SEC-1034: Fix broken tests.

2008-11-13 08:57:43 +00:00 · 2008-11-13 08:57:43 +00:00 · 648ba1c43a
parent ae05e74085
commit 648ba1c43a
4 changed files with 72 additions and 109 deletions
--- a/core/src/test/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluatorTests.java
+++ b/core/src/test/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluatorTests.java
@ -15,11 +15,31 @@

 package org.springframework.security.intercept.web;

+import static org.junit.Assert.*;
+import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsername;
+
+import java.util.List;
+
 import junit.framework.TestCase;

+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.jmock.integration.junit4.JUnit4Mockery;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.AccessDecisionManager;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.MockApplicationEventPublisher;
+import org.springframework.security.RunAsManager;
+import org.springframework.security.ConfigAttribute;

+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

 import org.springframework.security.util.FilterInvocationUtils;
@ -34,62 +54,70 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
 * @author Ben Alex
 * @version $Id$
 */
-public class WebInvocationPrivilegeEvaluatorTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public WebInvocationPrivilegeEvaluatorTests() {
-        super();
-    }
-
-    public WebInvocationPrivilegeEvaluatorTests(String arg0) {
-        super(arg0);
-    }
+public class WebInvocationPrivilegeEvaluatorTests {
+    private Mockery jmock = new JUnit4Mockery();
+    private AuthenticationManager am;
+    private AccessDecisionManager adm;
+    private FilterInvocationDefinitionSource ods;
+    private RunAsManager ram;
+    private FilterSecurityInterceptor interceptor;

    //~ Methods ========================================================================================================

-    private FilterSecurityInterceptor makeFilterSecurityInterceptor() {
-        ApplicationContext context = new ClassPathXmlApplicationContext(
-                "org/springframework/security/intercept/web/applicationContext.xml");
-
-        return (FilterSecurityInterceptor) context.getBean("securityInterceptor");
+    @Before
+    public final void setUp() throws Exception {
+        interceptor = new FilterSecurityInterceptor();
+        am = jmock.mock(AuthenticationManager.class);
+        ods = jmock.mock(FilterInvocationDefinitionSource.class);
+        adm = jmock.mock(AccessDecisionManager.class);
+        ram = jmock.mock(RunAsManager.class);
+        interceptor.setAuthenticationManager(am);
+        interceptor.setObjectDefinitionSource(ods);
+        interceptor.setAccessDecisionManager(adm);
+        interceptor.setRunAsManager(ram);
+        interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
+        SecurityContextHolder.clearContext();
    }

-    public void testAllowsAccess1() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_INDEX")});
+    @After
+    public void tearDown() throws Exception {
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test
+    public void allowsAccessIfAccessDecisionMangerDoes() throws Exception {
+        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
        FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();

        WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
        wipe.setSecurityInterceptor(interceptor);
        wipe.afterPropertiesSet();

+        jmock.checking(new Expectations() {{
+            ignoring(ram); ignoring(ods);
+            oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
+        }});
+
        assertTrue(wipe.isAllowed(fi, token));
+        jmock.assertIsSatisfied();
    }

-    public void testAllowsAccess2() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_USER")});
-        FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
+    @Test
+    public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
+        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
+        FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");

        WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
        wipe.setSecurityInterceptor(interceptor);
        wipe.afterPropertiesSet();

-        assertTrue(wipe.isAllowed(fi, token));
-    }
-
-    public void testDeniesAccess1() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_NOTHING_USEFUL")});
-        FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
-
-        WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
-        wipe.setSecurityInterceptor(interceptor);
-        wipe.afterPropertiesSet();
+        jmock.checking(new Expectations() {{
+            ignoring(ram); ignoring(ods);
+            oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
+                will(throwException(new AccessDeniedException("")));
+        }});

        assertFalse(wipe.isAllowed(fi, token));
+        jmock.assertIsSatisfied();
    }
 }
--- a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
+++ b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java
@ -85,13 +85,9 @@ public class FilterChainProxyTests {
        assertFalse(filter.isWasDestroyed());
    }

-    @Test
+    @Test(expected=BeanCreationException.class)
    public void misplacedUniversalPathShouldBeDetected() throws Exception {
-        try {
-            appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
-            fail("Expected BeanCreationException");
-        } catch (BeanCreationException expected) {
-        }
+        appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
    }

    @Test
@ -100,12 +96,6 @@ public class FilterChainProxyTests {
        doNormalOperation(filterChainProxy);
    }

-    @Test
-    public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
-        FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
-        assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
-    }
-
    @Test
    public void normalOperationWithNewConfig() throws Exception {
        FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);
--- a/core/src/test/resources/org/springframework/security/intercept/web/applicationContext.xml
+++ b/core/src/test/resources/org/springframework/security/intercept/web/applicationContext.xml
@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- * Copyright 2004, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * $Id$
-->
-
-<beans>
-	<bean id="authentication" class="org.springframework.security.MockAuthenticationManager"/>
-	<bean id="accessDecision" class="org.springframework.security.MockAccessDecisionManager"/>
-	<bean id="runAs" class="org.springframework.security.MockRunAsManager"/>
-
-	<bean id="securityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
-		<property name="authenticationManager"><ref local="authentication"/></property>
-		<property name="accessDecisionManager"><ref local="accessDecision"/></property>
-		<property name="runAsManager"><ref local="runAs"/></property>
-		<property name="objectDefinitionSource">
-        	<value>
-			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-			    PATTERN_TYPE_APACHE_ANT
-			    /foo/index.jsp=MOCK_INDEX
-			    /hello.htm=MOCK_HELLO
-				/**=MOCK_USER
-        	</value>
-		</property>
-	</bean>
-
-</beans>
--- a/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml
+++ b/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml
@ -42,28 +42,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
    <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>

    <bean id="filterChain" class="org.springframework.security.util.FilterChainProxy">
-      <property name="filterInvocationDefinitionSource">
-         <value>
-            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-            PATTERN_TYPE_APACHE_ANT
-            /foo/**=mockFilter
-            /some/other/path/**=mockFilter
-            /do/not/filter=#NONE#
-         </value>
-      </property>
-    </bean>
-
-    <bean id="filterChainNonLowerCase" class="org.springframework.security.util.FilterChainProxy">
-      <property name="filterInvocationDefinitionSource">
-         <value>
-            PATTERN_TYPE_APACHE_ANT
-            /foo/**=mockFilter
-            /SOME/other/path/**=sif,mockFilter,mockFilter2
-            /do/not/filter=#NONE#
-         </value>
-      </property>
+        <sec:filter-chain-map path-type="ant">
+            <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
+            <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
+            <sec:filter-chain pattern="/do/not/filter" filters="none"/>
+        </sec:filter-chain-map>
    </bean>

+<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
    <bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
        <sec:filter-chain-map path-type="ant">
            <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>