Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2769: DefaultMessageSecurityExpressionHandler sets RoleHierarchy

This commit is contained in:
Rob Winch 2014-11-19 11:50:42 -06:00
parent ff95a34b1f
commit 95c70f29bd
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
View File

@ -40,6 +40,7 @@ public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurity
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message<T> invocation) {
MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication,invocation);
root.setTrustResolver(trustResolver);
root.setRoleHierarchy(getRoleHierarchy());
return root;
}

14
messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
View File

@ -28,8 +28,10 @@ import org.springframework.expression.Expression;
import org.springframework.messaging.Message;
import org.springframework.messaging.support.GenericMessage;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
@ -75,4 +77,16 @@ public class DefaultMessageSecurityExpressionHandlerTests {
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
}
@Test
public void roleHierarchy() {
authentication = new TestingAuthenticationToken("admin", "pass", "ROLE_ADMIN");
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER");
handler.setRoleHierarchy(roleHierarchy);
EvaluationContext context = handler.createEvaluationContext(authentication, message);
Expression expression = handler.getExpressionParser().parseExpression("hasRole('ROLE_USER')");
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
}
}