From 59db9413aaf6c5cc7291adb08ca710df0d5bb82f Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Thu, 14 Apr 2016 12:11:40 -0500
Subject: [PATCH] Add SpEL Bean reference test (#3815)

Issue gh-3797
---
 ...balMethodSecurityConfigurationTests.groovy | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy
index 550c76fd4e..45ce672c63 100644
--- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy
@@ -21,6 +21,7 @@ import org.junit.After;
 import org.springframework.beans.BeansException
 import org.springframework.beans.factory.config.BeanPostProcessor
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter
+import org.springframework.security.config.annotation.method.configuration.NamespaceGlobalMethodSecurityTests.BaseMethodConfig;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 
 import javax.sql.DataSource
@@ -428,4 +429,45 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
 			auth.inMemoryAuthentication()
 		}
 	}
+
+	// gh-3797
+	def preAuthorizeBeanSpel() {
+		setup:
+			SecurityContextHolder.getContext().setAuthentication(
+				new TestingAuthenticationToken("user", "password","ROLE_USER"))
+			context = new AnnotationConfigApplicationContext(PreAuthorizeBeanSpelConfig)
+			BeanSpelService service = context.getBean(BeanSpelService)
+		when:
+			service.run(true)
+		then:
+			noExceptionThrown()
+		when:
+			service.run(false)
+		then:
+			thrown(AccessDeniedException)
+	}
+
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
+	@Configuration
+	public static class PreAuthorizeBeanSpelConfig extends BaseMethodConfig {
+		@Bean
+		BeanSpelService service() {
+			return new BeanSpelService();
+		}
+		@Bean
+		BeanSpelSecurity security() {
+			return new BeanSpelSecurity();
+		}
+	}
+
+	static class BeanSpelService {
+		@PreAuthorize("@security.check(#arg)")
+		void run(boolean arg) {}
+	}
+
+	static class BeanSpelSecurity {
+		public boolean check(boolean arg) {
+			return arg;
+		}
+	}
 }