Examples with SecurityConfig org.springframework.security.access.SecurityConfig used on opensource projects

Search in sources :

Example 6 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method supportsExternalMetadataSource.

@Test
@SuppressWarnings("unchecked")
public void supportsExternalMetadataSource() throws Exception {
    setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>" + "<method-security-metadata-source id='mds'>" + "      <protect method='" + Foo.class.getName() + ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>" + "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>" + AUTH_PROVIDER_XML);
    // External MDS should take precedence over PreAuthorize
    SecurityContextHolder.getContext().setAuthentication(bob);
    Foo foo = (Foo) appContext.getBean("target");
    try {
        foo.foo(new SecurityConfig("A"));
        fail("Bob can't invoke admin methods");
    } catch (AccessDeniedException expected) {
    }
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
    foo.foo(new SecurityConfig("A"));
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) SecurityConfig(org.springframework.security.access.SecurityConfig) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 7 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method genericsMethodArgumentNamesAreResolved.

// SEC-1448
@Test
@SuppressWarnings("unchecked")
public void genericsMethodArgumentNamesAreResolved() throws Exception {
    setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>" + "<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
    SecurityContextHolder.getContext().setAuthentication(bob);
    Foo foo = (Foo) appContext.getBean("target");
    foo.foo(new SecurityConfig("A"));
}
Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 8 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class RunAsManagerImplTests method testSupports.

@Test
public void testSupports() throws Exception {
    RunAsManager runAs = new RunAsManagerImpl();
    assertThat(runAs.supports(new SecurityConfig("RUN_AS_SOMETHING"))).isTrue();
    assertThat(!runAs.supports(new SecurityConfig("ROLE_WHICH_IS_IGNORED"))).isTrue();
    assertThat(!runAs.supports(new SecurityConfig("role_LOWER_CASE_FAILS"))).isTrue();
}
Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 9 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class AbstractAccessDecisionManagerTests method testDelegatesSupportsRequests.

@Test
public void testDelegatesSupportsRequests() throws Exception {
    List list = new Vector();
    DenyVoter voter = new DenyVoter();
    DenyAgainVoter denyVoter = new DenyAgainVoter();
    list.add(voter);
    list.add(denyVoter);
    MockDecisionManagerImpl mock = new MockDecisionManagerImpl(list);
    ConfigAttribute attr = new SecurityConfig("DENY_AGAIN_FOR_SURE");
    assertThat(mock.supports(attr)).isTrue();
    ConfigAttribute badAttr = new SecurityConfig("WE_DONT_SUPPORT_THIS");
    assertThat(!mock.supports(badAttr)).isTrue();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) List(java.util.List) Vector(java.util.Vector) Test(org.junit.Test)

Example 10 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class AfterInvocationProviderManagerTests method testSupportsConfigAttributeIteration.

@Test
public void testSupportsConfigAttributeIteration() throws Exception {
    AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
    List list = new Vector();
    list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
    list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
    list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
    manager.setProviders(list);
    manager.afterPropertiesSet();
    assertThat(manager.supports(new SecurityConfig("UNKNOWN_ATTRIB"))).isFalse();
    assertThat(manager.supports(new SecurityConfig("GIVE_ME_SWAP2"))).isTrue();
}
Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) List(java.util.List) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

SecurityConfig (org.springframework.security.access.SecurityConfig)39 Test (org.junit.Test)33 ConfigAttribute (org.springframework.security.access.ConfigAttribute)21 List (java.util.List)7 Vector (java.util.Vector)6 Authentication (org.springframework.security.core.Authentication)6 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 AccessDeniedException (org.springframework.security.access.AccessDeniedException)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4 AuditApplicationEvent (org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)3 ArrayList (java.util.ArrayList)2 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)2 DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)2 Method (java.lang.reflect.Method)1 LinkedHashMap (java.util.LinkedHashMap)1 Before (org.junit.Before)1 BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial