Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-08 05:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-3034: AclPermissionEvaluator specifies Locale.ENGLISH

Browse Source
This commit is contained in:
Rob Winch 2015-07-13 23:57:14 -05:00
parent 567b0ed030
commit a6cd1b6066
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
View File

@ -3,6 +3,7 @@ package org.springframework.security.acls;
import java.io.Serializable; import java.io.Serializable;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Locale;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -121,8 +122,9 @@ public class AclPermissionEvaluator implements PermissionEvaluator {
try { try {
p = permissionFactory.buildFromName(permString); p = permissionFactory.buildFromName(permString);
} catch(IllegalArgumentException notfound) { }
p = permissionFactory.buildFromName(permString.toUpperCase()); catch (IllegalArgumentException notfound) {
p = permissionFactory.buildFromName(permString.toUpperCase(Locale.ENGLISH));
} }
if (p != null) { if (p != null) {

24
acl/src/test/java/org/springframework/security/acls/AclPermissionEvaluatorTests.java
View File

@ -4,6 +4,8 @@ import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.*; import static org.mockito.Matchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
import java.util.Locale;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.acls.model.Acl; import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AclService; import org.springframework.security.acls.model.AclService;
@ -36,4 +38,26 @@ public class AclPermissionEvaluatorTests {
assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "READ")); assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "READ"));
} }
@Test
public void resolvePermissionNonEnglishLocale() {
Locale systemLocale = Locale.getDefault();
Locale.setDefault(new Locale("tr"));
AclService service = mock(AclService.class);
AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
ObjectIdentity oid = mock(ObjectIdentity.class);
ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
pe.setObjectIdentityRetrievalStrategy(oidStrategy);
pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
Acl acl = mock(Acl.class);
when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
assertTrue(pe.hasPermission(mock(Authentication.class), new Object(), "write"));
Locale.setDefault(systemLocale);
}
} }