SEC-1034: Fix broken tests.
This commit is contained in:
Luke Taylor
parent
ae05e74085
commit
648ba1c43a
|
|
@ -15,11 +15,31 @@
|
|||
|
||||
package org.springframework.security.intercept.web;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsername;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.jmock.Expectations;
|
||||
import org.jmock.Mockery;
|
||||
import org.jmock.integration.junit4.JUnit4Mockery;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationManager;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.security.RunAsManager;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.security.util.FilterInvocationUtils;
|
||||
|
|
@ -34,62 +54,70 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
|
|||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
*/
|
||||
public class WebInvocationPrivilegeEvaluatorTests extends TestCase {
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public WebInvocationPrivilegeEvaluatorTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public WebInvocationPrivilegeEvaluatorTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
public class WebInvocationPrivilegeEvaluatorTests {
|
||||
private Mockery jmock = new JUnit4Mockery();
|
||||
private AuthenticationManager am;
|
||||
private AccessDecisionManager adm;
|
||||
private FilterInvocationDefinitionSource ods;
|
||||
private RunAsManager ram;
|
||||
private FilterSecurityInterceptor interceptor;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private FilterSecurityInterceptor makeFilterSecurityInterceptor() {
|
||||
ApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/springframework/security/intercept/web/applicationContext.xml");
|
||||
|
||||
return (FilterSecurityInterceptor) context.getBean("securityInterceptor");
|
||||
@Before
|
||||
public final void setUp() throws Exception {
|
||||
interceptor = new FilterSecurityInterceptor();
|
||||
am = jmock.mock(AuthenticationManager.class);
|
||||
ods = jmock.mock(FilterInvocationDefinitionSource.class);
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
ram = jmock.mock(RunAsManager.class);
|
||||
interceptor.setAuthenticationManager(am);
|
||||
interceptor.setObjectDefinitionSource(ods);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setRunAsManager(ram);
|
||||
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
public void testAllowsAccess1() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_INDEX")});
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allowsAccessIfAccessDecisionMangerDoes() throws Exception {
|
||||
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
|
||||
FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
|
||||
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
|
||||
|
||||
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
|
||||
wipe.setSecurityInterceptor(interceptor);
|
||||
wipe.afterPropertiesSet();
|
||||
|
||||
jmock.checking(new Expectations() {{
|
||||
ignoring(ram); ignoring(ods);
|
||||
oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
|
||||
}});
|
||||
|
||||
assertTrue(wipe.isAllowed(fi, token));
|
||||
jmock.assertIsSatisfied();
|
||||
}
|
||||
|
||||
public void testAllowsAccess2() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_USER")});
|
||||
FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
|
||||
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
|
||||
@Test
|
||||
public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
|
||||
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
|
||||
FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
|
||||
|
||||
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
|
||||
wipe.setSecurityInterceptor(interceptor);
|
||||
wipe.afterPropertiesSet();
|
||||
|
||||
assertTrue(wipe.isAllowed(fi, token));
|
||||
}
|
||||
|
||||
public void testDeniesAccess1() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_NOTHING_USEFUL")});
|
||||
FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
|
||||
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
|
||||
|
||||
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
|
||||
wipe.setSecurityInterceptor(interceptor);
|
||||
wipe.afterPropertiesSet();
|
||||
jmock.checking(new Expectations() {{
|
||||
ignoring(ram); ignoring(ods);
|
||||
oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
|
||||
will(throwException(new AccessDeniedException("")));
|
||||
}});
|
||||
|
||||
assertFalse(wipe.isAllowed(fi, token));
|
||||
jmock.assertIsSatisfied();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -85,13 +85,9 @@ public class FilterChainProxyTests {
|
|||
assertFalse(filter.isWasDestroyed());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test(expected=BeanCreationException.class)
|
||||
public void misplacedUniversalPathShouldBeDetected() throws Exception {
|
||||
try {
|
||||
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
|
||||
fail("Expected BeanCreationException");
|
||||
} catch (BeanCreationException expected) {
|
||||
}
|
||||
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -100,12 +96,6 @@ public class FilterChainProxyTests {
|
|||
doNormalOperation(filterChainProxy);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
|
||||
assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void normalOperationWithNewConfig() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
|
||||
<!--
|
||||
* Copyright 2004, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* $Id$
|
||||
-->
|
||||
|
||||
<beans>
|
||||
<bean id="authentication" class="org.springframework.security.MockAuthenticationManager"/>
|
||||
<bean id="accessDecision" class="org.springframework.security.MockAccessDecisionManager"/>
|
||||
<bean id="runAs" class="org.springframework.security.MockRunAsManager"/>
|
||||
|
||||
<bean id="securityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
|
||||
<property name="authenticationManager"><ref local="authentication"/></property>
|
||||
<property name="accessDecisionManager"><ref local="accessDecision"/></property>
|
||||
<property name="runAsManager"><ref local="runAs"/></property>
|
||||
<property name="objectDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/foo/index.jsp=MOCK_INDEX
|
||||
/hello.htm=MOCK_HELLO
|
||||
/**=MOCK_USER
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
|
@ -42,28 +42,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
|
|||
<bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
|
||||
|
||||
<bean id="filterChain" class="org.springframework.security.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/foo/**=mockFilter
|
||||
/some/other/path/**=mockFilter
|
||||
/do/not/filter=#NONE#
|
||||
</value>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="filterChainNonLowerCase" class="org.springframework.security.util.FilterChainProxy">
|
||||
<property name="filterInvocationDefinitionSource">
|
||||
<value>
|
||||
PATTERN_TYPE_APACHE_ANT
|
||||
/foo/**=mockFilter
|
||||
/SOME/other/path/**=sif,mockFilter,mockFilter2
|
||||
/do/not/filter=#NONE#
|
||||
</value>
|
||||
</property>
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
|
||||
<sec:filter-chain pattern="/do/not/filter" filters="none"/>
|
||||
</sec:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
|
||||
<bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
|
||||
<sec:filter-chain-map path-type="ant">
|
||||
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue