mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-26 13:53:14 +00:00
SEC-1882: Velocity AuthzImpl now works with Spring 3.0.6+
This commit is contained in:
Rob Winch
parent
70d5ba536e
commit
aa489f7ff6
@ -15,12 +15,30 @@
|
||||
|
||||
package org.springframework.security.taglibs.velocity;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.InvocationHandler;
|
||||
import java.lang.reflect.Method;
|
||||
import java.lang.reflect.Proxy;
|
||||
import java.util.Enumeration;
|
||||
|
||||
import javax.servlet.Servlet;
|
||||
import javax.servlet.ServletConfig;
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.JspWriter;
|
||||
import javax.servlet.jsp.PageContext;
|
||||
import javax.servlet.jsp.el.ExpressionEvaluator;
|
||||
import javax.servlet.jsp.el.VariableResolver;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.taglibs.authz.AuthenticationTag;
|
||||
import org.springframework.security.taglibs.authz.LegacyAuthorizeTag;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
@ -31,6 +49,9 @@ import org.springframework.security.taglibs.authz.LegacyAuthorizeTag;
|
||||
public class AuthzImpl implements Authz {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final ServletContext SPEL_DISABLED_SERVLET_CONTEXT = (ServletContext) Proxy.newProxyInstance(AuthzImpl.class.getClassLoader(), new Class[] {ServletContext.class}, new DisabledSpringJspExpressionSupportActiveServletContext());
|
||||
private static final PageContext SPEL_DISABLED_PAGE_CONTEXT = new PageContextAdapter(SPEL_DISABLED_SERVLET_CONTEXT);
|
||||
|
||||
static final int ALL_GRANTED = 1;
|
||||
static final int ANY_GRANTED = 2;
|
||||
static final int NONE_GRANTED = 3;
|
||||
@ -76,6 +97,7 @@ public class AuthzImpl implements Authz {
|
||||
*/
|
||||
private boolean ifGranted(String roles, int grantType) {
|
||||
LegacyAuthorizeTag authorizeTag = new LegacyAuthorizeTag();
|
||||
authorizeTag.setPageContext(getPageContext());
|
||||
|
||||
int result = -1;
|
||||
|
||||
@ -123,6 +145,10 @@ public class AuthzImpl implements Authz {
|
||||
this.appCtx = appCtx;
|
||||
}
|
||||
|
||||
private PageContext getPageContext() {
|
||||
return SPEL_DISABLED_PAGE_CONTEXT;
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
/**
|
||||
@ -141,4 +167,129 @@ public class AuthzImpl implements Authz {
|
||||
lastMessage = msg;
|
||||
}
|
||||
}
|
||||
|
||||
private static final class DisabledSpringJspExpressionSupportActiveServletContext implements InvocationHandler {
|
||||
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
|
||||
if("getInitParameter".equals(method.getName())) {
|
||||
return Boolean.FALSE.toString();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static final class PageContextAdapter extends PageContext {
|
||||
|
||||
private final ServletContext servletContext;
|
||||
|
||||
public PageContextAdapter(ServletContext servletContext) {
|
||||
Assert.notNull(servletContext, "servletContext cannot be null");
|
||||
this.servletContext = servletContext;
|
||||
}
|
||||
|
||||
public void setAttribute(String arg0, Object arg1, int arg2) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void setAttribute(String arg0, Object arg1) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void removeAttribute(String arg0, int arg1) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void removeAttribute(String arg0) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public VariableResolver getVariableResolver() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public JspWriter getOut() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public ExpressionEvaluator getExpressionEvaluator() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public int getAttributesScope(String arg0) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
@SuppressWarnings("rawtypes")
|
||||
public Enumeration getAttributeNamesInScope(int arg0) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Object getAttribute(String arg0, int arg1) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Object getAttribute(String arg0) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Object findAttribute(String arg0) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void release() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void initialize(Servlet arg0, ServletRequest arg1, ServletResponse arg2, String arg3, boolean arg4,
|
||||
int arg5, boolean arg6) throws IOException, IllegalStateException, IllegalArgumentException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void include(String arg0, boolean arg1) throws ServletException, IOException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void include(String arg0) throws ServletException, IOException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void handlePageException(Throwable arg0) throws ServletException, IOException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void handlePageException(Exception arg0) throws ServletException, IOException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public HttpSession getSession() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public ServletContext getServletContext() {
|
||||
return servletContext;
|
||||
}
|
||||
|
||||
public ServletConfig getServletConfig() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public ServletResponse getResponse() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public ServletRequest getRequest() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Object getPage() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public Exception getException() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
public void forward(String arg0) throws ServletException, IOException {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -31,7 +31,6 @@ import javax.servlet.jsp.JspException;
|
||||
* Ignoring these tests so that we can rename the file, but still get tests to pass till SEC-1882 can be
|
||||
* addressed.
|
||||
*/
|
||||
@Ignore
|
||||
public class AuthzImplAttributeTests extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ public class AuthzImplAuthorizeTagTests extends TestCase {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
public void IGNOREtestAlwaysReturnsUnauthorizedIfNoUserFound() {
|
||||
public void testAlwaysReturnsUnauthorizedIfNoUserFound() {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
//prevents request - no principal in Context
|
||||
@ -65,39 +65,39 @@ public class AuthzImplAuthorizeTagTests extends TestCase {
|
||||
assertFalse(authz.noneGranted(""));
|
||||
}
|
||||
|
||||
public void IGNOREtestOutputsBodyIfOneRolePresent() {
|
||||
public void testOutputsBodyIfOneRolePresent() {
|
||||
//authorized - ROLE_TELLER in both sets
|
||||
assertTrue(authz.anyGranted("ROLE_TELLER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestOutputsBodyWhenAllGranted() {
|
||||
public void testOutputsBodyWhenAllGranted() {
|
||||
// allows request - all required roles granted on principal
|
||||
assertTrue(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestOutputsBodyWhenNotGrantedSatisfied() {
|
||||
public void testOutputsBodyWhenNotGrantedSatisfied() {
|
||||
// allows request - principal doesn't have ROLE_BANKER
|
||||
assertTrue(authz.noneGranted("ROLE_BANKER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestPreventsBodyOutputIfNoSecureContext() {
|
||||
public void testPreventsBodyOutputIfNoSecureContext() {
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
// prevents output - no context defined
|
||||
assertFalse(authz.anyGranted("ROLE_BANKER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestSkipsBodyIfNoAnyRolePresent() {
|
||||
public void testSkipsBodyIfNoAnyRolePresent() {
|
||||
// unauthorized - ROLE_BANKER not in granted authorities
|
||||
assertFalse(authz.anyGranted("ROLE_BANKER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestSkipsBodyWhenMissingAnAllGranted() {
|
||||
public void testSkipsBodyWhenMissingAnAllGranted() {
|
||||
// prevents request - missing ROLE_BANKER on principal
|
||||
assertFalse(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER"));
|
||||
}
|
||||
|
||||
public void IGNOREtestSkipsBodyWhenNotGrantedUnsatisfied() {
|
||||
public void testSkipsBodyWhenNotGrantedUnsatisfied() {
|
||||
// prevents request - principal has ROLE_TELLER
|
||||
assertFalse(authz.noneGranted("ROLE_TELLER"));
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user