Example 1 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-boot by spring-projects.
the class AuthorizationAuditListenerTests method testAuthenticationCredentialsNotFound.
@Test
public void testAuthenticationCredentialsNotFound() {
AuditApplicationEvent event = handleAuthorizationEvent(new AuthenticationCredentialsNotFoundEvent(this, Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")), new AuthenticationCredentialsNotFoundException("Bad user")));
assertThat(event.getAuditEvent().getType()).isEqualTo(AuthenticationAuditListener.AUTHENTICATION_FAILURE);
}
Also used :
AuthenticationCredentialsNotFoundEvent(org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent)
AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
AuditApplicationEvent(org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)
Test(org.junit.Test)
Example 2 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-boot by spring-projects.
the class AuthorizationAuditListenerTests method testAuthorizationFailure.
@Test
public void testAuthorizationFailure() {
AuditApplicationEvent event = handleAuthorizationEvent(new AuthorizationFailureEvent(this, Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")), new UsernamePasswordAuthenticationToken("user", "password"), new AccessDeniedException("Bad user")));
assertThat(event.getAuditEvent().getType()).isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
AuditApplicationEvent(org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent)
Test(org.junit.Test)
Example 3 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class SecuredAnnotationMetadataExtractor method extractAttributes.
public Collection<ConfigAttribute> extractAttributes(Secured secured) {
String[] attributeTokens = secured.value();
List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeTokens.length);
for (String token : attributeTokens) {
attributes.add(new SecurityConfig(token));
}
return attributes;
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
Example 4 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class SecurityConfigTests method testToString.
@Test
public void testToString() {
SecurityConfig config = new SecurityConfig("TEST");
assertThat(config.toString()).isEqualTo("TEST");
}
Also used :
SecurityConfig(org.springframework.security.access.SecurityConfig)
Test(org.junit.Test)
Example 5 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class SecuredAnnotationSecurityMetadataSourceTests method methodLevelAttributesAreFound.
@Test
public void methodLevelAttributesAreFound() {
Method method = null;
try {
method = BusinessService.class.getMethod("someUserAndAdminMethod", new Class[] {});
} catch (NoSuchMethodException unexpected) {
fail("Should be a method called 'someUserAndAdminMethod' on class!");
}
Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
assertThat(attrs).isNotNull();
// expect 2 attributes
assertThat(attrs).hasSize(2);
boolean user = false;
boolean admin = false;
// should have 2 SecurityConfigs
for (ConfigAttribute sc : attrs) {
assertThat(sc instanceof SecurityConfig).isTrue();
if (sc.getAttribute().equals("ROLE_USER")) {
user = true;
} else if (sc.getAttribute().equals("ROLE_ADMIN")) {
admin = true;
}
}
// expect to have ROLE_USER and ROLE_ADMIN
assertThat(user && admin).isTrue();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
Method(java.lang.reflect.Method)
Test(org.junit.Test)
Aggregations
SecurityConfig (org.springframework.security.access.SecurityConfig)39
Test (org.junit.Test)33
ConfigAttribute (org.springframework.security.access.ConfigAttribute)21
List (java.util.List)7
Vector (java.util.Vector)6
Authentication (org.springframework.security.core.Authentication)6
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
AuditApplicationEvent (org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)3
ArrayList (java.util.ArrayList)2
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)2
DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)2
Method (java.lang.reflect.Method)1
LinkedHashMap (java.util.LinkedHashMap)1
Before (org.junit.Before)1
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1
