mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-26 13:53:14 +00:00
SEC-1354: Added integration tests for combinations of @PreAuthorize and @Secured annotations.
This commit is contained in:
Luke Taylor
parent
846aa40a7b
commit
4e4242d010
@ -0,0 +1,24 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
||||
/**
|
||||
* Allows testing mixing of different annotation types
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public interface MultiAnnotationService {
|
||||
|
||||
@PreAuthorize("denyAll")
|
||||
void preAuthorizeDenyAllMethod();
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_A')")
|
||||
void preAuthorizeHasRoleAMethod();
|
||||
|
||||
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
|
||||
void securedAnonymousMethod();
|
||||
|
||||
@Secured("ROLE_A")
|
||||
void securedRoleAMethod();
|
||||
}
|
||||
@ -0,0 +1,17 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
public class MultiAnnotationServiceImpl implements MultiAnnotationService {
|
||||
|
||||
public void preAuthorizeDenyAllMethod() {
|
||||
}
|
||||
|
||||
public void preAuthorizeHasRoleAMethod() {
|
||||
}
|
||||
|
||||
public void securedAnonymousMethod() {
|
||||
}
|
||||
|
||||
public void securedRoleAMethod() {
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,13 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public interface PreAuthorizeService {
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_A')")
|
||||
void preAuthorizedMethod();
|
||||
}
|
||||
@ -0,0 +1,9 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class PreAuthorizeServiceImpl implements PreAuthorizeService {
|
||||
public void preAuthorizedMethod() {
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,12 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public interface SecuredService {
|
||||
@Secured("ROLE_A")
|
||||
void securedMethod();
|
||||
}
|
||||
@ -0,0 +1,10 @@
|
||||
package org.springframework.security.integration.multiannotation;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class SecuredServiceImpl implements SecuredService {
|
||||
public void securedMethod() {
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,86 @@
|
||||
package org.springframework.security.integration;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.integration.multiannotation.MultiAnnotationService;
|
||||
import org.springframework.security.integration.multiannotation.PreAuthorizeService;
|
||||
import org.springframework.security.integration.multiannotation.SecuredService;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
@ContextConfiguration(locations={"/multi-sec-annotation-app-context.xml"})
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
public class MultiAnnotationTests {
|
||||
private final TestingAuthenticationToken joe_a = new TestingAuthenticationToken("joe","pass","ROLE_A");
|
||||
private final TestingAuthenticationToken joe_b = new TestingAuthenticationToken("joe","pass","ROLE_B");
|
||||
|
||||
@Autowired
|
||||
MultiAnnotationService service;
|
||||
@Autowired
|
||||
PreAuthorizeService preService;
|
||||
@Autowired
|
||||
SecuredService secService;
|
||||
|
||||
@After
|
||||
@Before
|
||||
public void clearContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void preAuthorizeDeniedIsDenied() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_a);
|
||||
service.preAuthorizeDenyAllMethod();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void preAuthorizeRoleAIsDeniedIfRoleMissing() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_b);
|
||||
service.preAuthorizeHasRoleAMethod();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void preAuthorizeRoleAIsAllowedIfRolePresent() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_a);
|
||||
service.preAuthorizeHasRoleAMethod();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void securedAnonymousIsAllowed() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_a);
|
||||
service.securedAnonymousMethod();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void securedRoleAIsDeniedIfRoleMissing() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_b);
|
||||
service.securedRoleAMethod();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void securedRoleAIsAllowedIfRolePresent() {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_a);
|
||||
service.securedRoleAMethod();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void preAuthorizedOnlyServiceDeniesIfRoleMissing() throws Exception {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_b);
|
||||
preService.preAuthorizedMethod();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void securedOnlyRoleAServiceDeniesIfRoleMissing() throws Exception {
|
||||
SecurityContextHolder.getContext().setAuthentication(joe_b);
|
||||
secService.securedMethod();
|
||||
}
|
||||
}
|
||||
26
itest/context/src/test/resources/multi-sec-annotation-app-context.xml
Executable file
26
itest/context/src/test/resources/multi-sec-annotation-app-context.xml
Executable file
@ -0,0 +1,26 @@
|
||||
<b:beans xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:aop="http://www.springframework.org/schema/aop"
|
||||
xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
|
||||
|
||||
<b:bean class="org.springframework.security.integration.multiannotation.MultiAnnotationServiceImpl"/>
|
||||
<b:bean class="org.springframework.security.integration.multiannotation.PreAuthorizeServiceImpl"/>
|
||||
<b:bean class="org.springframework.security.integration.multiannotation.SecuredServiceImpl"/>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
<user-service>
|
||||
<user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
|
||||
</b:beans>
|
||||
Loading…
x
Reference in New Issue
Block a user