SEC-271: copied Bank* unit test and relevant classes to test @Secured annotation as a part of autoconfig tag work

sandbox/spring-security-config/src/main/java/org/acegisecurity/BankService.java

@@ -0,0 +1,50 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity;
+
+import org.acegisecurity.annotation.Secured;
+
+
+/**
+ * <code>BankService</code> sample using Java 5 Annotations.
+ *
+ * @author Mark St.Godard
+ * @version $Id: BankService.java 1496 2006-05-23 13:38:33Z benalex $
+ * 
+ * @see org.acegisecurity.annotation.Secured
+ */
+@Secured({"ROLE_TELLER"})
+public interface BankService {
+    //~ Methods ========================================================================================================
+
+    /**
+     * Get the account balance.
+     *
+     * @param accountNumber The account number
+     *
+     * @return The balance
+     */
+    @Secured({"ROLE_PERMISSION_BALANCE"})
+    public float balance(String accountNumber);
+
+    /**
+     * List accounts
+     *
+     * @return The list of accounts
+     */
+    @Secured({"ROLE_PERMISSION_LIST"})
+    public String[] listAccounts();
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/BankServiceImpl.java

@@ -0,0 +1,34 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity;
+
+/**
+ * <code>BankService</code> sample implementation.
+ *
+ * @author Mark St.Godard
+ * @version $Id: BankServiceImpl.java 1496 2006-05-23 13:38:33Z benalex $
+ */
+public class BankServiceImpl implements BankService {
+    //~ Methods ========================================================================================================
+
+    public float balance(String accountNumber) {
+        return 42000000;
+    }
+
+    public String[] listAccounts() {
+        return new String[] {"1", "2", "3"};
+    }
+}

sandbox/spring-security-config/src/main/java/org/acegisecurity/Main.java

@@ -0,0 +1,77 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.context.SecurityContextImpl;
+
+import org.acegisecurity.providers.TestingAuthenticationToken;
+
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+
+/**
+ * 
+DOCUMENT ME!
+ *
+ * @author Mark St.Godard
+ * @version $Id: Main.java 1496 2006-05-23 13:38:33Z benalex $
+ */
+public class Main {
+    //~ Methods ========================================================================================================
+
+    /**
+     * This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
+     */
+    private static void createSecureContext() {
+        TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
+                new GrantedAuthority[] {
+                    new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
+                });
+
+        SecurityContextHolder.getContext().setAuthentication(auth);
+    }
+
+    private static void destroySecureContext() {
+        SecurityContextHolder.setContext(new SecurityContextImpl());
+    }
+
+    public static void main(String[] args) throws Exception {
+        createSecureContext();
+
+        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
+                "org/acegisecurity/config/auto-config.xml");
+        BankService service = (BankService) context.getBean("bankService");
+
+        // will succeed
+        service.listAccounts();
+
+        // will fail
+        try {
+            System.out.println(
+                "We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
+            service.balance("1");
+        } catch (AccessDeniedException e) {
+            e.printStackTrace();
+        }
+
+        destroySecureContext();
+    }
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/BankTests.java

@@ -0,0 +1,99 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.acegisecurity;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+
+import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.context.SecurityContextImpl;
+
+import org.acegisecurity.providers.TestingAuthenticationToken;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+
+
+
+/**
+ * Tests security objects.
+ *
+ * @author Ben Alex
+ * @version $Id: BankTests.java 1496 2006-05-23 13:38:33Z benalex $
+ */
+public class BankTests extends TestCase {
+    //~ Instance fields ================================================================================================
+
+    private BankService service;
+    private ClassPathXmlApplicationContext ctx;
+
+    //~ Constructors ===================================================================================================
+
+    public BankTests() {
+        super();
+    }
+
+    public BankTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ========================================================================================================
+
+    private static void createSecureContext() {
+        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("test", "test",
+                new GrantedAuthority[] {
+                    new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
+                });
+
+        SecurityContextHolder.getContext().setAuthentication(auth);
+    }
+
+    private static void destroySecureContext() {
+        SecurityContextHolder.setContext(new SecurityContextImpl());
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(BankTests.class);
+    }
+
+    public final void setUp() throws Exception {
+        super.setUp();
+        ctx = new ClassPathXmlApplicationContext("org/acegisecurity/config/auto-config.xml");
+        service = (BankService) ctx.getBean("bankService");
+    }
+
+    public void testDeniedAccess() throws Exception {
+        createSecureContext();
+
+        try {
+            service.balance("1");
+            fail("Should have thrown AccessDeniedException");
+        } catch (AccessDeniedException expected) {
+            assertTrue(true);
+        }
+        destroySecureContext();
+    }
+
+    public void testListAccounts() throws Exception {
+        createSecureContext();
+        service.listAccounts();
+        destroySecureContext();
+    }
+}