Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2719: Fix order sensitive authenticated().withRoles(..)

This commit is contained in:
Rob Winch 2014-09-16 10:54:50 -05:00
parent 02c3565e22
commit d316f661e8
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
View File

@ -113,7 +113,8 @@ public final class SecurityMockMvcResultMatchers {
if(this.expectedGrantedAuthorities != null) {
assertTrue("Authentication cannot be null", auth != null);
Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
assertEquals(this.expectedGrantedAuthorities + " does not equal " + authorities, this.expectedGrantedAuthorities, authorities);
assertTrue(authorities + " does not contain the same authorities as " + this.expectedGrantedAuthorities, authorities.containsAll(this.expectedGrantedAuthorities));
assertTrue(this.expectedGrantedAuthorities + " does not contain the same authorities as " + authorities , this.expectedGrantedAuthorities.containsAll(authorities));
}
}

75
test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java Normal file
View File

@ -0,0 +1,75 @@
package org.springframework.security.test.web.servlet.response;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@WebAppConfiguration
public class SecurityMockMvcResultMatchersTests {
@Autowired
private WebApplicationContext context;
private MockMvc mockMvc;
@Before
public void setup() {
mockMvc = MockMvcBuilders.webAppContextSetup(context)
.apply(springSecurity())
.build();
}
// SEC-2719
@Test
public void withRolesNotOrderSensitive() throws Exception {
mockMvc.perform(formLogin())
.andExpect(authenticated().withRoles("USER","SELLER"))
.andExpect(authenticated().withRoles("SELLER","USER"));
}
@Test(expected = AssertionError.class)
public void withRolesFailsIfNotAllRoles() throws Exception {
mockMvc.perform(formLogin())
.andExpect(authenticated().withRoles("USER"));
}
@Configuration
@EnableWebMvcSecurity
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").roles("USER","SELLER").password("password");
}
@RestController
static class Controller {
@RequestMapping("/")
public String ok() {
return "ok";
}
}
}
}