diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java index 0d6174a569..ac6a10ee2f 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java @@ -36,6 +36,14 @@ public abstract class SecurityExpressionRoot { this.authentication = a; } + public final boolean hasAuthority(String authority) { + return hasRole(authority); + } + + public final boolean hasAnyAuthority(String... authorities) { + return hasAnyRole(authorities); + } + public final boolean hasRole(String role) { return getAuthoritySet().contains(role); } diff --git a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java index 3d7dc9e5af..287ef273ee 100644 --- a/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/SecurityExpressionRootTests.java @@ -1,12 +1,16 @@ package org.springframework.security.access.expression; import static org.junit.Assert.*; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import java.util.Collection; import org.junit.Test; import org.springframework.security.access.hierarchicalroles.RoleHierarchy; +import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; @@ -16,11 +20,30 @@ import org.springframework.security.core.authority.AuthorityUtils; * @since 3.0 */ public class SecurityExpressionRootTests { + private final Authentication JOE = new TestingAuthenticationToken("joe", "pass", "A", "B"); + + @Test + public void denyAllIsFalsePermitAllTrue() throws Exception { + SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {}; + assertFalse(root.denyAll()); + assertFalse(root.denyAll); + assertTrue(root.permitAll()); + assertTrue(root.permitAll); + } + + @Test + public void rememberMeIsCorrectlyDetected() throws Exception { + SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {}; + AuthenticationTrustResolver atr = mock(AuthenticationTrustResolver.class); + root.setTrustResolver(atr); + when(atr.isRememberMe(JOE)).thenReturn(true); + assertTrue(root.isRememberMe()); + assertFalse(root.isFullyAuthenticated()); + } @Test public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() throws Exception { - SecurityExpressionRoot root = - new SecurityExpressionRoot(new TestingAuthenticationToken("joe", "pass", "A", "B")) {}; + SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {}; root.setRoleHierarchy(new RoleHierarchy() { public Collection getReachableGrantedAuthorities(Collection authorities) { @@ -29,9 +52,11 @@ public class SecurityExpressionRootTests { }); assertTrue(root.hasRole("C")); + assertTrue(root.hasAuthority("C")); assertFalse(root.hasRole("A")); assertFalse(root.hasRole("B")); assertTrue(root.hasAnyRole("C", "A", "B")); + assertTrue(root.hasAnyAuthority("C", "A", "B")); assertFalse(root.hasAnyRole("A", "B")); } }