Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1034: Fix broken tests.

Browse Source
This commit is contained in:
Luke Taylor 2008-11-13 08:57:43 +00:00
parent ae05e74085
commit 648ba1c43a
4 changed files with 72 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
core/src/test/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluatorTests.java
View File

@ -15,11 +15,31 @@
package org.springframework.security.intercept.web; package org.springframework.security.intercept.web;
import static org.junit.Assert.*;
import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsername;
import java.util.List;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.integration.junit4.JUnit4Mockery;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockApplicationEventPublisher;
import org.springframework.security.RunAsManager;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.FilterInvocationUtils; import org.springframework.security.util.FilterInvocationUtils;
@ -34,62 +54,70 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$
*/ */
public class WebInvocationPrivilegeEvaluatorTests extends TestCase { public class WebInvocationPrivilegeEvaluatorTests {
//~ Constructors =================================================================================================== private Mockery jmock = new JUnit4Mockery();
private AuthenticationManager am;
public WebInvocationPrivilegeEvaluatorTests() { private AccessDecisionManager adm;
super(); private FilterInvocationDefinitionSource ods;
} private RunAsManager ram;
private FilterSecurityInterceptor interceptor;
public WebInvocationPrivilegeEvaluatorTests(String arg0) {
super(arg0);
}
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private FilterSecurityInterceptor makeFilterSecurityInterceptor() { @Before
ApplicationContext context = new ClassPathXmlApplicationContext( public final void setUp() throws Exception {
"org/springframework/security/intercept/web/applicationContext.xml"); interceptor = new FilterSecurityInterceptor();
am = jmock.mock(AuthenticationManager.class);
return (FilterSecurityInterceptor) context.getBean("securityInterceptor"); ods = jmock.mock(FilterInvocationDefinitionSource.class);
adm = jmock.mock(AccessDecisionManager.class);
ram = jmock.mock(RunAsManager.class);
interceptor.setAuthenticationManager(am);
interceptor.setObjectDefinitionSource(ods);
interceptor.setAccessDecisionManager(adm);
interceptor.setRunAsManager(ram);
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
SecurityContextHolder.clearContext();
} }
public void testAllowsAccess1() throws Exception { @After
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", public void tearDown() throws Exception {
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_INDEX")}); SecurityContextHolder.clearContext();
}
@Test
public void allowsAccessIfAccessDecisionMangerDoes() throws Exception {
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp"); FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator(); WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
wipe.setSecurityInterceptor(interceptor); wipe.setSecurityInterceptor(interceptor);
wipe.afterPropertiesSet(); wipe.afterPropertiesSet();
jmock.checking(new Expectations() {{
ignoring(ram); ignoring(ods);
oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
}});
assertTrue(wipe.isAllowed(fi, token)); assertTrue(wipe.isAllowed(fi, token));
jmock.assertIsSatisfied();
} }
public void testAllowsAccess2() throws Exception { @Test
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_USER")}); Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp"); FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator(); WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
wipe.setSecurityInterceptor(interceptor); wipe.setSecurityInterceptor(interceptor);
wipe.afterPropertiesSet(); wipe.afterPropertiesSet();
assertTrue(wipe.isAllowed(fi, token)); jmock.checking(new Expectations() {{
} ignoring(ram); ignoring(ods);
oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
public void testDeniesAccess1() throws Exception { will(throwException(new AccessDeniedException("")));
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", }});
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_NOTHING_USEFUL")});
FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
wipe.setSecurityInterceptor(interceptor);
wipe.afterPropertiesSet();
assertFalse(wipe.isAllowed(fi, token)); assertFalse(wipe.isAllowed(fi, token));
jmock.assertIsSatisfied();
} }
} }

14
core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
View File

@ -85,13 +85,9 @@ public class FilterChainProxyTests {
assertFalse(filter.isWasDestroyed()); assertFalse(filter.isWasDestroyed());
} }
@Test @Test(expected=BeanCreationException.class)
public void misplacedUniversalPathShouldBeDetected() throws Exception { public void misplacedUniversalPathShouldBeDetected() throws Exception {
try { appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
fail("Expected BeanCreationException");
} catch (BeanCreationException expected) {
}
} }
@Test @Test
@ -100,12 +96,6 @@ public class FilterChainProxyTests {
doNormalOperation(filterChainProxy); doNormalOperation(filterChainProxy);
} }
@Test
public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
}
@Test @Test
public void normalOperationWithNewConfig() throws Exception { public void normalOperationWithNewConfig() throws Exception {
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class); FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);

41
core/src/test/resources/org/springframework/security/intercept/web/applicationContext.xml
View File

@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* $Id$
-->
<beans>
<bean id="authentication" class="org.springframework.security.MockAuthenticationManager"/>
<bean id="accessDecision" class="org.springframework.security.MockAccessDecisionManager"/>
<bean id="runAs" class="org.springframework.security.MockRunAsManager"/>
<bean id="securityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref local="authentication"/></property>
<property name="accessDecisionManager"><ref local="accessDecision"/></property>
<property name="runAsManager"><ref local="runAs"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/foo/index.jsp=MOCK_INDEX
/hello.htm=MOCK_HELLO
/**=MOCK_USER
</value>
</property>
</bean>
</beans>

26
core/src/test/resources/org/springframework/security/util/filtertest-valid.xml
View File

@ -42,28 +42,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
<bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/> <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
<bean id="filterChain" class="org.springframework.security.util.FilterChainProxy"> <bean id="filterChain" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource"> <sec:filter-chain-map path-type="ant">
<value> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
PATTERN_TYPE_APACHE_ANT <sec:filter-chain pattern="/do/not/filter" filters="none"/>
/foo/**=mockFilter </sec:filter-chain-map>
/some/other/path/**=mockFilter
/do/not/filter=#NONE#
</value>
</property>
</bean>
<bean id="filterChainNonLowerCase" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/foo/**=mockFilter
/SOME/other/path/**=sif,mockFilter,mockFilter2
/do/not/filter=#NONE#
</value>
</property>
</bean> </bean>
<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
<bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map path-type="ant"> <sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/> <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>