Search in sources :

Example 11 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testSupports.

@Test
public void testSupports() {
    SecureChannelProcessor processor = new SecureChannelProcessor();
    assertThat(processor.supports(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))).isTrue();
    assertThat(processor.supports(null)).isFalse();
    assertThat(processor.supports(new SecurityConfig("NOT_SUPPORTED"))).isFalse();
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 12 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.

the class ChannelDecisionManagerImplTests method testDelegatesSupports.

@Test
public void testDelegatesSupports() throws Exception {
    ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
    MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false);
    MockChannelProcessor cpAbc = new MockChannelProcessor("abc", false);
    List list = new Vector();
    list.add(cpXyz);
    list.add(cpAbc);
    cdm.setChannelProcessors(list);
    cdm.afterPropertiesSet();
    assertThat(cdm.supports(new SecurityConfig("xyz"))).isTrue();
    assertThat(cdm.supports(new SecurityConfig("abc"))).isTrue();
    assertThat(cdm.supports(new SecurityConfig("UNSUPPORTED"))).isFalse();
}
Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) List(java.util.List) Vector(java.util.Vector) Test(org.junit.Test)

Example 13 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security-oauth by spring-projects.

the class ClientScopeVoterTests method testAccessDeniedNoException.

@Test
public void testAccessDeniedNoException() {
    voter.setThrowException(false);
    client.setScope(Arrays.asList("none"));
    assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(authentication, null, Arrays.<ConfigAttribute>asList(new SecurityConfig("CLIENT_HAS_SCOPE"))));
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 14 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testAccessGrantedIfScopesPresent.

@Test
public void testAccessGrantedIfScopesPresent() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("SCOPE_READ"))));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Example 15 with SecurityConfig

use of org.springframework.security.access.SecurityConfig in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testAccessGrantedIfScopesPresentWithPrefix.

@Test
public void testAccessGrantedIfScopesPresentWithPrefix() throws Exception {
    voter.setScopePrefix("scope=");
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("scope=read"))));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Test(org.junit.Test)

Aggregations

SecurityConfig (org.springframework.security.access.SecurityConfig)39 Test (org.junit.Test)33 ConfigAttribute (org.springframework.security.access.ConfigAttribute)21 List (java.util.List)7 Vector (java.util.Vector)6 Authentication (org.springframework.security.core.Authentication)6 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 AccessDeniedException (org.springframework.security.access.AccessDeniedException)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4 AuditApplicationEvent (org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)3 ArrayList (java.util.ArrayList)2 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)2 DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)2 Method (java.lang.reflect.Method)1 LinkedHashMap (java.util.LinkedHashMap)1 Before (org.junit.Before)1 BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1