From aea13b656e43864b0e5dc59d1a00980873e11278 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Thu, 23 Mar 2023 09:03:07 -0600 Subject: [PATCH] Add Testing Issue gh-12540 --- ...erDelegatingAuthorizationManagerTests.java | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java new file mode 100644 index 0000000000..bd5de007d3 --- /dev/null +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java @@ -0,0 +1,94 @@ +/* + * Copyright 2002-2023 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.messaging.access.intercept; + +import java.util.Map; +import java.util.function.Supplier; + +import org.junit.jupiter.api.Test; + +import org.springframework.messaging.Message; +import org.springframework.messaging.MessageHeaders; +import org.springframework.messaging.simp.SimpMessageHeaderAccessor; +import org.springframework.messaging.simp.SimpMessageType; +import org.springframework.messaging.support.GenericMessage; +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.Authentication; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +/** + * Tests for {@link MessageMatcherDelegatingAuthorizationManager} + */ +public final class MessageMatcherDelegatingAuthorizationManagerTests { + + @Test + void checkWhenPermitAllThenPermits() { + AuthorizationManager> authorizationManager = builder().anyMessage().permitAll().build(); + Message message = new GenericMessage<>(new Object()); + assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + } + + @Test + void checkWhenAnyMessageHasRoleThenRequires() { + AuthorizationManager> authorizationManager = builder().anyMessage().hasRole("USER").build(); + Message message = new GenericMessage<>(new Object()); + Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER"); + assertThat(authorizationManager.check(() -> user, message).isGranted()).isTrue(); + Authentication admin = new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); + assertThat(authorizationManager.check(() -> admin, message).isGranted()).isFalse(); + } + + @Test + void checkWhenSimpDestinationMatchesThenUses() { + AuthorizationManager> authorizationManager = builder().simpDestMatchers("destination").permitAll() + .anyMessage().denyAll().build(); + MessageHeaders headers = new MessageHeaders( + Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination")); + Message message = new GenericMessage<>(new Object(), headers); + assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + } + + @Test + void checkWhenNullDestinationHeaderMatchesThenUses() { + AuthorizationManager> authorizationManager = builder().nullDestMatcher().permitAll().anyMessage() + .denyAll().build(); + Message message = new GenericMessage<>(new Object()); + assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + MessageHeaders headers = new MessageHeaders( + Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination")); + message = new GenericMessage<>(new Object(), headers); + assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse(); + } + + @Test + void checkWhenSimpTypeMatchesThenUses() { + AuthorizationManager> authorizationManager = builder().simpTypeMatchers(SimpMessageType.CONNECT) + .permitAll().anyMessage().denyAll().build(); + MessageHeaders headers = new MessageHeaders( + Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT)); + Message message = new GenericMessage<>(new Object(), headers); + assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + } + + private MessageMatcherDelegatingAuthorizationManager.Builder builder() { + return MessageMatcherDelegatingAuthorizationManager.builder(); + } + +}