SEC-271: copied Bank* unit test and relevant classes to test @Secured annotation as a part of autoconfig tag work
This commit is contained in:
parent
3cdce8662e
commit
e0956920c7
|
@ -0,0 +1,50 @@
|
|||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.annotation.Secured;
|
||||
|
||||
|
||||
/**
|
||||
* <code>BankService</code> sample using Java 5 Annotations.
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: BankService.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*
|
||||
* @see org.acegisecurity.annotation.Secured
|
||||
*/
|
||||
@Secured({"ROLE_TELLER"})
|
||||
public interface BankService {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* Get the account balance.
|
||||
*
|
||||
* @param accountNumber The account number
|
||||
*
|
||||
* @return The balance
|
||||
*/
|
||||
@Secured({"ROLE_PERMISSION_BALANCE"})
|
||||
public float balance(String accountNumber);
|
||||
|
||||
/**
|
||||
* List accounts
|
||||
*
|
||||
* @return The list of accounts
|
||||
*/
|
||||
@Secured({"ROLE_PERMISSION_LIST"})
|
||||
public String[] listAccounts();
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
/**
|
||||
* <code>BankService</code> sample implementation.
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: BankServiceImpl.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class BankServiceImpl implements BankService {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public float balance(String accountNumber) {
|
||||
return 42000000;
|
||||
}
|
||||
|
||||
public String[] listAccounts() {
|
||||
return new String[] {"1", "2", "3"};
|
||||
}
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import org.acegisecurity.AccessDeniedException;
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.context.SecurityContextImpl;
|
||||
|
||||
import org.acegisecurity.providers.TestingAuthenticationToken;
|
||||
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
DOCUMENT ME!
|
||||
*
|
||||
* @author Mark St.Godard
|
||||
* @version $Id: Main.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class Main {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/**
|
||||
* This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
|
||||
*/
|
||||
private static void createSecureContext() {
|
||||
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
|
||||
new GrantedAuthority[] {
|
||||
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
|
||||
});
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
|
||||
private static void destroySecureContext() {
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
createSecureContext();
|
||||
|
||||
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
|
||||
"org/acegisecurity/config/auto-config.xml");
|
||||
BankService service = (BankService) context.getBean("bankService");
|
||||
|
||||
// will succeed
|
||||
service.listAccounts();
|
||||
|
||||
// will fail
|
||||
try {
|
||||
System.out.println(
|
||||
"We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
|
||||
service.balance("1");
|
||||
} catch (AccessDeniedException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
destroySecureContext();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,99 @@
|
|||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.acegisecurity;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.acegisecurity.AccessDeniedException;
|
||||
import org.acegisecurity.GrantedAuthority;
|
||||
import org.acegisecurity.GrantedAuthorityImpl;
|
||||
|
||||
import org.acegisecurity.context.SecurityContextHolder;
|
||||
import org.acegisecurity.context.SecurityContextImpl;
|
||||
|
||||
import org.acegisecurity.providers.TestingAuthenticationToken;
|
||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Tests security objects.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id: BankTests.java 1496 2006-05-23 13:38:33Z benalex $
|
||||
*/
|
||||
public class BankTests extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private BankService service;
|
||||
private ClassPathXmlApplicationContext ctx;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public BankTests() {
|
||||
super();
|
||||
}
|
||||
|
||||
public BankTests(String arg0) {
|
||||
super(arg0);
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
private static void createSecureContext() {
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
|
||||
new GrantedAuthority[] {
|
||||
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
|
||||
});
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
|
||||
private static void destroySecureContext() {
|
||||
SecurityContextHolder.setContext(new SecurityContextImpl());
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
junit.textui.TestRunner.run(BankTests.class);
|
||||
}
|
||||
|
||||
public final void setUp() throws Exception {
|
||||
super.setUp();
|
||||
ctx = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
|
||||
service = (BankService) ctx.getBean("bankService");
|
||||
}
|
||||
|
||||
public void testDeniedAccess() throws Exception {
|
||||
createSecureContext();
|
||||
|
||||
try {
|
||||
service.balance("1");
|
||||
fail("Should have thrown AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
assertTrue(true);
|
||||
}
|
||||
destroySecureContext();
|
||||
}
|
||||
|
||||
public void testListAccounts() throws Exception {
|
||||
createSecureContext();
|
||||
service.listAccounts();
|
||||
destroySecureContext();
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue