Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 12:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish Tests

Browse Source 
Issue gh-16771
This commit is contained in:
Josh Cummings 2025-03-21 14:35:12 -06:00
parent 3d96878d43
commit bfc12d55eb
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 38 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
web/src/test/java/org/springframework/security/web/access/RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests.java
View File

@ -16,8 +16,6 @@
package org.springframework.security.web.access; package org.springframework.security.web.access;
import java.util.Arrays;
import java.util.Collections;
import java.util.List; import java.util.List;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@ -70,50 +68,41 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
@Test @Test
void isAllowedWhenDelegatesEmptyThenAllowed() { void isAllowedWhenDelegatesEmptyThenAllowed() {
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator();
Collections.emptyList());
assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue();
} }
@Test @Test
void isAllowedWhenNotMatchThenAllowed() { void isAllowedWhenNotMatchThenAllowed() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> notMatch = new RequestMatcherEntry<>(this.alwaysDeny, RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> notMatch = entry(this.alwaysDeny,
Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysAllow())); TestWebInvocationPrivilegeEvaluator.alwaysAllow());
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator(notMatch);
Collections.singletonList(notMatch));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue();
verify(notMatch.getRequestMatcher()).matches(any()); verify(notMatch.getRequestMatcher()).matches(any());
} }
@Test @Test
void isAllowedWhenPrivilegeEvaluatorAllowThenAllowedTrue() { void isAllowedWhenPrivilegeEvaluatorAllowThenAllowedTrue() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>( WebInvocationPrivilegeEvaluator delegating = evaluator(allow(this.alwaysMatch));
this.alwaysMatch, Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysAllow()));
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(
Collections.singletonList(delegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue();
} }
@Test @Test
void isAllowedWhenPrivilegeEvaluatorDenyThenAllowedFalse() { void isAllowedWhenPrivilegeEvaluatorDenyThenAllowedFalse() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>( WebInvocationPrivilegeEvaluator delegating = evaluator(deny(this.alwaysMatch));
this.alwaysMatch, Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysDeny()));
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(
Collections.singletonList(delegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse();
} }
@Test @Test
void isAllowedWhenNotMatchThenMatchThenOnlySecondDelegateInvoked() { void isAllowedWhenNotMatchThenMatchThenOnlySecondDelegateInvoked() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> notMatchDelegate = new RequestMatcherEntry<>( RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> notMatchDelegate = entry(this.alwaysDeny,
this.alwaysDeny, Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysAllow())); TestWebInvocationPrivilegeEvaluator.alwaysAllow());
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> matchDelegate = new RequestMatcherEntry<>( RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> matchDelegate = entry(this.alwaysMatch,
this.alwaysMatch, Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysAllow())); TestWebInvocationPrivilegeEvaluator.alwaysAllow());
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> spyNotMatchDelegate = spy(notMatchDelegate); RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> spyNotMatchDelegate = spy(notMatchDelegate);
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> spyMatchDelegate = spy(matchDelegate); RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> spyMatchDelegate = spy(matchDelegate);
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator(notMatchDelegate, spyMatchDelegate);
Arrays.asList(notMatchDelegate, spyMatchDelegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue();
verify(spyNotMatchDelegate.getRequestMatcher()).matches(any()); verify(spyNotMatchDelegate.getRequestMatcher()).matches(any());
verify(spyNotMatchDelegate, never()).getEntry(); verify(spyNotMatchDelegate, never()).getEntry();
@ -124,10 +113,8 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
@Test @Test
void isAllowedWhenDelegatePrivilegeEvaluatorsEmptyThenAllowedTrue() { void isAllowedWhenDelegatePrivilegeEvaluatorsEmptyThenAllowedTrue() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>( RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = entry(this.alwaysMatch);
this.alwaysMatch, Collections.emptyList()); WebInvocationPrivilegeEvaluator delegating = evaluator(delegate);
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(
Collections.singletonList(delegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isTrue();
} }
@ -137,11 +124,10 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
WebInvocationPrivilegeEvaluator allow = TestWebInvocationPrivilegeEvaluator.alwaysAllow(); WebInvocationPrivilegeEvaluator allow = TestWebInvocationPrivilegeEvaluator.alwaysAllow();
WebInvocationPrivilegeEvaluator spyDeny = spy(deny); WebInvocationPrivilegeEvaluator spyDeny = spy(deny);
WebInvocationPrivilegeEvaluator spyAllow = spy(allow); WebInvocationPrivilegeEvaluator spyAllow = spy(allow);
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>( RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = entry(this.alwaysMatch, spyDeny,
this.alwaysMatch, Arrays.asList(spyDeny, spyAllow)); spyAllow);
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator(delegate);
Collections.singletonList(delegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse();
verify(spyDeny).isAllowed(any(), any()); verify(spyDeny).isAllowed(any(), any());
@ -152,11 +138,9 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
void isAllowedWhenDifferentArgumentsThenCallSpecificIsAllowedInDelegate() { void isAllowedWhenDifferentArgumentsThenCallSpecificIsAllowedInDelegate() {
WebInvocationPrivilegeEvaluator deny = TestWebInvocationPrivilegeEvaluator.alwaysDeny(); WebInvocationPrivilegeEvaluator deny = TestWebInvocationPrivilegeEvaluator.alwaysDeny();
WebInvocationPrivilegeEvaluator spyDeny = spy(deny); WebInvocationPrivilegeEvaluator spyDeny = spy(deny);
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>( RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = entry(this.alwaysMatch, spyDeny);
this.alwaysMatch, Collections.singletonList(spyDeny));
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator(delegate);
Collections.singletonList(delegate));
assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse(); assertThat(delegating.isAllowed(this.uri, this.authentication)).isFalse();
assertThat(delegating.isAllowed("/cp", this.uri, "GET", this.authentication)).isFalse(); assertThat(delegating.isAllowed("/cp", this.uri, "GET", this.authentication)).isFalse();
@ -172,10 +156,8 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
ArgumentCaptor<HttpServletRequest> argumentCaptor = ArgumentCaptor.forClass(HttpServletRequest.class); ArgumentCaptor<HttpServletRequest> argumentCaptor = ArgumentCaptor.forClass(HttpServletRequest.class);
RequestMatcher requestMatcher = mock(RequestMatcher.class); RequestMatcher requestMatcher = mock(RequestMatcher.class);
WebInvocationPrivilegeEvaluator wipe = mock(WebInvocationPrivilegeEvaluator.class); WebInvocationPrivilegeEvaluator wipe = mock(WebInvocationPrivilegeEvaluator.class);
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>(requestMatcher, RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = entry(requestMatcher, wipe);
Collections.singletonList(wipe)); RequestMatcherDelegatingWebInvocationPrivilegeEvaluator requestMatcherWipe = evaluator(delegate);
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator requestMatcherWipe = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(
Collections.singletonList(delegate));
requestMatcherWipe.setServletContext(servletContext); requestMatcherWipe.setServletContext(servletContext);
requestMatcherWipe.isAllowed("/foo/index.jsp", token); requestMatcherWipe.isAllowed("/foo/index.jsp", token);
verify(requestMatcher).matches(argumentCaptor.capture()); verify(requestMatcher).matches(argumentCaptor.capture());
@ -186,19 +168,13 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
void constructorWhenPrivilegeEvaluatorsNullThenException() { void constructorWhenPrivilegeEvaluatorsNullThenException() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> entry = new RequestMatcherEntry<>(this.alwaysMatch, RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> entry = new RequestMatcherEntry<>(this.alwaysMatch,
null); null);
assertThatIllegalArgumentException() assertThatIllegalArgumentException().isThrownBy(() -> evaluator(entry))
.isThrownBy(
() -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry)))
.withMessageContaining("webInvocationPrivilegeEvaluators cannot be null"); .withMessageContaining("webInvocationPrivilegeEvaluators cannot be null");
} }
@Test @Test
void constructorWhenRequestMatcherNullThenException() { void constructorWhenRequestMatcherNullThenException() {
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> entry = new RequestMatcherEntry<>(null, assertThatIllegalArgumentException().isThrownBy(() -> evaluator(deny(null)))
Collections.singletonList(mock(WebInvocationPrivilegeEvaluator.class)));
assertThatIllegalArgumentException()
.isThrownBy(
() -> new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(entry)))
.withMessageContaining("requestMatcher cannot be null"); .withMessageContaining("requestMatcher cannot be null");
} }
@ -207,8 +183,7 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
void isAllowedWhenInvokesDelegateThenCachesRequestPath() { void isAllowedWhenInvokesDelegateThenCachesRequestPath() {
PathPatternRequestMatcher path = PathPatternRequestMatcher.withDefaults().matcher("/path/**"); PathPatternRequestMatcher path = PathPatternRequestMatcher.withDefaults().matcher("/path/**");
PathPatternRequestMatcher any = PathPatternRequestMatcher.withDefaults().matcher("/**"); PathPatternRequestMatcher any = PathPatternRequestMatcher.withDefaults().matcher("/**");
WebInvocationPrivilegeEvaluator delegating = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator( WebInvocationPrivilegeEvaluator delegating = evaluator(deny(path), deny(any));
List.of(deny(path), deny(any)));
try (MockedStatic<ServletRequestPathUtils> utils = Mockito.mockStatic(ServletRequestPathUtils.class, try (MockedStatic<ServletRequestPathUtils> utils = Mockito.mockStatic(ServletRequestPathUtils.class,
Mockito.CALLS_REAL_METHODS)) { Mockito.CALLS_REAL_METHODS)) {
delegating.isAllowed("/uri", null); delegating.isAllowed("/uri", null);
@ -216,9 +191,22 @@ class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests {
} }
} }
@SuppressWarnings({ "rawtypes", "unchecked" })
private RequestMatcherDelegatingWebInvocationPrivilegeEvaluator evaluator(RequestMatcherEntry... entries) {
return new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List.of(entries));
}
private RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> allow(RequestMatcher requestMatcher) {
return entry(requestMatcher, TestWebInvocationPrivilegeEvaluator.alwaysAllow());
}
private RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> deny(RequestMatcher requestMatcher) { private RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> deny(RequestMatcher requestMatcher) {
return new RequestMatcherEntry<>(requestMatcher, return entry(requestMatcher, TestWebInvocationPrivilegeEvaluator.alwaysDeny());
Collections.singletonList(TestWebInvocationPrivilegeEvaluator.alwaysDeny())); }
private RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> entry(RequestMatcher requestMatcher,
WebInvocationPrivilegeEvaluator... evaluators) {
return new RequestMatcherEntry<>(requestMatcher, List.of(evaluators));
} }
} }