Example 1 with WebInvocationPrivilegeEvaluator
use of org.springframework.security.web.access.WebInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class AbstractAuthorizeTagTests method privilegeEvaluatorFromChildContext.
@Test
public void privilegeEvaluatorFromChildContext() throws IOException {
String uri = "/something";
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
tag.setUrl(uri);
WebApplicationContext wac = mock(WebApplicationContext.class);
when(wac.getBeansOfType(WebInvocationPrivilegeEvaluator.class)).thenReturn(Collections.singletonMap("wipe", expected));
servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
tag.authorizeUsingUrlCheck();
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
Also used :
WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)
Authentication(org.springframework.security.core.Authentication)
WebApplicationContext(org.springframework.web.context.WebApplicationContext)
Test(org.junit.Test)
Example 2 with WebInvocationPrivilegeEvaluator
use of org.springframework.security.web.access.WebInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class AbstractAuthorizeTag method getPrivilegeEvaluator.
private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
WebInvocationPrivilegeEvaluator privEvaluatorFromRequest = (WebInvocationPrivilegeEvaluator) getRequest().getAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE);
if (privEvaluatorFromRequest != null) {
return privEvaluatorFromRequest;
}
ApplicationContext ctx = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext());
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
if (wipes.size() == 0) {
throw new IOException("No visible WebInvocationPrivilegeEvaluator instance could be found in the application " + "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
}
return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
}
Also used :
WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)
ApplicationContext(org.springframework.context.ApplicationContext)
IOException(java.io.IOException)
Example 3 with WebInvocationPrivilegeEvaluator
use of org.springframework.security.web.access.WebInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class AbstractAuthorizeTagTests method privilegeEvaluatorFromRequest.
@Test
public void privilegeEvaluatorFromRequest() throws IOException {
String uri = "/something";
WebInvocationPrivilegeEvaluator expected = mock(WebInvocationPrivilegeEvaluator.class);
tag.setUrl(uri);
request.setAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE, expected);
tag.authorizeUsingUrlCheck();
verify(expected).isAllowed(eq(""), eq(uri), eq("GET"), any(Authentication.class));
}
Also used :
WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)
Authentication(org.springframework.security.core.Authentication)
Test(org.junit.Test)
Aggregations
WebInvocationPrivilegeEvaluator (org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)3
Test (org.junit.Test)2
Authentication (org.springframework.security.core.Authentication)2
IOException (java.io.IOException)1
ApplicationContext (org.springframework.context.ApplicationContext)1
WebApplicationContext (org.springframework.web.context.WebApplicationContext)1
