Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2714: Add AuthenticationPrincipal resolver for messaging support

This commit is contained in:
Rob Winch 2014-09-23 16:28:48 -05:00
parent d2fa019fe5
commit 5ba8f000a7
13 changed files with 744 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build.gradle
View File

@ -25,7 +25,7 @@ allprojects {
ext.releaseBuild = version.endsWith('RELEASE')
ext.snapshotBuild = version.endsWith('SNAPSHOT')
ext.springVersion = '4.1.0.RC2'
ext.springVersion = '4.1.1.BUILD-SNAPSHOT'
ext.springLdapVersion = '2.0.1.RELEASE'
group = 'org.springframework.security'

4
config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
View File

@ -20,7 +20,7 @@ import java.util.List;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver;
import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@ -43,9 +43,11 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
public class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {
@Override
@SuppressWarnings("deprecation")
public void addArgumentResolvers(
List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(new AuthenticationPrincipalArgumentResolver());
argumentResolvers.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
}
@Bean

9
config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.socket;
import org.springframework.context.annotation.Bean;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver;
import org.springframework.messaging.simp.config.ChannelRegistration;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AffirmativeBased;
@ -25,6 +26,7 @@ import org.springframework.security.config.annotation.web.messaging.MessageSecur
import org.springframework.security.messaging.access.expression.MessageExpressionVoter;
import org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor;
import org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource;
import org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver;
import org.springframework.security.messaging.context.SecurityContextChannelInterceptor;
import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
@ -62,6 +64,13 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
public final void registerStompEndpoints(StompEndpointRegistry registry) {}
@Override
public void addArgumentResolvers(
List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(new AuthenticationPrincipalArgumentResolver());
}
@Override
public final void configureClientInboundChannel(ChannelRegistration registration) {
ChannelSecurityInterceptor inboundChannelSecurity = inboundChannelSecurity();

2
core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
View File

@ -23,7 +23,7 @@ public class SpringSecurityCoreVersion {
*/
public static final long SERIAL_VERSION_UID = 400L;
static final String MIN_SPRING_VERSION = "4.1.0.RC2";
static final String MIN_SPRING_VERSION = "4.1.1.BUILD-SNAPSHOT";
static {
performVersionChecks();

49
core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.core.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.security.core.Authentication;
/**
* Annotation that is used to resolve
* {@link Authentication#getPrincipal()} to a method argument.
*
* @author Rob Winch
* @since 4.0
*
* @see AuthenticationPrincipalArgumentResolver
*/
@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface AuthenticationPrincipal {
/**
* True if a {@link ClassCastException} should be thrown
* when the current {@link Authentication#getPrincipal()} is the incorrect
* type. Default is false.
*
* @return
*/
boolean errorOnInvalidType() default false;
}

134
messaging/src/main/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolver.java Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.messaging.context;
import java.lang.annotation.Annotation;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.messaging.Message;
import org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
/**
* Allows resolving the {@link Authentication#getPrincipal()} using the
* {@link AuthenticationPrincipal} annotation. For example, the following
* {@link Controller}:
*
* <pre>
* @Controller
* public class MyController {
* @MessageMapping("/im")
* public void im(@AuthenticationPrincipal CustomUser customUser) {
* // do something with CustomUser
* }
* </pre>
*
* <p>
* Will resolve the CustomUser argument using
* {@link Authentication#getPrincipal()} from the {@link SecurityContextHolder}.
* If the {@link Authentication} or {@link Authentication#getPrincipal()} is
* null, it will return null. If the types do not match, null will be returned
* unless {@link AuthenticationPrincipal#errorOnInvalidType()} is true in which
* case a {@link ClassCastException} will be thrown.
* </p>
*
* <p>
* Alternatively, users can create a custom meta annotation as shown below:
* </p>
*
* <pre>
* &#064;Target({ ElementType.PARAMETER })
* &#064;Retention(RetentionPolicy.RUNTIME)
* &#064;AuthenticationPrincipal
* public @interface CurrentUser {
* }
* </pre>
*
* <p>
* The custom annotation can then be used instead. For example:
* </p>
*
* <pre>
* @Controller
* public class MyController {
* @MessageMapping("/im")
* public void im(@CurrentUser CustomUser customUser) {
* // do something with CustomUser
* }
* </pre>
*
* @author Rob Winch
* @since 4.0
*/
public final class AuthenticationPrincipalArgumentResolver implements
HandlerMethodArgumentResolver {
/*
* (non-Javadoc)
* @see org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver#supportsParameter(org.springframework.core.MethodParameter)
*/
public boolean supportsParameter(MethodParameter parameter) {
return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
}
/*
* (non-Javadoc)
* @see org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver#resolveArgument(org.springframework.core.MethodParameter, org.springframework.messaging.Message)
*/
public Object resolveArgument(MethodParameter parameter, Message<?> message) throws Exception {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if(authentication == null) {
return null;
}
Object principal = authentication.getPrincipal();
if(principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
if(authPrincipal.errorOnInvalidType()) {
throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
} else {
return null;
}
}
return principal;
}
/**
* Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
*
* @param annotationClass the class of the {@link Annotation} to find on the {@link MethodParameter}
* @param parameter the {@link MethodParameter} to search for an {@link Annotation}
* @return the {@link Annotation} that was found or null.
*/
private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
T annotation = parameter.getParameterAnnotation(annotationClass);
if(annotation != null) {
return annotation;
}
Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
for(Annotation toSearch : annotationsToSearch) {
annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
if(annotation != null) {
return annotation;
}
}
return null;
}
}

202
messaging/src/test/java/org/springframework/security/messaging/context/AuthenticationPrincipalArgumentResolverTests.java Normal file
View File

@ -0,0 +1,202 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.messaging.context;
import static org.fest.assertions.Assertions.assertThat;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Method;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.MethodParameter;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.ReflectionUtils;
/**
* @author Rob Winch
*
*/
public class AuthenticationPrincipalArgumentResolverTests {
private Object expectedPrincipal;
private AuthenticationPrincipalArgumentResolver resolver;
@Before
public void setup() {
resolver = new AuthenticationPrincipalArgumentResolver();
}
@After
public void cleanup() {
SecurityContextHolder.clearContext();
}
@Test
public void supportsParameterNoAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserNoAnnotation())).isFalse();
}
@Test
public void supportsParameterAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserAnnotationObject())).isTrue();
}
@Test
public void supportsParameterCustomAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
}
@Test
public void resolveArgumentNullAuthentication() throws Exception {
assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
}
@Test
public void resolveArgumentNullPrincipal() throws Exception {
setAuthenticationPrincipal(null);
assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
}
@Test
public void resolveArgumentString() throws Exception {
setAuthenticationPrincipal("john");
assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentPrincipalStringOnObject() throws Exception {
setAuthenticationPrincipal("john");
assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentUserDetails() throws Exception {
setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentCustomUserPrincipal() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentCustomAnnotation() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentNullOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserAnnotationString(), null)).isNull();
}
@Test(expected = ClassCastException.class)
public void resolveArgumentErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null);
}
@Test(expected = ClassCastException.class)
public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null);
}
@Test
public void resolveArgumentObject() throws Exception {
setAuthenticationPrincipal(new Object());
assertThat(resolver.resolveArgument(showUserAnnotationObject(), null)).isEqualTo(expectedPrincipal);
}
private MethodParameter showUserNoAnnotation() {
return getMethodParameter("showUserNoAnnotation", String.class);
}
private MethodParameter showUserAnnotationString() {
return getMethodParameter("showUserAnnotation", String.class);
}
private MethodParameter showUserAnnotationErrorOnInvalidType() {
return getMethodParameter("showUserAnnotationErrorOnInvalidType", String.class);
}
private MethodParameter showUserAnnotationCurrentUserErrorOnInvalidType() {
return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType", String.class);
}
private MethodParameter showUserAnnotationUserDetails() {
return getMethodParameter("showUserAnnotation", UserDetails.class);
}
private MethodParameter showUserAnnotationCustomUserPrincipal() {
return getMethodParameter("showUserAnnotation", CustomUserPrincipal.class);
}
private MethodParameter showUserCustomAnnotation() {
return getMethodParameter("showUserCustomAnnotation", CustomUserPrincipal.class);
}
private MethodParameter showUserAnnotationObject() {
return getMethodParameter("showUserAnnotation", Object.class);
}
private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
Method method = ReflectionUtils.findMethod(TestController.class, methodName,paramTypes);
return new MethodParameter(method,0);
}
@Target({ ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@AuthenticationPrincipal
static @interface CurrentUser { }
@Target({ ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@AuthenticationPrincipal(errorOnInvalidType = true)
static @interface CurrentUserErrorOnInvalidType { }
public static class TestController {
public void showUserNoAnnotation(String user) {}
public void showUserAnnotation(@AuthenticationPrincipal String user) {}
public void showUserAnnotationErrorOnInvalidType(@AuthenticationPrincipal(errorOnInvalidType=true) String user) {}
public void showUserAnnotationCurrentUserErrorOnInvalidType(@CurrentUserErrorOnInvalidType String user) {}
public void showUserAnnotation(@AuthenticationPrincipal UserDetails user) {}
public void showUserAnnotation(@AuthenticationPrincipal CustomUserPrincipal user) {}
public void showUserCustomAnnotation(@CurrentUser CustomUserPrincipal user) {}
public void showUserAnnotation(@AuthenticationPrincipal Object user) {}
}
private static class CustomUserPrincipal {}
private void setAuthenticationPrincipal(Object principal) {
this.expectedPrincipal = principal;
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
}
}

1
test/src/main/java/org/springframework/security/test/web/servlet/setup/SecurityMockMvcConfigurer.java
View File

@ -19,7 +19,6 @@ import org.springframework.security.config.BeanIds;
import org.springframework.test.web.servlet.request.RequestPostProcessor;
import org.springframework.test.web.servlet.setup.ConfigurableMockMvcBuilder;
import org.springframework.test.web.servlet.setup.MockMvcConfigurerAdapter;
import org.springframework.util.Assert;
import org.springframework.web.context.WebApplicationContext;
import javax.servlet.Filter;

2
web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java
View File

@ -29,6 +29,8 @@ import org.springframework.security.core.Authentication;
* argument should be resolved to the current user rather than a user that might
* be edited on a form.
*
* @deprecated Use org.springframework.security.core.annotation.AuthenticationPrincipal instead
*
* @author Rob Winch
* @since 3.2
*/

3
web/src/main/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolver.java
View File

@ -79,9 +79,12 @@ import org.springframework.web.method.support.ModelAndViewContainer;
* }
* </pre>
*
* @deprecated use org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
*
* @author Rob Winch
* @since 3.2
*/
@Deprecated
public final class AuthenticationPrincipalArgumentResolver implements
HandlerMethodArgumentResolver {

137
web/src/main/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolver.java Normal file
View File

@ -0,0 +1,137 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.method.annotation;
import java.lang.annotation.Annotation;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
/**
* Allows resolving the {@link Authentication#getPrincipal()} using the
* {@link AuthenticationPrincipal} annotation. For example, the following
* {@link Controller}:
*
* <pre>
* @Controller
* public class MyController {
* @MessageMapping("/im")
* public void im(@AuthenticationPrincipal CustomUser customUser) {
* // do something with CustomUser
* }
* </pre>
*
* <p>
* Will resolve the CustomUser argument using
* {@link Authentication#getPrincipal()} from the {@link SecurityContextHolder}.
* If the {@link Authentication} or {@link Authentication#getPrincipal()} is
* null, it will return null. If the types do not match, null will be returned
* unless {@link AuthenticationPrincipal#errorOnInvalidType()} is true in which
* case a {@link ClassCastException} will be thrown.
* </p>
*
* <p>
* Alternatively, users can create a custom meta annotation as shown below:
* </p>
*
* <pre>
* &#064;Target({ ElementType.PARAMETER })
* &#064;Retention(RetentionPolicy.RUNTIME)
* &#064;AuthenticationPrincipal
* public @interface CurrentUser {
* }
* </pre>
*
* <p>
* The custom annotation can then be used instead. For example:
* </p>
*
* <pre>
* @Controller
* public class MyController {
* @MessageMapping("/im")
* public void im(@CurrentUser CustomUser customUser) {
* // do something with CustomUser
* }
* </pre>
*
* @author Rob Winch
* @since 4.0
*/
public final class AuthenticationPrincipalArgumentResolver implements
HandlerMethodArgumentResolver {
/* (non-Javadoc)
* @see org.springframework.web.method.support.HandlerMethodArgumentResolver#supportsParameter(org.springframework.core.MethodParameter)
*/
public boolean supportsParameter(MethodParameter parameter) {
return findMethodAnnotation(AuthenticationPrincipal.class, parameter) != null;
}
/* (non-Javadoc)
* @see org.springframework.web.method.support.HandlerMethodArgumentResolver#resolveArgument(org.springframework.core.MethodParameter, org.springframework.web.method.support.ModelAndViewContainer, org.springframework.web.context.request.NativeWebRequest, org.springframework.web.bind.support.WebDataBinderFactory)
*/
public Object resolveArgument(MethodParameter parameter,
ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
WebDataBinderFactory binderFactory) throws Exception {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if(authentication == null) {
return null;
}
Object principal = authentication.getPrincipal();
if(principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
AuthenticationPrincipal authPrincipal = findMethodAnnotation(AuthenticationPrincipal.class, parameter);
if(authPrincipal.errorOnInvalidType()) {
throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
} else {
return null;
}
}
return principal;
}
/**
* Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
*
* @param annotationClass the class of the {@link Annotation} to find on the {@link MethodParameter}
* @param parameter the {@link MethodParameter} to search for an {@link Annotation}
* @return the {@link Annotation} that was found or null.
*/
private <T extends Annotation> T findMethodAnnotation(Class<T> annotationClass, MethodParameter parameter) {
T annotation = parameter.getParameterAnnotation(annotationClass);
if(annotation != null) {
return annotation;
}
Annotation[] annotationsToSearch = parameter.getParameterAnnotations();
for(Annotation toSearch : annotationsToSearch) {
annotation = AnnotationUtils.findAnnotation(toSearch.annotationType(), annotationClass);
if(annotation != null) {
return annotation;
}
}
return null;
}
}

1
web/src/test/java/org/springframework/security/web/bind/support/AuthenticationPrincipalArgumentResolverTests.java
View File

@ -40,6 +40,7 @@ import org.springframework.util.ReflectionUtils;
* @author Rob Winch
*
*/
@SuppressWarnings("deprecation")
public class AuthenticationPrincipalArgumentResolverTests {
private Object expectedPrincipal;
private AuthenticationPrincipalArgumentResolver resolver;

202
web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java Normal file
View File

@ -0,0 +1,202 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.method.annotation;
import static org.fest.assertions.Assertions.assertThat;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Method;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.MethodParameter;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.ReflectionUtils;
/**
* @author Rob Winch
*
*/
public class AuthenticationPrincipalArgumentResolverTests {
private Object expectedPrincipal;
private AuthenticationPrincipalArgumentResolver resolver;
@Before
public void setup() {
resolver = new AuthenticationPrincipalArgumentResolver();
}
@After
public void cleanup() {
SecurityContextHolder.clearContext();
}
@Test
public void supportsParameterNoAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserNoAnnotation())).isFalse();
}
@Test
public void supportsParameterAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserAnnotationObject())).isTrue();
}
@Test
public void supportsParameterCustomAnnotation() throws Exception {
assertThat(resolver.supportsParameter(showUserCustomAnnotation())).isTrue();
}
@Test
public void resolveArgumentNullAuthentication() throws Exception {
assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
}
@Test
public void resolveArgumentNullPrincipal() throws Exception {
setAuthenticationPrincipal(null);
assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
}
@Test
public void resolveArgumentString() throws Exception {
setAuthenticationPrincipal("john");
assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentPrincipalStringOnObject() throws Exception {
setAuthenticationPrincipal("john");
assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentUserDetails() throws Exception {
setAuthenticationPrincipal(new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")));
assertThat(resolver.resolveArgument(showUserAnnotationUserDetails(), null, null, null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentCustomUserPrincipal() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserAnnotationCustomUserPrincipal(), null, null, null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentCustomAnnotation() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserCustomAnnotation(), null, null, null)).isEqualTo(expectedPrincipal);
}
@Test
public void resolveArgumentNullOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
assertThat(resolver.resolveArgument(showUserAnnotationString(), null, null, null)).isNull();
}
@Test(expected = ClassCastException.class)
public void resolveArgumentErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
resolver.resolveArgument(showUserAnnotationErrorOnInvalidType(), null, null, null);
}
@Test(expected = ClassCastException.class)
public void resolveArgumentCustomserErrorOnInvalidType() throws Exception {
setAuthenticationPrincipal(new CustomUserPrincipal());
resolver.resolveArgument(showUserAnnotationCurrentUserErrorOnInvalidType(), null, null, null);
}
@Test
public void resolveArgumentObject() throws Exception {
setAuthenticationPrincipal(new Object());
assertThat(resolver.resolveArgument(showUserAnnotationObject(), null, null, null)).isEqualTo(expectedPrincipal);
}
private MethodParameter showUserNoAnnotation() {
return getMethodParameter("showUserNoAnnotation", String.class);
}
private MethodParameter showUserAnnotationString() {
return getMethodParameter("showUserAnnotation", String.class);
}
private MethodParameter showUserAnnotationErrorOnInvalidType() {
return getMethodParameter("showUserAnnotationErrorOnInvalidType", String.class);
}
private MethodParameter showUserAnnotationCurrentUserErrorOnInvalidType() {
return getMethodParameter("showUserAnnotationCurrentUserErrorOnInvalidType", String.class);
}
private MethodParameter showUserAnnotationUserDetails() {
return getMethodParameter("showUserAnnotation", UserDetails.class);
}
private MethodParameter showUserAnnotationCustomUserPrincipal() {
return getMethodParameter("showUserAnnotation", CustomUserPrincipal.class);
}
private MethodParameter showUserCustomAnnotation() {
return getMethodParameter("showUserCustomAnnotation", CustomUserPrincipal.class);
}
private MethodParameter showUserAnnotationObject() {
return getMethodParameter("showUserAnnotation", Object.class);
}
private MethodParameter getMethodParameter(String methodName, Class<?>... paramTypes) {
Method method = ReflectionUtils.findMethod(TestController.class, methodName,paramTypes);
return new MethodParameter(method,0);
}
@Target({ ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@AuthenticationPrincipal
static @interface CurrentUser { }
@Target({ ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@AuthenticationPrincipal(errorOnInvalidType = true)
static @interface CurrentUserErrorOnInvalidType { }
public static class TestController {
public void showUserNoAnnotation(String user) {}
public void showUserAnnotation(@AuthenticationPrincipal String user) {}
public void showUserAnnotationErrorOnInvalidType(@AuthenticationPrincipal(errorOnInvalidType=true) String user) {}
public void showUserAnnotationCurrentUserErrorOnInvalidType(@CurrentUserErrorOnInvalidType String user) {}
public void showUserAnnotation(@AuthenticationPrincipal UserDetails user) {}
public void showUserAnnotation(@AuthenticationPrincipal CustomUserPrincipal user) {}
public void showUserCustomAnnotation(@CurrentUser CustomUserPrincipal user) {}
public void showUserAnnotation(@AuthenticationPrincipal Object user) {}
}
private static class CustomUserPrincipal {}
private void setAuthenticationPrincipal(Object principal) {
this.expectedPrincipal = principal;
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(expectedPrincipal, "password", "ROLE_USER"));
}
}