Example 21 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class FilterSecurityMetadataSourceBeanDefinitionParserTests method interceptUrlsSupportPropertyPlaceholders.
// SEC-1201
@Test
public void interceptUrlsSupportPropertyPlaceholders() {
System.setProperty("secure.url", "/secure");
System.setProperty("secure.role", "ROLE_A");
setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" + "<filter-security-metadata-source id='fids' use-expressions='false'>" + " <intercept-url pattern='${secure.url}' access='${secure.role}'/>" + "</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext.getBean("fids");
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
assertThat(cad).isNotNull();
assertThat(cad).hasSize(1);
assertThat(cad.contains(new SecurityConfig("ROLE_A"))).isTrue();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)
Test(org.junit.Test)
Example 22 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class FilterSecurityMetadataSourceBeanDefinitionParserTests method parsingMinimalConfigurationIsSuccessful.
@Test
public void parsingMinimalConfigurationIsSuccessful() {
setContext("<filter-security-metadata-source id='fids' use-expressions='false'>" + " <intercept-url pattern='/**' access='ROLE_A'/>" + "</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext.getBean("fids");
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
assertThat(cad).isNotNull();
assertThat(cad.contains(new SecurityConfig("ROLE_A"))).isTrue();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)
Test(org.junit.Test)
Example 23 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method supportsCustomAuthenticationManager.
@Test
public void supportsCustomAuthenticationManager() throws Exception {
setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>" + "<method-security-metadata-source id='mds'>" + " <protect method='" + Foo.class.getName() + ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>" + "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds' authentication-manager-ref='customAuthMgr'/>" + "<b:bean id='customAuthMgr' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$CustomAuthManager'>" + " <b:constructor-arg value='authManager'/>" + "</b:bean>" + AUTH_PROVIDER_XML);
SecurityContextHolder.getContext().setAuthentication(bob);
Foo foo = (Foo) appContext.getBean("target");
try {
foo.foo(new SecurityConfig("A"));
fail("Bob can't invoke admin methods");
} catch (AccessDeniedException expected) {
}
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
foo.foo(new SecurityConfig("A"));
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityConfig(org.springframework.security.access.SecurityConfig)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 24 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method genericsAreMatchedByProtectPointcut.
// SEC-1450
@Test(expected = AuthenticationException.class)
@SuppressWarnings("unchecked")
public void genericsAreMatchedByProtectPointcut() throws Exception {
setContext("<b:bean id='target' class='org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParserTests$ConcreteFoo'/>" + "<global-method-security>" + " <protect-pointcut expression='execution(* org..*Foo.foo(..))' access='ROLE_USER'/>" + "</global-method-security>" + AUTH_PROVIDER_XML);
Foo foo = (Foo) appContext.getBean("target");
foo.foo(new SecurityConfig("A"));
}
Also used :
SecurityConfig(org.springframework.security.access.SecurityConfig)
Test(org.junit.Test)
Example 25 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security by spring-projects.
the class SecurityConfigTests method testHashCode.
// ~ Methods
// ========================================================================================================
@Test
public void testHashCode() {
SecurityConfig config = new SecurityConfig("TEST");
assertThat(config.hashCode()).isEqualTo("TEST".hashCode());
}
Also used :
SecurityConfig(org.springframework.security.access.SecurityConfig)
Test(org.junit.Test)
Aggregations
SecurityConfig (org.springframework.security.access.SecurityConfig)39
Test (org.junit.Test)33
ConfigAttribute (org.springframework.security.access.ConfigAttribute)21
List (java.util.List)7
Vector (java.util.Vector)6
Authentication (org.springframework.security.core.Authentication)6
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
AuditApplicationEvent (org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)3
ArrayList (java.util.ArrayList)2
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)2
DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)2
Method (java.lang.reflect.Method)1
LinkedHashMap (java.util.LinkedHashMap)1
Before (org.junit.Before)1
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1
