Added extra 'manual' security interceptor config

2009-07-29 16:08:04 +00:00 · 2009-07-29 16:08:04 +00:00 · 5d5df0c63d
parent 68364f06a2
commit 5d5df0c63d
1 changed files with 56 additions and 13 deletions
--- a/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
+++ b/config/src/test/java/org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorWithAopConfigTests.java
@ -1,5 +1,7 @@
 package org.springframework.security.intercept.method.aopalliance;

+import static org.junit.Assert.*;
+
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@ -10,7 +12,7 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.core.context.SecurityContextHolder;

 /**
- * Tests for SEC-428.
+ * Tests for SEC-428 (and SEC-1204).
 *
 * @author Luke Taylor
 * @author Ben Alex
@ -31,6 +33,18 @@ public class MethodSecurityInterceptorWithAopConfigTests {
        "   </b:property>" +
        "</b:bean>";

+    static final String TARGET_BEAN_AND_INTERCEPTOR =
+        "<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
+        "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
+        "     <b:property name='securityMetadataSource'>" +
+        "       <b:value>" +
+                    "org.springframework.security.ITargetObject.makeLower*=ROLE_A\n" +
+                    "org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" +
+                    "org.springframework.security.ITargetObject.computeHashCode*=ROLE_B\n" +
+        "       </b:value>" +
+        "     </b:property>" +
+        "</b:bean>";
+
    private AbstractXmlApplicationContext appContext;

    @Before
@ -50,24 +64,53 @@ public class MethodSecurityInterceptorWithAopConfigTests {
    @Test(expected=AuthenticationCredentialsNotFoundException.class)
    public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
        setContext(
-                "<aop:config proxy-target-class=\"true\">" +
+                "<aop:config>" +
                "     <aop:pointcut id='targetMethods' expression='execution(* org.springframework.security.TargetObject.*(..))'/>" +
                "     <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" +
                "</aop:config>" +
-                "<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
-                "<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
-                "     <b:property name='securityMetadataSource'>" +
-                "       <b:value>" +
-                            "org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +
-                            "org.springframework.security.TargetObject.makeUpper*=ROLE_A\n" +
-                            "org.springframework.security.TargetObject.computeHashCode*=ROLE_B\n" +
-                "       </b:value>" +
-                "     </b:property>" +
-                "</b:bean>" +
+                TARGET_BEAN_AND_INTERCEPTOR +
                AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);

        ITargetObject target = (ITargetObject) appContext.getBean("target");
-        target.makeLowerCase("TEST");
+
+        // Check both against interface and class
+        try {
+            target.makeLowerCase("TEST");
+            fail("AuthenticationCredentialsNotFoundException expected");
+        } catch (AuthenticationCredentialsNotFoundException expected) {
+        }
+
+        target.makeUpperCase("test");
+    }
+
+    @Test(expected=AuthenticationCredentialsNotFoundException.class)
+    public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
+        setContext(
+                "<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>" +
+                "   <b:property name='interceptorNames'>" +
+                "       <b:list>" +
+                "          <b:value>securityInterceptor</b:value>" +
+                "       </b:list>" +
+                "   </b:property>" +
+                "   <b:property name='beanNames'>" +
+                "       <b:list>" +
+                "          <b:value>target</b:value>" +
+                "       </b:list>" +
+                "   </b:property>" +
+                "   <b:property name='proxyTargetClass' value='false'/>" +
+                "</b:bean>" +
+                TARGET_BEAN_AND_INTERCEPTOR +
+                AUTH_PROVIDER_XML + ACCESS_MANAGER_XML);
+
+        ITargetObject target = (ITargetObject) appContext.getBean("target");
+
+        try {
+            target.makeLowerCase("TEST");
+            fail("AuthenticationCredentialsNotFoundException expected");
+        } catch (AuthenticationCredentialsNotFoundException expected) {
+        }
+
+        target.makeUpperCase("test");

    }