Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 23:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

No longer required.

Browse Source
This commit is contained in:
Ben Alex 2004-03-28 11:40:29 +00:00
parent 8808f5e8dd
commit 6c5a5cd311
17 changed files with 0 additions and 1380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
core/src/test/java/org/acegisecurity/attribute/AttributesTests.java
View File

@ -1,149 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MethodDefinitionAttributes;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public class AttributesTests extends TestCase {
//~ Instance fields ========================================================
ClassPathXmlApplicationContext applicationContext;
//~ Constructors ===========================================================
/**
*
*/
public AttributesTests(String a) {
super(a);
}
//~ Methods ================================================================
public void testAttributesForImpl() throws Exception {
ConfigAttributeDefinition def = getConfigAttributeDefinition(TestServiceImpl.class);
Set set = toSet(def);
assertTrue(set.contains(new SecurityConfig("ROLE_INTERFACE")));
assertTrue(set.contains(new SecurityConfig("ROLE_INTERFACE_METHOD")));
assertTrue(set.contains(new SecurityConfig("ROLE_CLASS")));
assertTrue(set.contains(new SecurityConfig("ROLE_CLASS_METHOD")));
}
public void testAttributesForInterface() throws Exception {
ConfigAttributeDefinition def = getConfigAttributeDefinition(TestService.class);
Set set = toSet(def);
System.out.println(set.toString());
assertTrue(set.contains(new SecurityConfig("ROLE_INTERFACE")));
assertTrue(set.contains(new SecurityConfig("ROLE_INTERFACE_METHOD")));
}
public void testInterceptionWithMockAttributesAndSecureContext()
throws Exception {
applicationContext = new ClassPathXmlApplicationContext(
"/net/sf/acegisecurity/attribute/applicationContext.xml");
TestService service = (TestService) applicationContext.getBean(
"testService");
SecureContextImpl context = new SecureContextImpl();
ContextHolder.setContext(context);
Authentication auth;
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_CLASS"), new GrantedAuthorityImpl(
"ROLE_INTERFACE"), new GrantedAuthorityImpl(
"ROLE_CLASS_METHOD"), new GrantedAuthorityImpl(
"ROLE_INTERFACE_METHOD")});
context.setAuthentication(auth);
service.myMethod();
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {});
context.setAuthentication(auth);
try {
service.myMethod();
fail(
"security interceptor should have detected insufficient permissions");
} catch (Exception e) {}
applicationContext.close();
ContextHolder.setContext(null);
}
private ConfigAttributeDefinition getConfigAttributeDefinition(Class clazz)
throws Exception {
final Method method = clazz.getMethod("myMethod", null);
MethodDefinitionAttributes source = new MethodDefinitionAttributes();
source.setAttributes(new TestAttributes());
ConfigAttributeDefinition config = source.getAttributes(new MockMethodInvocation() {
public Method getMethod() {
return method;
}
});
return config;
}
/**
* convert a ConfigAttributeDefinition into a set of
* <code>ConfigAttribute</code>(s)
*
* @param def DOCUMENT ME!
*
* @return
*/
private Set toSet(ConfigAttributeDefinition def) {
Set set = new HashSet();
Iterator i = def.getConfigAttributes();
while (i.hasNext()) {
ConfigAttribute a = (ConfigAttribute) i.next();
set.add(a);
}
return set;
}
}

75
core/src/test/java/org/acegisecurity/attribute/MockAttributes.java
View File

@ -1,75 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
import org.springframework.metadata.Attributes;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collection;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public class MockAttributes implements Attributes {
//~ Methods ================================================================
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.Class, java.lang.Class)
*/
public Collection getAttributes(Class arg0, Class arg1) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.Class)
*/
public Collection getAttributes(Class arg0) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.reflect.Field, java.lang.Class)
*/
public Collection getAttributes(Field arg0, Class arg1) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.reflect.Field)
*/
public Collection getAttributes(Field arg0) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.reflect.Method, java.lang.Class)
*/
public Collection getAttributes(Method arg0, Class arg1) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.springframework.metadata.Attributes#getAttributes(java.lang.reflect.Method)
*/
public Collection getAttributes(Method arg0) {
throw new UnsupportedOperationException("mock method not implemented");
}
}

109
core/src/test/java/org/acegisecurity/attribute/MockMethodInvocation.java
View File

@ -1,109 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
import org.aopalliance.intercept.Invocation;
import org.aopalliance.intercept.MethodInvocation;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public class MockMethodInvocation implements MethodInvocation {
//~ Methods ================================================================
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#setArgument(int, java.lang.Object)
*/
public void setArgument(int arg0, Object arg1) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#getArgument(int)
*/
public Object getArgument(int arg0) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#getArgumentCount()
*/
public int getArgumentCount() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#getArguments()
*/
public Object[] getArguments() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#getAttachment(java.lang.String)
*/
public Object getAttachment(String arg0) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.MethodInvocation#getMethod()
*/
public Method getMethod() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Joinpoint#getStaticPart()
*/
public AccessibleObject getStaticPart() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Joinpoint#getThis()
*/
public Object getThis() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#addAttachment(java.lang.String, java.lang.Object)
*/
public Object addAttachment(String arg0, Object arg1) {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Invocation#cloneInstance()
*/
public Invocation cloneInstance() {
throw new UnsupportedOperationException("mock method not implemented");
}
/* (non-Javadoc)
* @see org.aopalliance.intercept.Joinpoint#proceed()
*/
public Object proceed() throws Throwable {
throw new UnsupportedOperationException("mock method not implemented");
}
}

73
core/src/test/java/org/acegisecurity/attribute/TestAttributes.java
View File

@ -1,73 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
import net.sf.acegisecurity.SecurityConfig;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public class TestAttributes extends MockAttributes {
//~ Instance fields ========================================================
List classAttributes = Arrays.asList(new SecurityConfig[] {new SecurityConfig(
"ROLE_CLASS")});
List classMethodAttributes = Arrays.asList(new SecurityConfig[] {new SecurityConfig(
"ROLE_CLASS_METHOD")});
List intrefaceAttributes = Arrays.asList(new SecurityConfig[] {new SecurityConfig(
"ROLE_INTERFACE")});
List intrefaceMethodAttributes = Arrays.asList(new SecurityConfig[] {new SecurityConfig(
"ROLE_INTERFACE_METHOD")});
//~ Methods ================================================================
public Collection getAttributes(Class clazz) {
// interface
if (clazz.equals(TestServiceImpl.class)) {
return classAttributes;
}
// class
if (clazz.equals(TestService.class)) {
return intrefaceAttributes;
}
return null;
}
public Collection getAttributes(Method method) {
// interface
if (method.getDeclaringClass().equals(TestService.class)) {
return intrefaceMethodAttributes;
}
// class
if (method.getDeclaringClass().equals(TestServiceImpl.class)) {
return classMethodAttributes;
}
return null;
}
}

27
core/src/test/java/org/acegisecurity/attribute/TestService.java
View File

@ -1,27 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public interface TestService {
//~ Methods ================================================================
public abstract void myMethod();
}

27
core/src/test/java/org/acegisecurity/attribute/TestServiceImpl.java
View File

@ -1,27 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.attribute;
/**
* DOCUMENT ME!
*
* @author CameronBraid
*/
public class TestServiceImpl implements TestService {
//~ Methods ================================================================
public void myMethod() {}
}

85
core/src/test/java/org/acegisecurity/attribute/applicationContext.xml
View File

@ -1,85 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
* $Id$
-->
<beans>
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
<!-- RunAsManager -->
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
<!-- This authentication provider accepts any presented TestingAuthenticationToken -->
<bean id="testingAuthenticationProvider" class="net.sf.acegisecurity.providers.TestingAuthenticationProvider"/>
<!-- The authentication manager that iterates through our only authentication provider -->
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="testingAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<!-- An affirmative access decision manager -->
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<!-- ===================== SECURITY DEFINITIONS ======================= -->
<bean id="attributes" class="net.sf.acegisecurity.attribute.TestAttributes"/>
<bean id="methodDefinitionSource" class="net.sf.acegisecurity.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<!-- We don't validate config attributes, as it's unsupported by MethodDefinitionAttributes -->
<bean id="securityInterceptor" class="net.sf.acegisecurity.SecurityInterceptor">
<property name="validateConfigAttributes"><value>false</value></property>
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource"><ref bean="methodDefinitionSource"/></property>
</bean>
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
<bean id="testService" class="net.sf.acegisecurity.attribute.TestServiceImpl"/>
<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<!-- names of the interceptors that will be applied by the proxy -->
<property name="interceptorNames">
<list>
<value>securityInterceptor</value>
</list>
</property>
<!-- the bean names to automatically generate proxies for -->
<property name="beanNames">
<list>
<value>testService</value>
</list>
</property>
</bean>
</beans>

65
core/src/test/java/org/acegisecurity/context/Account.java
View File

@ -1,65 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.context;
/**
* Models a bank account.
*/
public class Account {
//~ Instance fields ========================================================
private Integer id;
private String owningUserName;
private float balance;
//~ Constructors ===========================================================
public Account(Integer id, String owningUserName) {
this.id = id;
this.owningUserName = owningUserName;
}
public Account(int id, String owningUserName) {
this.id = new Integer(id);
this.owningUserName = owningUserName;
}
private Account() {
super();
}
//~ Methods ================================================================
public float getBalance() {
return this.balance;
}
public Integer getId() {
return this.id;
}
public String getOwningUserName() {
return this.owningUserName;
}
public void deposit(float amount) {
this.balance = this.balance + amount;
}
public void withdraw(float amount) {
this.balance = this.balance - amount;
}
}

44
core/src/test/java/org/acegisecurity/context/BankManager.java
View File

@ -1,44 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.context;
/**
* Simple business object of an in-memory banking system.
*
* <p>
* We'll spare you from <code>InsufficientFundsExceptions</code> etc. After
* all, this is intended to test security features rather than OO design!
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public interface BankManager {
//~ Methods ================================================================
public float getBalance(Integer accountNumber);
public float getBankFundsUnderControl();
public void deleteAccount(Integer accountNumber);
public Account loadAccount(Integer accountNumber);
public void saveAccount(Account account);
public void transferFunds(Integer fromAccountNumber,
Integer toAccountNumber, float amount);
}

75
core/src/test/java/org/acegisecurity/context/BankManagerImpl.java
View File

@ -1,75 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.context;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
/**
* Implementation of {@link BankManager}.
*
* @author Ben Alex
* @version $Id$
*/
public class BankManagerImpl implements BankManager {
//~ Instance fields ========================================================
private Map accounts = new HashMap();
//~ Methods ================================================================
public float getBalance(Integer accountNumber) {
Account account = this.loadAccount(accountNumber);
return account.getBalance();
}
public float getBankFundsUnderControl() {
float total = 0;
Iterator iter = this.accounts.keySet().iterator();
while (iter.hasNext()) {
Integer account = (Integer) iter.next();
total = total + this.getBalance(account);
}
return total;
}
public void deleteAccount(Integer accountNumber) {
this.accounts.remove(accountNumber);
}
public Account loadAccount(Integer accountNumber) {
return (Account) accounts.get(accountNumber);
}
public void saveAccount(Account account) {
this.accounts.put(account.getId(), account);
}
public void transferFunds(Integer fromAccountNumber,
Integer toAccountNumber, float amount) {
Account from = this.loadAccount(fromAccountNumber);
Account to = this.loadAccount(toAccountNumber);
from.withdraw(amount);
to.deposit(amount);
this.saveAccount(from);
this.saveAccount(to);
}
}

128
core/src/test/java/org/acegisecurity/context/ContextTests.java
View File

@ -1,128 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.context;
import junit.framework.TestCase;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Tests context objects.
*
* @author Ben Alex
* @version $Id$
*/
public class ContextTests extends TestCase {
//~ Instance fields ========================================================
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===========================================================
public ContextTests() {
super();
}
public ContextTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext(
"/net/sf/acegisecurity/context/applicationContext.xml");
}
public static void main(String[] args) {
junit.textui.TestRunner.run(ContextTests.class);
}
public void testContextInterceptorDetectsEmptyContexts()
throws Exception {
Account ben = new Account(1, "ben");
BankManager bank = (BankManager) ctx.getBean("bankManager");
try {
bank.saveAccount(ben);
fail("Should have thrown ContextHolderEmptyException");
} catch (ContextHolderEmptyException expected) {
assertTrue(true);
}
Context context = new ContextImpl();
ContextHolder.setContext(context);
Account marissa = new Account(2, "marissa");
bank.saveAccount(marissa);
ContextHolder.setContext(null);
}
public void testContextInterceptorProcessesValidations()
throws Exception {
ExoticContext context = new ExoticContext();
ContextHolder.setContext(context);
Account ben = new Account(1, "ben");
BankManager bank = (BankManager) ctx.getBean("bankManager");
try {
bank.saveAccount(ben);
fail(
"Should have thrown ContextInvalidException (magic number is incorrect)");
} catch (ContextInvalidException expected) {
assertTrue(true);
}
context.setMagicNumber(7);
ContextHolder.setContext(context);
Account marissa = new Account(2, "marissa");
bank.saveAccount(marissa);
ContextHolder.setContext(null);
}
public void testContextInterceptorValidatesASecureContext()
throws Exception {
SecureContext context = new SecureContextImpl();
ContextHolder.setContext((Context) context);
Account ben = new Account(1, "ben");
BankManager bank = (BankManager) ctx.getBean("bankManager");
try {
bank.saveAccount(ben);
fail(
"Should have thrown ContextInvalidException (no authentication object)");
} catch (ContextInvalidException expected) {
assertTrue(true);
}
context.setAuthentication(new TestingAuthenticationToken("a", "b", null));
ContextHolder.setContext((Context) context);
Account marissa = new Account(2, "marissa");
bank.saveAccount(marissa);
ContextHolder.setContext(null);
}
}

49
core/src/test/java/org/acegisecurity/context/ExoticContext.java
View File

@ -1,49 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.context;
/**
* Exotic implementation of a {@link Context}.
*
* <p>
* Requires the context to be set with a <code>magicNumber</code> of 7. Tests
* validation in the unit tests.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class ExoticContext implements Context {
//~ Instance fields ========================================================
private int magicNumber;
//~ Methods ================================================================
public void setMagicNumber(int magicNumber) {
this.magicNumber = magicNumber;
}
public int getMagicNumber() {
return magicNumber;
}
public void validate() throws ContextInvalidException {
if (magicNumber != 7) {
throw new ContextInvalidException("Magic number is not 7");
}
}
}

29
core/src/test/java/org/acegisecurity/context/applicationContext.xml
View File

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
* $Id$
-->
<beans>
<!-- =================== CONTEXT RELATED DEFINITIONS ================== -->
<bean id="contextInterceptor" class="net.sf.acegisecurity.context.ContextInterceptor"/>
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
<bean id="bankManagerTarget" class="net.sf.acegisecurity.context.BankManagerImpl"/>
<bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.context.BankManager</value></property>
<property name="interceptorNames">
<list>
<value>contextInterceptor</value>
<value>bankManagerTarget</value>
</list>
</property>
</bean>
</beans>

110
core/src/test/java/org/acegisecurity/providers/dao/memory/applicationContext.xml
View File

@ -1,110 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
* $Id$
-->
<beans>
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
<!-- RunAsManager -->
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
<!-- Data access object which stores authentication information -->
<!-- The two invalid entries at the bottom are provided for testing purposes -->
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,disabled,ROLE_TELLER
scott=wombat,ACCOUNT_45
peter=opal,ACCOUNT_77
someone=password
someoneelse=
</value>
</property>
</bean>
<!-- Authentication provider that queries our data access object -->
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
<property name="ignorePasswordCase"><value>false</value></property>
<property name="ignoreUsernameCase"><value>true</value></property>
</bean>
<!-- Authentication provider that accepts as valid our RunAsManagerImpl created tokens -->
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- The authentication manager that iterates through our authentication providers -->
<!-- Strictly we don't need runAsAuthenticationProvider given we haven't defined any RUN_AS configurations -->
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
<ref bean="runAsAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<!-- An access decision voter that reads BANKSECURITY_CUSTOMER configuaration settings -->
<bean id="bankSecurityVoter" class="net.sf.acegisecurity.BankSecurityVoter"/>
<!-- An affirmative access decision manager -->
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="bankSecurityVoter"/>
</list>
</property>
</bean>
<!-- ===================== SECURITY DEFINITIONS ======================= -->
<!-- No declaration for BankManager.getBankFundsUnderControl() makes it public -->
<bean id="bankManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource">
<value>
net.sf.acegisecurity.context.BankManager.delete*=ROLE_SUPERVISOR
net.sf.acegisecurity.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER
net.sf.acegisecurity.context.BankManager.loadAccount=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER
net.sf.acegisecurity.context.BankManager.saveAccount=ROLE_TELLER,ROLE_SUPERVISOR
net.sf.acegisecurity.context.BankManager.transferFunds=ROLE_SUPERVISOR
</value>
</property>
</bean>
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
<bean id="bankManagerTarget" class="net.sf.acegisecurity.context.BankManagerImpl"/>
<!-- We don't include any context interceptor, although we should do so prior to the security interceptor -->
<bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.context.BankManager</value></property>
<property name="interceptorNames">
<list>
<value>bankManagerSecurity</value>
<value>bankManagerTarget</value>
</list>
</property>
</bean>
</beans>

83
core/src/test/java/org/acegisecurity/runas/BankManagerPublicFacade.java
View File

@ -1,83 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.runas;
import net.sf.acegisecurity.context.Account;
import net.sf.acegisecurity.context.BankManager;
import org.springframework.beans.factory.InitializingBean;
/**
* Acts as the "public facade" to a <code>BankManager</code>.
*
* <P>
* The security configuration of this, the public facade, specifies authorities
* that should be held by the end user. The security configuration of the
* "backend", which is not accessible to the general public, specifies certain
* authorities that are granted by the RunAsManagerImpl.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class BankManagerPublicFacade implements BankManager, InitializingBean {
//~ Instance fields ========================================================
private BankManager backend;
//~ Methods ================================================================
public void setBackend(BankManager backend) {
this.backend = backend;
}
public BankManager getBackend() {
return backend;
}
public float getBalance(Integer accountNumber) {
return backend.getBalance(accountNumber);
}
public float getBankFundsUnderControl() {
return backend.getBankFundsUnderControl();
}
public void afterPropertiesSet() throws Exception {
if (backend == null) {
throw new IllegalArgumentException(
"A backend BankManager implementation is required");
}
}
public void deleteAccount(Integer accountNumber) {
backend.deleteAccount(accountNumber);
}
public Account loadAccount(Integer accountNumber) {
return backend.loadAccount(accountNumber);
}
public void saveAccount(Account account) {
backend.saveAccount(account);
}
public void transferFunds(Integer fromAccountNumber,
Integer toAccountNumber, float amount) {
backend.transferFunds(fromAccountNumber, toAccountNumber, amount);
}
}

114
core/src/test/java/org/acegisecurity/runas/RunAsTests.java
View File

@ -1,114 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.runas;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.context.Account;
import net.sf.acegisecurity.context.BankManager;
import net.sf.acegisecurity.context.Context;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Tests {@link RunAsManagerImpl}.
*
* @author Ben Alex
* @version $Id$
*/
public class RunAsTests extends TestCase {
//~ Instance fields ========================================================
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===========================================================
public RunAsTests() {
super();
}
public RunAsTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext(
"/net/sf/acegisecurity/runas/applicationContext.xml");
}
public static void main(String[] args) {
junit.textui.TestRunner.run(RunAsTests.class);
}
public void testRunAs() throws Exception {
Account account = new Account(45, "someone");
BankManager bank = (BankManager) ctx.getBean("bankManager");
// Try as a user without access to the account
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter",
"opal");
SecureContext secureContext = new SecureContextImpl();
secureContext.setAuthentication(token);
ContextHolder.setContext((Context) secureContext);
try {
// NB: account number 45 != granted authority for account 77
bank.loadAccount(account.getId());
fail("Should have thrown an AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Now try as user with access to account number 45
// Proves ROLE_RUN_AS_SERVER is being allocated
token = new UsernamePasswordAuthenticationToken("scott", "wombat");
secureContext.setAuthentication(token);
ContextHolder.setContext((Context) secureContext);
bank.loadAccount(account.getId());
assertTrue(true);
// Now try as user with ROLE_SUPERVISOR access to the account
// Proves ROLE_RUN_AS_SERVER is being allocated
token = new UsernamePasswordAuthenticationToken("marissa", "koala");
secureContext.setAuthentication(token);
ContextHolder.setContext((Context) secureContext);
bank.loadAccount(account.getId());
assertTrue(true);
// Now try to call a method that ROLE_RUN_AS_BACKEND not granted for
token = new UsernamePasswordAuthenticationToken("marissa", "koala");
secureContext.setAuthentication(token);
ContextHolder.setContext((Context) secureContext);
try {
bank.saveAccount(account);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
ContextHolder.setContext(null);
}
}

138
core/src/test/java/org/acegisecurity/runas/applicationContext.xml
View File

@ -1,138 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
* $Id$
-->
<beans>
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
<!-- RunAsManager -->
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
<!-- Data access object which stores authentication information -->
<!-- The two invalid entries at the bottom are provided for testing purposes -->
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,disabled,ROLE_TELLER
scott=wombat,ACCOUNT_45
peter=opal,ACCOUNT_77
someone=password
someoneelse=
</value>
</property>
</bean>
<!-- Authentication provider that queries our data access object -->
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
<property name="ignorePasswordCase"><value>false</value></property>
<property name="ignoreUsernameCase"><value>true</value></property>
</bean>
<!-- Authentication provider that accepts as valid our RunAsManagerImpl created tokens -->
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- The authentication manager that iterates through our authentication providers -->
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
<ref bean="runAsAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<!-- An access decision voter that reads BANKSECURITY_CUSTOMER configuaration settings -->
<bean id="bankSecurityVoter" class="net.sf.acegisecurity.BankSecurityVoter"/>
<!-- An affirmative access decision manager -->
<bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="bankSecurityVoter"/>
</list>
</property>
</bean>
<!-- ===================== SECURITY DEFINITIONS ======================= -->
<!-- Note we don't specify to grant RUN_AS_SERVER to saveAccount invocations -->
<bean id="publicBankManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource">
<value>
net.sf.acegisecurity.context.BankManager.delete*=ROLE_SUPERVISOR,RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.loadAccount=ROLE_TELLER,ROLE_SUPERVISOR,BANKSECURITY_CUSTOMER,RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.saveAccount=ROLE_TELLER,ROLE_SUPERVISOR
net.sf.acegisecurity.context.BankManager.transferFunds=ROLE_SUPERVISOR,RUN_AS_SERVER
</value>
</property>
</bean>
<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
<bean id="backendBankManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource">
<value>
net.sf.acegisecurity.context.BankManager.delete*=ROLE_RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.getBalance=ROLE_RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.loadAccount=ROLE_RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.saveAccount=ROLE_RUN_AS_SERVER
net.sf.acegisecurity.context.BankManager.transferFunds=ROLE_RUN_AS_SERVER
</value>
</property>
</bean>
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
<bean id="bankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.context.BankManager</value></property>
<property name="interceptorNames">
<list>
<value>publicBankManagerSecurity</value>
<value>publicBankManagerTarget</value>
</list>
</property>
</bean>
<bean id="publicBankManagerTarget" class="net.sf.acegisecurity.runas.BankManagerPublicFacade">
<property name="backend"><ref bean="backendBankManager"/></property>
</bean>
<bean id="backendBankManager" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"><value>net.sf.acegisecurity.context.BankManager</value></property>
<property name="interceptorNames">
<list>
<value>backendBankManagerSecurity</value>
<value>backendBankManagerTarget</value>
</list>
</property>
</bean>
<bean id="backendBankManagerTarget" class="net.sf.acegisecurity.context.BankManagerImpl"/>
</beans>