Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Example 91 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class Jsr250MethodSecurityMetadataSourceTests method classLevelAnnotationsIgnoredByExplicitMemberAnnotation.

@Test
public void classLevelAnnotationsIgnoredByExplicitMemberAnnotation() throws Exception {
    Child target = new Child();
    MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "explicitMethod");
    Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
    assertThat(accessAttributes).hasSize(1);
    assertThat(accessAttributes.toArray()[0].toString()).isEqualTo("ROLE_EXPLICIT");
}

Example 92 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class Jsr250MethodSecurityMetadataSourceTests method classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers.

// JSR-250 Spec Tests
/**
 * Class-level annotations only affect the class they annotate and their members, that
 * is, its methods and fields. They never affect a member declared by a superclass,
 * even if it is not hidden or overridden by the class in question.
 * @throws Exception
 */
@Test
public void classLevelAnnotationsOnlyAffectTheClassTheyAnnotateAndTheirMembers() throws Exception {
    Child target = new Child();
    MockMethodInvocation mi = new MockMethodInvocation(target, target.getClass(), "notOverriden");
    Collection<ConfigAttribute> accessAttributes = this.mds.getAttributes(mi);
    assertThat(accessAttributes).isNull();
}

Example 93 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class SecuredAnnotationSecurityMetadataSourceTests method genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride.

@Test
public void genericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() {
    Method method = null;
    try {
        method = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Department.class });
    } catch (NoSuchMethodException unexpected) {
        fail("Should be a superMethod called 'someUserMethod3' on class!");
    }
    Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, DepartmentServiceImpl.class);
    assertThat(attrs).isNotNull();
    // expect 1 attribute
    assertThat(attrs.size() == 1).as("Did not find 1 attribute").isTrue();
    // should have 1 SecurityConfig
    for (ConfigAttribute sc : attrs) {
        assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
    }
    Method superMethod = null;
    try {
        superMethod = DepartmentServiceImpl.class.getMethod("someUserMethod3", new Class[] { Entity.class });
    } catch (NoSuchMethodException unexpected) {
        fail("Should be a superMethod called 'someUserMethod3' on class!");
    }
    Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
    assertThat(superAttrs).isNotNull();
    // This part of the test relates to SEC-274
    // expect 1 attribute
    assertThat(superAttrs).as("Did not find 1 attribute").hasSize(1);
    // should have 1 SecurityConfig
    for (ConfigAttribute sc : superAttrs) {
        assertThat(sc.getAttribute()).as("Found an incorrect role").isEqualTo("ROLE_ADMIN");
    }
}

Example 94 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class SecuredAnnotationSecurityMetadataSourceTests method classLevelAttributesAreFound.

@Test
public void classLevelAttributesAreFound() {
    Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
    assertThat(attrs).isNotNull();
    // expect 1 annotation
    assertThat(attrs).hasSize(1);
    // should have 1 SecurityConfig
    SecurityConfig sc = (SecurityConfig) attrs.toArray()[0];
    assertThat(sc.getAttribute()).isEqualTo("ROLE_USER");
}

Example 95 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class Jsr250VoterTests method supportsMultipleRolesCorrectly.

// SEC-1443
@Test
public void supportsMultipleRolesCorrectly() {
    List<ConfigAttribute> attrs = new ArrayList<>();
    Jsr250Voter voter = new Jsr250Voter();
    attrs.add(new Jsr250SecurityConfig("A"));
    attrs.add(new Jsr250SecurityConfig("B"));
    attrs.add(new Jsr250SecurityConfig("C"));
    assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
    assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "B"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
    assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "C"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
    assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "NONE"), new Object(), attrs)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
    assertThat(voter.vote(new TestingAuthenticationToken("user", "pwd", "A"), new Object(), SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
}