Example 1 with AfterInvocationManager
use of org.springframework.security.access.intercept.AfterInvocationManager in project spring-security by spring-projects.
the class AspectJMethodSecurityInterceptorTests method afterInvocationManagerIsNotInvokedIfExceptionIsRaised.
@Test
public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() {
this.token.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(this.token);
AfterInvocationManager aim = mock(AfterInvocationManager.class);
this.interceptor.setAfterInvocationManager(aim);
given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback));
verifyZeroInteractions(aim);
}
Also used :
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
Test(org.junit.jupiter.api.Test)
Example 2 with AfterInvocationManager
use of org.springframework.security.access.intercept.AfterInvocationManager in project spring-security by spring-projects.
the class MethodSecurityInterceptorTests method intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation.
@Test
public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception {
final AfterInvocationManager aim = mock(AfterInvocationManager.class);
given(aim.supports(MethodInvocation.class)).willReturn(false);
this.interceptor.setAfterInvocationManager(aim);
assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
}
Also used :
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
Test(org.junit.jupiter.api.Test)
Example 3 with AfterInvocationManager
use of org.springframework.security.access.intercept.AfterInvocationManager in project spring-security by spring-projects.
the class MethodSecurityInterceptorTests method afterInvocationManagerIsNotInvokedIfExceptionIsRaised.
@Test
public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() throws Throwable {
MethodInvocation mi = mock(MethodInvocation.class);
this.token.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(this.token);
mdsReturnsUserRole();
AfterInvocationManager aim = mock(AfterInvocationManager.class);
this.interceptor.setAfterInvocationManager(aim);
given(mi.proceed()).willThrow(new Throwable());
assertThatExceptionOfType(Throwable.class).isThrownBy(() -> this.interceptor.invoke(mi));
verifyZeroInteractions(aim);
}
Also used :
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
Test(org.junit.jupiter.api.Test)
Example 4 with AfterInvocationManager
use of org.springframework.security.access.intercept.AfterInvocationManager in project spring-security by spring-projects.
the class MethodSecurityInterceptorTests method gettersReturnExpectedData.
@Test
public void gettersReturnExpectedData() {
RunAsManager runAs = mock(RunAsManager.class);
AfterInvocationManager aim = mock(AfterInvocationManager.class);
this.interceptor.setRunAsManager(runAs);
this.interceptor.setAfterInvocationManager(aim);
assertThat(this.interceptor.getAccessDecisionManager()).isEqualTo(this.adm);
assertThat(this.interceptor.getRunAsManager()).isEqualTo(runAs);
assertThat(this.interceptor.getAuthenticationManager()).isEqualTo(this.authman);
assertThat(this.interceptor.getSecurityMetadataSource()).isEqualTo(this.mds);
assertThat(this.interceptor.getAfterInvocationManager()).isEqualTo(aim);
}
Also used :
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
Test(org.junit.jupiter.api.Test)
Example 5 with AfterInvocationManager
use of org.springframework.security.access.intercept.AfterInvocationManager in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.
// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
token.setAuthenticated(true);
ctx.setAuthentication(token);
RunAsManager runAsManager = mock(RunAsManager.class);
given(runAsManager.buildRunAs(eq(token), any(), anyCollection())).willReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
this.interceptor.setRunAsManager(runAsManager);
FilterInvocation fi = createinvocation();
FilterChain chain = fi.getChain();
willThrow(new RuntimeException()).given(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
given(this.ods.getAttributes(fi)).willReturn(SecurityConfig.createList("MOCK_OK"));
AfterInvocationManager aim = mock(AfterInvocationManager.class);
this.interceptor.setAfterInvocationManager(aim);
assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(fi));
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken)
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
Authentication(org.springframework.security.core.Authentication)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
FilterChain(jakarta.servlet.FilterChain)
SecurityContext(org.springframework.security.core.context.SecurityContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
FilterInvocation(org.springframework.security.web.FilterInvocation)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)6
AfterInvocationManager (org.springframework.security.access.intercept.AfterInvocationManager)6
FilterChain (jakarta.servlet.FilterChain)2
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2
MockFilterChain (org.springframework.mock.web.MockFilterChain)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
RunAsManager (org.springframework.security.access.intercept.RunAsManager)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
Authentication (org.springframework.security.core.Authentication)2
FilterInvocation (org.springframework.security.web.FilterInvocation)2
MethodInvocation (org.aopalliance.intercept.MethodInvocation)1
RunAsUserToken (org.springframework.security.access.intercept.RunAsUserToken)1
SecurityContext (org.springframework.security.core.context.SecurityContext)1
