Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish MethodSecurityExpressionHandler Test 

- Rename to follow convention
- Use a mock object to verify usage

Issue gh-15715
This commit is contained in:
Josh Cummings 2024-09-10 13:12:47 -06:00
parent fc3de5e41a
commit be6dc1d2bf
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
View File

@ -16,8 +16,6 @@
package org.springframework.security.config.annotation.method.configuration; package org.springframework.security.config.annotation.method.configuration;
import java.io.Serializable;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import reactor.test.StepVerifier; import reactor.test.StepVerifier;
@ -31,11 +29,17 @@ import org.springframework.security.access.expression.method.DefaultMethodSecuri
import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.core.Authentication;
import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners; import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.context.junit.jupiter.SpringExtension;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@ExtendWith({ SpringExtension.class, SpringTestContextExtension.class }) @ExtendWith({ SpringExtension.class, SpringTestContextExtension.class })
@SecurityTestExecutionListeners @SecurityTestExecutionListeners
public class PrePostReactiveMethodSecurityConfigurationTests { public class PrePostReactiveMethodSecurityConfigurationTests {
@ -211,13 +215,17 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
@Test @Test
@WithMockUser(roles = "ADMIN") @WithMockUser(roles = "ADMIN")
public void customMethodSecurityExpressionHandler() { public void preAuthorizeWhenCustomMethodSecurityExpressionHandlerThenUses() {
this.spring.register(MethodSecurityServiceEnabledConfig.class, PermissionEvaluatorConfig.class).autowire(); this.spring.register(MethodSecurityServiceEnabledConfig.class, PermissionEvaluatorConfig.class).autowire();
ReactiveMethodSecurityService service = this.spring.getContext().getBean(ReactiveMethodSecurityService.class); ReactiveMethodSecurityService service = this.spring.getContext().getBean(ReactiveMethodSecurityService.class);
PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
given(permissionEvaluator.hasPermission(any(), eq("grant"), any())).willReturn(true);
given(permissionEvaluator.hasPermission(any(), eq("deny"), any())).willReturn(false);
StepVerifier.create(service.preAuthorizeHasPermission("grant")).expectNext("ok").verifyComplete(); StepVerifier.create(service.preAuthorizeHasPermission("grant")).expectNext("ok").verifyComplete();
StepVerifier.create(service.preAuthorizeHasPermission("deny")) StepVerifier.create(service.preAuthorizeHasPermission("deny"))
.expectError(AuthorizationDeniedException.class) .expectError(AuthorizationDeniedException.class)
.verify(); .verify();
verify(permissionEvaluator, times(2)).hasPermission(any(), any(), any());
} }
@Configuration @Configuration
@ -235,22 +243,16 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
static class PermissionEvaluatorConfig { static class PermissionEvaluatorConfig {
@Bean @Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE) static PermissionEvaluator permissionEvaluator() {
static DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler() { return mock(PermissionEvaluator.class);
DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler(); }
handler.setPermissionEvaluator(new PermissionEvaluator() {
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject,
Object permission) {
return "grant".equals(targetDomainObject);
}
@Override @Bean
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
Object permission) { static DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler(
throw new UnsupportedOperationException(); PermissionEvaluator permissionEvaluator) {
} DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
}); handler.setPermissionEvaluator(permissionEvaluator);
return handler; return handler;
} }