mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-29 15:22:15 +00:00
PermitAllSupportTests groovy->java
Issue gh-4939
This commit is contained in:
Josh Cummings
parent
1630b3b1f3
commit
870d83eb3e
@ -1,69 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2002-2013 the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.springframework.security.config.annotation.web.configurers
|
|
||||||
|
|
||||||
import org.springframework.beans.factory.BeanCreationException;
|
|
||||||
import org.springframework.context.annotation.Configuration
|
|
||||||
import org.springframework.mock.web.MockHttpServletRequest
|
|
||||||
import org.springframework.security.config.annotation.BaseSpringSpec
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author Rob Winch
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
class PermitAllSupportTests extends BaseSpringSpec {
|
|
||||||
def "PermitAllSupport.ExactUrlRequestMatcher"() {
|
|
||||||
expect:
|
|
||||||
RequestMatcher matcher = new PermitAllSupport.ExactUrlRequestMatcher(processUrl)
|
|
||||||
matcher.matches(new MockHttpServletRequest(requestURI:requestURI,contextPath:contextPath,queryString: query)) == matches
|
|
||||||
where:
|
|
||||||
processUrl | requestURI | contextPath | query | matches
|
|
||||||
"/login" | "/sample/login" | "/sample" | null | true
|
|
||||||
"/login" | "/sample/login" | "/sample" | "error" | false
|
|
||||||
"/login?error" | "/sample/login" | "/sample" | "error" | true
|
|
||||||
}
|
|
||||||
|
|
||||||
def "PermitAllSupport throws Exception when authorizedUrls() not invoked"() {
|
|
||||||
when:
|
|
||||||
loadConfig(NoAuthorizedUrlsConfig)
|
|
||||||
then:
|
|
||||||
BeanCreationException e = thrown()
|
|
||||||
e.message.contains "permitAll only works with HttpSecurity.authorizeRequests"
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@EnableWebSecurity
|
|
||||||
static class NoAuthorizedUrlsConfig extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
||||||
auth
|
|
||||||
.inMemoryAuthentication()
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.formLogin()
|
|
||||||
.permitAll()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -0,0 +1,93 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2002-2019 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.security.config.annotation.web.configurers;
|
||||||
|
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.BeanCreationException;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.security.config.test.SpringTestRule;
|
||||||
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||||
|
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||||
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||||
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Rob Winch
|
||||||
|
* @author Josh Cummings
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class PermitAllSupportTests {
|
||||||
|
|
||||||
|
@Rule
|
||||||
|
public final SpringTestRule spring = new SpringTestRule();
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private MockMvc mvc;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void performWhenUsingPermitAllExactUrlRequestMatcherThenMatchesExactUrl() throws Exception {
|
||||||
|
this.spring.register(PermitAllConfig.class).autowire();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/app/xyz").contextPath("/app"))
|
||||||
|
.andExpect(status().isNotFound());
|
||||||
|
this.mvc.perform(get("/app/xyz?def").contextPath("/app"))
|
||||||
|
.andExpect(status().isFound());
|
||||||
|
this.mvc.perform(post("/app/abc?def").with(csrf()).contextPath("/app"))
|
||||||
|
.andExpect(status().isNotFound());
|
||||||
|
this.mvc.perform(get("/app/abc").with(csrf()).contextPath("/app"))
|
||||||
|
.andExpect(status().isFound());
|
||||||
|
}
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
static class PermitAllConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.authorizeRequests()
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.loginPage("/xyz").permitAll()
|
||||||
|
.loginProcessingUrl("/abc?def").permitAll();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void configureWhenNotAuthorizeRequestsThenException() {
|
||||||
|
assertThatCode(() -> this.spring.register(NoAuthorizedUrlsConfig.class).autowire())
|
||||||
|
.isInstanceOf(BeanCreationException.class)
|
||||||
|
.hasMessageContaining("permitAll only works with HttpSecurity.authorizeRequests");
|
||||||
|
}
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
static class NoAuthorizedUrlsConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.formLogin()
|
||||||
|
.permitAll();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user