Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.

Browse Source
This commit is contained in:
Ben Alex 2006-01-28 21:33:35 +00:00
parent b3cb329ede
commit 823f93fe3b
2 changed files with 53 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/acegisecurity/util/MethodInvocationUtils.java
View File

@ -81,7 +81,7 @@ public class MethodInvocationUtils {
list.add(args[i].getClass()); list.add(args[i].getClass());
} }
classArgs = (Class[]) list.toArray(); classArgs = (Class[]) list.toArray(new Class[] {});
} }
return createFromClass(object.getClass(), methodName, classArgs); return createFromClass(object.getClass(), methodName, classArgs);

63
core/src/test/java/org/acegisecurity/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -53,11 +53,43 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
//~ Methods ================================================================ //~ Methods ================================================================
private Object lookupTargetObject() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
return context.getBean("target");
}
public static void main(String[] args) { public static void main(String[] args) {
junit.textui.TestRunner.run(MethodInvocationPrivilegeEvaluatorTests.class); junit.textui.TestRunner.run(MethodInvocationPrivilegeEvaluatorTests.class);
} }
public void testAllowsAccess() throws Exception { private MethodSecurityInterceptor makeSecurityInterceptor() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
return (MethodSecurityInterceptor) context.getBean(
"securityInterceptor");
}
public void testAllowsAccessUsingCreate() throws Exception {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")});
Object object = lookupTargetObject();
MethodInvocation mi = MethodInvocationUtils.create(object,
"makeLowerCase", new Object[] {"foobar"});
MethodSecurityInterceptor interceptor = makeSecurityInterceptor();
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
mipe.afterPropertiesSet();
assertTrue(mipe.isAllowed(mi, token));
}
public void testAllowsAccessUsingCreateFromClass()
throws Exception {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")}); new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")});
@ -72,7 +104,24 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
assertTrue(mipe.isAllowed(mi, token)); assertTrue(mipe.isAllowed(mi, token));
} }
public void testDeclinesAccess() throws Exception { public void testDeclinesAccessUsingCreate() throws Exception {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_NOT_HELD")});
Object object = lookupTargetObject();
MethodInvocation mi = MethodInvocationUtils.create(object,
"makeLowerCase", new Object[] {"foobar"});
MethodSecurityInterceptor interceptor = makeSecurityInterceptor();
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
mipe.afterPropertiesSet();
assertFalse(mipe.isAllowed(mi, token));
}
public void testDeclinesAccessUsingCreateFromClass()
throws Exception {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
"Password", "Password",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_NOT_HELD")}); new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_NOT_HELD")});
@ -86,12 +135,4 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
assertFalse(mipe.isAllowed(mi, token)); assertFalse(mipe.isAllowed(mi, token));
} }
private MethodSecurityInterceptor makeSecurityInterceptor() {
ApplicationContext context = new ClassPathXmlApplicationContext(
"org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
return (MethodSecurityInterceptor) context.getBean(
"securityInterceptor");
}
} }