Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 06:12:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Java Configuration Test

Browse Source 
Issue SEC-2256
This commit is contained in:
Rob Winch 2016-03-18 14:03:47 -05:00
parent 41c6a797c3
commit cf66487d3a
1 changed files with 62 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java
View File

@ -15,13 +15,12 @@
*/ */
package org.springframework.security.config.annotation.web.configurers; package org.springframework.security.config.annotation.web.configurers;
import static org.assertj.core.api.Assertions.assertThat;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
@ -35,6 +34,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.FilterChainProxy;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
/** /**
* @author Rob Winch * @author Rob Winch
* *
@ -51,15 +52,16 @@ public class AuthorizeRequestsTests {
@Before @Before
public void setup() { public void setup() {
request = new MockHttpServletRequest(); this.request = new MockHttpServletRequest();
response = new MockHttpServletResponse(); this.request.setMethod("GET");
chain = new MockFilterChain(); this.response = new MockHttpServletResponse();
this.chain = new MockFilterChain();
} }
@After @After
public void cleanup() { public void cleanup() {
if(context != null) { if (this.context != null) {
context.close(); this.context.close();
} }
} }
@ -67,34 +69,80 @@ public class AuthorizeRequestsTests {
@Test @Test
public void antMatchersMethodAndNoPatterns() throws Exception { public void antMatchersMethodAndNoPatterns() throws Exception {
loadConfig(AntMatchersNoPatternsConfig.class); loadConfig(AntMatchersNoPatternsConfig.class);
request.setMethod("POST"); this.request.setMethod("POST");
springSecurityFilterChain.doFilter(request, response, chain); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
} }
@EnableWebSecurity @EnableWebSecurity
@Configuration @Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter { static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http http
.authorizeRequests() .authorizeRequests()
.antMatchers(HttpMethod.POST).denyAll(); .antMatchers(HttpMethod.POST).denyAll();
// @formatter:on
} }
@Override @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception { protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth auth
.inMemoryAuthentication(); .inMemoryAuthentication();
// @formatter:on
}
}
// SEC-2256
@Test
public void antMatchersPathVariables() throws Exception {
loadConfig(AntPatchersPathVariables.class);
this.request.setServletPath("/user/user");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
this.setup();
this.request.setServletPath("/user/deny");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}
@EnableWebSecurity
@Configuration
static class AntPatchersPathVariables extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/user/{user}").access("#user == 'user'")
.anyRequest().denyAll();
// @formatter:on
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth
.inMemoryAuthentication();
// @formatter:on
} }
} }
public void loadConfig(Class<?>... configs) { public void loadConfig(Class<?>... configs) {
context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
context.register(configs); this.context.register(configs);
context.refresh(); this.context.refresh();
context.getAutowireCapableBeanFactory().autowireBean(this); this.context.getAutowireCapableBeanFactory().autowireBean(this);
} }
} }