Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Search in sources :

Example 66 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class SecuredAnnotationSecurityMetadataSourceTests method classLevelAttributesAreFound.

@Test
public void classLevelAttributesAreFound() {
    Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
    assertThat(attrs).isNotNull();
    // expect 1 annotation
    assertThat(attrs).hasSize(1);
    // should have 1 SecurityConfig
    SecurityConfig sc = (SecurityConfig) attrs.toArray()[0];
    assertThat(sc.getAttribute()).isEqualTo("ROLE_USER");
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 67 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class SecuredAnnotationSecurityMetadataSourceTests method genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride.

// ~ Methods
// ========================================================================================================
@Test
public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
    Method method = null;
    try {
        method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class });
    } catch (NoSuchMethodException unexpected) {
        fail("Should be a superMethod called 'someUserMethod3' on class!");
    }
    Collection<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
    assertThat(attrs).isNotNull();
    // expect 1 attribute
    assertThat(attrs.size() == 1).as("Did not find 1 attribute").isTrue();
    // should have 1 SecurityConfig
    for (ConfigAttribute sc : attrs) {
        assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
    }
    Method superMethod = null;
    try {
        superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class });
    } catch (NoSuchMethodException unexpected) {
        fail("Should be a superMethod called 'someUserMethod3' on class!");
    }
    Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
    assertThat(superAttrs).isNotNull();
    // This part of the test relates to SEC-274
    // expect 1 attribute
    assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1);
    // should have 1 SecurityConfig
    for (ConfigAttribute sc : superAttrs) {
        assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
    }
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) Method(java.lang.reflect.Method) Test(org.junit.Test)

Example 68 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class PrePostAnnotationSecurityMetadataSourceTests method proxyFactoryInterfaceAttributesFound.

@Test
public void proxyFactoryInterfaceAttributesFound() throws Exception {
    MockMethodInvocation mi = MethodInvocationFactory.createSec2150MethodInvocation();
    Collection<ConfigAttribute> attributes = mds.getAttributes(mi);
    assertThat(attributes.size()).isEqualTo(1);
    Expression expression = (Expression) ReflectionTestUtils.getField(attributes.iterator().next(), "authorizeExpression");
    assertThat(expression.getExpressionString()).isEqualTo("hasRole('ROLE_PERSON')");
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) Expression(org.springframework.expression.Expression) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) Test(org.junit.Test)

Example 69 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class UnanimousBasedTests method testRoleVoterPrefixObserved.

@Test
public void testRoleVoterPrefixObserved() throws Exception {
    TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
    UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
    List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "FOOBAR_1", "FOOBAR_2" });
    mgr.decide(auth, new Object(), config);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 70 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class UnanimousBasedTests method testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess.

@Test
public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
    TestingAuthenticationToken auth = makeTestToken();
    UnanimousBased mgr = makeDecisionManager();
    List<ConfigAttribute> config = SecurityConfig.createList(new String[] { "ROLE_1", "ROLE_2" });
    mgr.decide(auth, new Object(), config);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Aggregations

ConfigAttribute (org.springframework.security.access.ConfigAttribute)88 Test (org.junit.Test)54 SecurityConfig (org.springframework.security.access.SecurityConfig)21 FilterInvocation (org.springframework.security.web.FilterInvocation)15 AccessDeniedException (org.springframework.security.access.AccessDeniedException)13 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 ArrayList (java.util.ArrayList)9 LinkedHashMap (java.util.LinkedHashMap)8 Authentication (org.springframework.security.core.Authentication)8 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8 Collection (java.util.Collection)6 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6 Method (java.lang.reflect.Method)5 List (java.util.List)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial