diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java index 403c153c71..0aa634beda 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java @@ -15,12 +15,30 @@ package org.springframework.security.taglibs.velocity; +import java.io.IOException; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.util.Enumeration; + +import javax.servlet.Servlet; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpSession; import javax.servlet.jsp.JspException; +import javax.servlet.jsp.JspWriter; +import javax.servlet.jsp.PageContext; +import javax.servlet.jsp.el.ExpressionEvaluator; +import javax.servlet.jsp.el.VariableResolver; import javax.servlet.jsp.tagext.Tag; import org.springframework.context.ApplicationContext; import org.springframework.security.taglibs.authz.AuthenticationTag; import org.springframework.security.taglibs.authz.LegacyAuthorizeTag; +import org.springframework.util.Assert; /** @@ -31,6 +49,9 @@ import org.springframework.security.taglibs.authz.LegacyAuthorizeTag; public class AuthzImpl implements Authz { //~ Static fields/initializers ===================================================================================== + private static final ServletContext SPEL_DISABLED_SERVLET_CONTEXT = (ServletContext) Proxy.newProxyInstance(AuthzImpl.class.getClassLoader(), new Class[] {ServletContext.class}, new DisabledSpringJspExpressionSupportActiveServletContext()); + private static final PageContext SPEL_DISABLED_PAGE_CONTEXT = new PageContextAdapter(SPEL_DISABLED_SERVLET_CONTEXT); + static final int ALL_GRANTED = 1; static final int ANY_GRANTED = 2; static final int NONE_GRANTED = 3; @@ -76,6 +97,7 @@ public class AuthzImpl implements Authz { */ private boolean ifGranted(String roles, int grantType) { LegacyAuthorizeTag authorizeTag = new LegacyAuthorizeTag(); + authorizeTag.setPageContext(getPageContext()); int result = -1; @@ -123,6 +145,10 @@ public class AuthzImpl implements Authz { this.appCtx = appCtx; } + private PageContext getPageContext() { + return SPEL_DISABLED_PAGE_CONTEXT; + } + //~ Inner Classes ================================================================================================== /** @@ -141,4 +167,129 @@ public class AuthzImpl implements Authz { lastMessage = msg; } } + + private static final class DisabledSpringJspExpressionSupportActiveServletContext implements InvocationHandler { + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + if("getInitParameter".equals(method.getName())) { + return Boolean.FALSE.toString(); + } + return null; + } + } + + private static final class PageContextAdapter extends PageContext { + + private final ServletContext servletContext; + + public PageContextAdapter(ServletContext servletContext) { + Assert.notNull(servletContext, "servletContext cannot be null"); + this.servletContext = servletContext; + } + + public void setAttribute(String arg0, Object arg1, int arg2) { + throw new UnsupportedOperationException(); + } + + public void setAttribute(String arg0, Object arg1) { + throw new UnsupportedOperationException(); + } + + public void removeAttribute(String arg0, int arg1) { + throw new UnsupportedOperationException(); + } + + public void removeAttribute(String arg0) { + throw new UnsupportedOperationException(); + } + + public VariableResolver getVariableResolver() { + throw new UnsupportedOperationException(); + } + + public JspWriter getOut() { + throw new UnsupportedOperationException(); + } + + public ExpressionEvaluator getExpressionEvaluator() { + throw new UnsupportedOperationException(); + } + + public int getAttributesScope(String arg0) { + throw new UnsupportedOperationException(); + } + + @SuppressWarnings("rawtypes") + public Enumeration getAttributeNamesInScope(int arg0) { + throw new UnsupportedOperationException(); + } + + public Object getAttribute(String arg0, int arg1) { + throw new UnsupportedOperationException(); + } + + public Object getAttribute(String arg0) { + throw new UnsupportedOperationException(); + } + + public Object findAttribute(String arg0) { + throw new UnsupportedOperationException(); + } + + public void release() { + throw new UnsupportedOperationException(); + } + + public void initialize(Servlet arg0, ServletRequest arg1, ServletResponse arg2, String arg3, boolean arg4, + int arg5, boolean arg6) throws IOException, IllegalStateException, IllegalArgumentException { + throw new UnsupportedOperationException(); + } + + public void include(String arg0, boolean arg1) throws ServletException, IOException { + throw new UnsupportedOperationException(); + } + + public void include(String arg0) throws ServletException, IOException { + throw new UnsupportedOperationException(); + } + + public void handlePageException(Throwable arg0) throws ServletException, IOException { + throw new UnsupportedOperationException(); + } + + public void handlePageException(Exception arg0) throws ServletException, IOException { + throw new UnsupportedOperationException(); + } + + public HttpSession getSession() { + throw new UnsupportedOperationException(); + } + + public ServletContext getServletContext() { + return servletContext; + } + + public ServletConfig getServletConfig() { + throw new UnsupportedOperationException(); + } + + public ServletResponse getResponse() { + throw new UnsupportedOperationException(); + } + + public ServletRequest getRequest() { + throw new UnsupportedOperationException(); + } + + public Object getPage() { + throw new UnsupportedOperationException(); + } + + public Exception getException() { + throw new UnsupportedOperationException(); + } + + public void forward(String arg0) throws ServletException, IOException { + throw new UnsupportedOperationException(); + } + } } diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAttributeTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAttributeTests.java index b841358c3e..ac72f2cce0 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAttributeTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAttributeTests.java @@ -31,7 +31,6 @@ import javax.servlet.jsp.JspException; * Ignoring these tests so that we can rename the file, but still get tests to pass till SEC-1882 can be * addressed. */ -@Ignore public class AuthzImplAttributeTests extends TestCase { //~ Instance fields ================================================================================================ diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAuthorizeTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAuthorizeTagTests.java index cafa22b17a..d016997e73 100644 --- a/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAuthorizeTagTests.java +++ b/taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAuthorizeTagTests.java @@ -51,7 +51,7 @@ public class AuthzImplAuthorizeTagTests extends TestCase { SecurityContextHolder.clearContext(); } - public void IGNOREtestAlwaysReturnsUnauthorizedIfNoUserFound() { + public void testAlwaysReturnsUnauthorizedIfNoUserFound() { SecurityContextHolder.getContext().setAuthentication(null); //prevents request - no principal in Context @@ -65,39 +65,39 @@ public class AuthzImplAuthorizeTagTests extends TestCase { assertFalse(authz.noneGranted("")); } - public void IGNOREtestOutputsBodyIfOneRolePresent() { + public void testOutputsBodyIfOneRolePresent() { //authorized - ROLE_TELLER in both sets assertTrue(authz.anyGranted("ROLE_TELLER")); } - public void IGNOREtestOutputsBodyWhenAllGranted() { + public void testOutputsBodyWhenAllGranted() { // allows request - all required roles granted on principal assertTrue(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER")); } - public void IGNOREtestOutputsBodyWhenNotGrantedSatisfied() { + public void testOutputsBodyWhenNotGrantedSatisfied() { // allows request - principal doesn't have ROLE_BANKER assertTrue(authz.noneGranted("ROLE_BANKER")); } - public void IGNOREtestPreventsBodyOutputIfNoSecureContext() { + public void testPreventsBodyOutputIfNoSecureContext() { SecurityContextHolder.getContext().setAuthentication(null); // prevents output - no context defined assertFalse(authz.anyGranted("ROLE_BANKER")); } - public void IGNOREtestSkipsBodyIfNoAnyRolePresent() { + public void testSkipsBodyIfNoAnyRolePresent() { // unauthorized - ROLE_BANKER not in granted authorities assertFalse(authz.anyGranted("ROLE_BANKER")); } - public void IGNOREtestSkipsBodyWhenMissingAnAllGranted() { + public void testSkipsBodyWhenMissingAnAllGranted() { // prevents request - missing ROLE_BANKER on principal assertFalse(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER")); } - public void IGNOREtestSkipsBodyWhenNotGrantedUnsatisfied() { + public void testSkipsBodyWhenNotGrantedUnsatisfied() { // prevents request - principal has ROLE_TELLER assertFalse(authz.noneGranted("ROLE_TELLER")); }