomainObjectClass(SomeDomainObject.class);
try {
voter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testSupportsConfigAttribute() {
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setProcessConfigAttribute("foobar");
assertTrue(voter.supports(new SecurityConfig("foobar")));
}
public void testVoterAbstainsIfDomainObjectIsNull()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject, "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("A_DIFFERENT_ATTRIBUTE"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN,
voter.vote(
new UsernamePasswordAuthenticationToken("marissa", null), mi,
attr));
}
public void testVoterAbstainsIfNotMatchingConfigAttribute()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = null;
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject, "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN,
voter.vote(
new UsernamePasswordAuthenticationToken("marissa", null), mi,
attr));
}
public void testVoterCanDenyAccessBasedOnInternalMethodOfDomainObject()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject.getParent(),
"marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.setInternalMethod("getParent");
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(
new UsernamePasswordAuthenticationToken("marissa", null), mi,
attr));
}
public void testVoterCanDenyAccessIfPrincipalHasNoPermissionsAtAllToDomainObject()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject, "marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.setInternalMethod("getParent");
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
MethodInvocation mi = getMethodInvocation(domainObject);
// NB: scott is the principal, not marissa
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(new UsernamePasswordAuthenticationToken("scott", null),
mi, attr));
}
public void testVoterCanGrantAccessBasedOnInternalMethodOfDomainObject()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject.getParent(),
"marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.setInternalMethod("getParent");
assertEquals("getParent", voter.getInternalMethod());
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
MethodInvocation mi = getMethodInvocation(domainObject);
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(
new UsernamePasswordAuthenticationToken("marissa", null), mi,
attr));
}
public void testVoterThrowsExceptionIfInvalidInternalMethodOfDomainObject()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject.getParent(),
"marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.setInternalMethod("getNonExistentParentName");
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation, so voter can retrieve domainObject
// (well actually it will access domainObject.getParent())
MethodInvocation mi = getMethodInvocation(domainObject);
try {
voter.vote(new UsernamePasswordAuthenticationToken("marissa", null),
mi, attr);
fail("Should have thrown AuthorizationServiceException");
} catch (AuthorizationServiceException expected) {
assertTrue(true);
}
}
public void testVoterThrowsExceptionIfProcessDomainObjectNotFound()
throws Exception {
// Setup a domain object subject of this test
SomeDomainObject domainObject = new SomeDomainObject("foo");
// Setup an AclManager
AclManager aclManager = new MockAclManager(domainObject.getParent(),
"marissa",
new AclEntry[] {new MockAclEntry(), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry(
"marissa", new MockAclObjectIdentity(), null,
SimpleAclEntry.READ), new SimpleAclEntry("marissa",
new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
// Wire up a voter
BasicAclEntryVoter voter = new BasicAclEntryVoter();
voter.setAclManager(aclManager);
voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
voter.setProcessDomainObjectClass(SomeDomainObject.class);
voter.afterPropertiesSet();
// Wire up an invocation to be voted on
ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
// Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
Class clazz = String.class;
Method method = clazz.getMethod("toString", new Class[] {});
MethodInvocation mi = new MockMethodInvocation(method,
new Object[] {domainObject});
try {
voter.vote(new UsernamePasswordAuthenticationToken("marissa", null),
mi, attr);
fail("Should have thrown AuthorizationServiceException");
} catch (AuthorizationServiceException expected) {
assertTrue(true);
}
}
private MethodInvocation getMethodInvocation(SomeDomainObject domainObject)
throws Exception {
Class clazz = SomeDomainObjectManager.class;
Method method = clazz.getMethod("someServiceMethod",
new Class[] {SomeDomainObject.class});
return new MockMethodInvocation(method, new Object[] {domainObject});
}
//~ Inner Classes ==========================================================
private class MockAclEntry implements AclEntry {
// just so AclTag iterates some different types of AclEntrys
}
}

View File

@ -0,0 +1,42 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
/**
* Simple domain object, used by {@link BasicAclEntryVoterTests}.
*
* @author Ben Alex
* @version $Id$
*/
public class SomeDomainObject {
//~ Instance fields ========================================================
private String identity;
//~ Constructors ===========================================================
public SomeDomainObject(String identity) {
this.identity = identity;
}
private SomeDomainObject() {}
//~ Methods ================================================================
public String getParent() {
return "parentOf" + identity;
}
}

View File

@ -0,0 +1,29 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
/**
* Used by {@link BasicAclEntryVoterTests} so it can create a
* <code>MethodInvocation</code> contining <code>SomeDomainObject</code>.
*
* @author Ben Alex
* @version $Id$
*/
public class SomeDomainObjectManager {
//~ Methods ================================================================
public void someServiceMethod(SomeDomainObject someDomainObject) {}
}

View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* $Id$
-->
<beans>
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
<bean id="authenticationLoggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
<!-- Automatically receives AuthenticationEvent messages from AbstractSecurityInterceptor -->
<bean id="secureObjectLoggerListener" class="net.sf.acegisecurity.intercept.event.LoggerListener"/>
</beans>

View File

@ -20,6 +20,7 @@
<beans>
<bean id="afterInvocation" class="net.sf.acegisecurity.MockAfterInvocationManager"/>
<bean id="authentication" class="net.sf.acegisecurity.MockAuthenticationManager"/>
<bean id="accessDecision" class="net.sf.acegisecurity.MockAccessDecisionManager"/>
<bean id="runAs" class="net.sf.acegisecurity.MockRunAsManager"/>
@ -29,25 +30,27 @@
<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authentication"/></property>
<property name="accessDecisionManager"><ref local="accessDecision"/></property>
<property name="afterInvocationManager"><ref local="afterInvocation"/></property>
<property name="runAsManager"><ref local="runAs"/></property>
<property name="objectDefinitionSource">
<value>
net.sf.acegisecurity.ITargetObject.makeLower*=MOCK_LOWER
net.sf.acegisecurity.ITargetObject.makeUpper*=MOCK_UPPER,RUN_AS
net.sf.acegisecurity.ITargetObject.computeHashCode*=MOCK_HASH,AFTER_INVOCATION_MOCK
</value>
</property>
</bean>
<bean id="target" class="net.sf.acegisecurity.TargetObject"/>
<bean id="realTarget" class="net.sf.acegisecurity.TargetObject"/>
<!-- Autowire is fine as advisor requires MethodSecurityInterceptor -->
<bean id="methodSecurityAdvisor"
class="net.sf.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor"
autowire="constructor" >
</bean>
<bean id="autoproxy"
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
<bean id="target" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.ITargetObject</value></property>
<property name="interceptorNames">
<list>
<idref local="securityInterceptor"/>
<idref local="realTarget"/>
</list>
</property>
</bean>
</beans>

View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* $Id$
-->
<beans>
<bean id="authentication" class="net.sf.acegisecurity.MockAuthenticationManager"/>
<bean id="accessDecision" class="net.sf.acegisecurity.MockAccessDecisionManager"/>
<bean id="runAs" class="net.sf.acegisecurity.MockRunAsManager"/>
<bean id="attributes" class="net.sf.acegisecurity.intercept.method.MockAttributes"/>
<bean id="objectDefinitionSource" class="net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<bean id="securityInterceptor" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authentication"/></property>
<property name="accessDecisionManager"><ref local="accessDecision"/></property>
<property name="runAsManager"><ref local="runAs"/></property>
<property name="objectDefinitionSource">
<ref local="objectDefinitionSource"/>
</property>
</bean>
<bean id="realTarget" class="net.sf.acegisecurity.TargetObject"/>
<bean id="target" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.ITargetObject</value></property>
<property name="interceptorNames">
<list>
<idref local="securityInterceptor"/>
<idref local="realTarget"/>
</list>
</property>
</bean>
<bean id="loggerListener" class="net.sf.acegisecurity.intercept.event.LoggerListener"/>
</beans>