Example 1 with PermissionEvaluator
use of org.springframework.security.access.PermissionEvaluator in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method afterSingletonsInstantiated.
@Override
public void afterSingletonsInstantiated() {
try {
initializeMethodSecurityInterceptor();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
if (permissionEvaluator != null) {
this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
}
RoleHierarchy roleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
if (roleHierarchy != null) {
this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
}
AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(AuthenticationTrustResolver.class);
if (trustResolver != null) {
this.defaultMethodExpressionHandler.setTrustResolver(trustResolver);
}
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.defaultMethodExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
this.defaultMethodExpressionHandler = this.objectPostProcessor.postProcess(this.defaultMethodExpressionHandler);
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
BeansException(org.springframework.beans.BeansException)
NoSuchBeanDefinitionException(org.springframework.beans.factory.NoSuchBeanDefinitionException)
Example 2 with PermissionEvaluator
use of org.springframework.security.access.PermissionEvaluator in project spring-security by spring-projects.
the class MiscHttpConfigTests method getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly.
@Test
public void getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly() throws Exception {
this.spring.configLocations(xml("ExpressionHandler")).autowire();
PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
given(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class))).willReturn(false);
// @formatter:off
this.mvc.perform(get("/").with(userCredentials())).andExpect(status().isForbidden());
// @formatter:on
verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class));
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
Authentication(org.springframework.security.core.Authentication)
Test(org.junit.jupiter.api.Test)
Example 3 with PermissionEvaluator
use of org.springframework.security.access.PermissionEvaluator in project spring-security by spring-projects.
the class GlobalMethodSecurityConfigurationTests method globalMethodSecurityConfigurationAutowiresPermissionEvaluator.
@Test
@WithMockUser
public void globalMethodSecurityConfigurationAutowiresPermissionEvaluator() {
this.spring.register(AutowirePermissionEvaluatorConfig.class).autowire();
PermissionEvaluator permission = this.spring.getContext().getBean(PermissionEvaluator.class);
given(permission.hasPermission(any(), eq("something"), eq("read"))).willReturn(true, false);
this.service.hasPermission("something");
// no exception
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.service.hasPermission("something"));
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
WithMockUser(org.springframework.security.test.context.support.WithMockUser)
Test(org.junit.jupiter.api.Test)
Example 4 with PermissionEvaluator
use of org.springframework.security.access.PermissionEvaluator in project spring-security by spring-projects.
the class MethodSecurityExpressionRootTests method hasPermissionOnDomainObjectWorksWithIntegerExpressions.
@Test
public void hasPermissionOnDomainObjectWorksWithIntegerExpressions() {
final Object dummyDomainObject = new Object();
this.ctx.setVariable("domainObject", dummyDomainObject);
final PermissionEvaluator pe = mock(PermissionEvaluator.class);
this.root.setPermissionEvaluator(pe);
given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false);
Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
// evaluator returns true
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
e = this.parser.parseExpression("hasPermission(#domainObject, 10)");
// evaluator returns true
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
e = this.parser.parseExpression("hasPermission(#domainObject, 0xFF)");
// evaluator returns false, make sure return value matches
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
Expression(org.springframework.expression.Expression)
Test(org.junit.jupiter.api.Test)
Example 5 with PermissionEvaluator
use of org.springframework.security.access.PermissionEvaluator in project spring-security by spring-projects.
the class MethodSecurityExpressionRootTests method hasPermissionWorksWithThisObject.
@Test
public void hasPermissionWorksWithThisObject() {
Object targetObject = new Object() {
public String getX() {
return "x";
}
};
this.root.setThis(targetObject);
Integer i = 2;
PermissionEvaluator pe = mock(PermissionEvaluator.class);
this.root.setPermissionEvaluator(pe);
given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false);
given(pe.hasPermission(this.user, "x", i)).willReturn(true);
Expression e = this.parser.parseExpression("hasPermission(this, 2)");
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
e = this.parser.parseExpression("hasPermission(this, 2)");
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
e = this.parser.parseExpression("hasPermission(this.x, 2)");
assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
Expression(org.springframework.expression.Expression)
Test(org.junit.jupiter.api.Test)
Aggregations
PermissionEvaluator (org.springframework.security.access.PermissionEvaluator)9
Test (org.junit.jupiter.api.Test)6
Expression (org.springframework.expression.Expression)2
RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)2
AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)2
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)2
Test (org.junit.Test)1
BeansException (org.springframework.beans.BeansException)1
NoSuchBeanDefinitionException (org.springframework.beans.factory.NoSuchBeanDefinitionException)1
AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)1
ApplicationContext (org.springframework.context.ApplicationContext)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
MethodSecurityExpressionHandler (org.springframework.security.access.expression.method.MethodSecurityExpressionHandler)1
PreInvocationAuthorizationAdvice (org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice)1
Authentication (org.springframework.security.core.Authentication)1
OAuth2MethodSecurityExpressionHandler (org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler)1
WithMockUser (org.springframework.security.test.context.support.WithMockUser)1
DefaultWebSecurityExpressionHandler (org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)1
