Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2705: DefaultMessageSecurityExpressionHandler populates AuthenticationTrustResolver

This commit is contained in:
Rob Winch 2014-11-19 11:25:07 -06:00
parent 3b8f7fdd67
commit ff95a34b1f
2 changed files with 91 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
View File

@ -19,7 +19,10 @@ import org.springframework.messaging.Message;
import org.springframework.security.access.expression.AbstractSecurityExpressionHandler;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.expression.SecurityExpressionOperations;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* The default implementation of {@link SecurityExpressionHandler} which uses a {@link MessageSecurityExpressionRoot}.
@ -31,8 +34,17 @@ import org.springframework.security.core.Authentication;
*/
public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurityExpressionHandler<Message<T>> {
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@Override
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message<T> invocation) {
return new MessageSecurityExpressionRoot(authentication,invocation);
MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication,invocation);
root.setTrustResolver(trustResolver);
return root;
}
public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
Assert.notNull(trustResolver,"trustResolver cannot be null");
this.trustResolver = trustResolver;
}
}

78
messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java Normal file
View File

@ -0,0 +1,78 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.messaging.access.expression;
import static org.fest.assertions.Assertions.*;
import static org.mockito.Mockito.*;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.messaging.Message;
import org.springframework.messaging.support.GenericMessage;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
@RunWith(MockitoJUnitRunner.class)
public class DefaultMessageSecurityExpressionHandlerTests {
@Mock
AuthenticationTrustResolver trustResolver;
DefaultMessageSecurityExpressionHandler<Object> handler;
Message<Object> message;
Authentication authentication;
@Before
public void setup() {
handler = new DefaultMessageSecurityExpressionHandler<Object>();
message = new GenericMessage<Object>("");
authentication = new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
}
// SEC-2705
@Test
public void trustResolverPopulated() {
EvaluationContext context = handler.createEvaluationContext(authentication, message);
Expression expression = handler.getExpressionParser().parseExpression("authenticated");
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isFalse();
}
@Test(expected = IllegalArgumentException.class)
public void trustResolverNull() {
handler.setTrustResolver(null);
}
@Test
public void trustResolverCustom() {
handler.setTrustResolver(trustResolver);
EvaluationContext context = handler.createEvaluationContext(authentication, message);
Expression expression = handler.getExpressionParser().parseExpression("authenticated");
when(trustResolver.isAnonymous(authentication)).thenReturn(false);
assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
}
}