From 6382b6341a9ad4c67f5b616698badcc114694983 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@vmware.com>
Date: Fri, 15 Nov 2013 11:57:47 -0600
Subject: [PATCH] SEC-2355: Add test to validate intercept-url PATCH works

---
 .../http/InterceptUrlConfigTests.groovy       | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/config/src/test/groovy/org/springframework/security/config/http/InterceptUrlConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/InterceptUrlConfigTests.groovy
index c67d2cf61b..4a6e26dd2a 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/InterceptUrlConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/InterceptUrlConfigTests.groovy
@@ -17,7 +17,10 @@ package org.springframework.security.config.http;
 
 
 import java.security.Principal
+
 import javax.servlet.Filter
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.beans.BeansException
 import org.springframework.beans.factory.BeanCreationException
 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer
@@ -98,4 +101,27 @@ class InterceptUrlConfigTests extends AbstractHttpConfigTests {
            attrsPost.size() == 1
            attrsPost.contains(new SecurityConfig("ROLE_USER"))
    }
+
+   def "SEC-2355: intercept-url support patch"() {
+       setup:
+           MockHttpServletRequest request = new MockHttpServletRequest(method:'GET')
+           MockHttpServletResponse response = new MockHttpServletResponse()
+           MockFilterChain chain = new MockFilterChain()
+           xml.http() {
+               'http-basic'()
+               'intercept-url'(pattern: '/**', 'method':'PATCH',access: 'ROLE_ADMIN')
+           }
+           createAppContext()
+       when: 'Method other than PATCH is used'
+           springSecurityFilterChain.doFilter(request,response,chain)
+       then: 'The response is OK'
+           response.status == HttpServletResponse.SC_OK
+       when: 'Method of PATCH is used'
+           request = new MockHttpServletRequest(method:'PATCH')
+           response = new MockHttpServletResponse()
+           chain = new MockFilterChain()
+           springSecurityFilterChain.doFilter(request, response, chain)
+        then: 'The response is unauthorized'
+            response.status == HttpServletResponse.SC_UNAUTHORIZED
+   }
 }
\ No newline at end of file