Search in sources :

Example 6 with PreInvocationExpressionAttribute

use of org.springframework.security.access.expression.method.PreInvocationExpressionAttribute in project spring-security by spring-projects.

the class MethodExpressionVoterTests method hasRoleExpressionAllowsUserWithRole.

@Test
public void hasRoleExpressionAllowsUserWithRole() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 7 with PreInvocationExpressionAttribute

use of org.springframework.security.access.expression.method.PreInvocationExpressionAttribute in project spring-security by spring-projects.

the class MethodExpressionVoterTests method accessIsGrantedIfNoPreAuthorizeAttributeIsUsed.

@Test
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
    Collection arg = createCollectionArg("joe", "bob", "sam");
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null)))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
    // All objects should have been removed, because the expression is always false
    assertThat(arg).isEmpty();
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) Collection(java.util.Collection) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 8 with PreInvocationExpressionAttribute

use of org.springframework.security.access.expression.method.PreInvocationExpressionAttribute in project spring-security by spring-projects.

the class MethodExpressionVoterTests method matchingArgAgainstAuthenticationNameIsSuccessful.

@Test
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 9 with PreInvocationExpressionAttribute

use of org.springframework.security.access.expression.method.PreInvocationExpressionAttribute in project spring-security by spring-projects.

the class MethodExpressionVoterTests method hasRoleExpressionDeniesUserWithoutRole.

@Test
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
    List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
    cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
    assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) ArrayList(java.util.ArrayList) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Aggregations

MethodInvocation (org.aopalliance.intercept.MethodInvocation)9 Test (org.junit.Test)9 PreInvocationExpressionAttribute (org.springframework.security.access.expression.method.PreInvocationExpressionAttribute)9 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)9 ArrayList (java.util.ArrayList)2 Collection (java.util.Collection)1 List (java.util.List)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1