Example 1 with MethodInvocationPrivilegeEvaluator
use of org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class MethodInvocationPrivilegeEvaluatorTests method declinesAccessUsingCreateFromClass.
@Test
public void declinesAccessUsingCreateFromClass() throws Exception {
final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" });
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
when(mds.getAttributes(mi)).thenReturn(role);
doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
assertThat(mipe.isAllowed(mi, token)).isFalse();
}
Also used :
MethodInvocationPrivilegeEvaluator(org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
OtherTargetObject(org.springframework.security.OtherTargetObject)
Test(org.junit.Test)
Example 2 with MethodInvocationPrivilegeEvaluator
use of org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class MethodInvocationPrivilegeEvaluatorTests method allowsAccessUsingCreateFromClass.
@Test
public void allowsAccessUsingCreateFromClass() throws Exception {
final MethodInvocation mi = MethodInvocationUtils.createFromClass(new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" });
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
when(mds.getAttributes(mi)).thenReturn(role);
assertThat(mipe.isAllowed(mi, token)).isTrue();
}
Also used :
MethodInvocationPrivilegeEvaluator(org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
OtherTargetObject(org.springframework.security.OtherTargetObject)
Test(org.junit.Test)
Example 3 with MethodInvocationPrivilegeEvaluator
use of org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class MethodInvocationPrivilegeEvaluatorTests method allowsAccessUsingCreate.
@Test
public void allowsAccessUsingCreate() throws Exception {
Object object = new TargetObject();
final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
when(mds.getAttributes(mi)).thenReturn(role);
mipe.setSecurityInterceptor(interceptor);
mipe.afterPropertiesSet();
assertThat(mipe.isAllowed(mi, token)).isTrue();
}
Also used :
MethodInvocationPrivilegeEvaluator(org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator)
ITargetObject(org.springframework.security.ITargetObject)
OtherTargetObject(org.springframework.security.OtherTargetObject)
TargetObject(org.springframework.security.TargetObject)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
ITargetObject(org.springframework.security.ITargetObject)
OtherTargetObject(org.springframework.security.OtherTargetObject)
TargetObject(org.springframework.security.TargetObject)
Test(org.junit.Test)
Example 4 with MethodInvocationPrivilegeEvaluator
use of org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class MethodInvocationPrivilegeEvaluatorTests method declinesAccessUsingCreate.
@Test
public void declinesAccessUsingCreate() throws Exception {
Object object = new TargetObject();
final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar");
MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
mipe.setSecurityInterceptor(interceptor);
when(mds.getAttributes(mi)).thenReturn(role);
doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role);
assertThat(mipe.isAllowed(mi, token)).isFalse();
}
Also used :
MethodInvocationPrivilegeEvaluator(org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ITargetObject(org.springframework.security.ITargetObject)
OtherTargetObject(org.springframework.security.OtherTargetObject)
TargetObject(org.springframework.security.TargetObject)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
ITargetObject(org.springframework.security.ITargetObject)
OtherTargetObject(org.springframework.security.OtherTargetObject)
TargetObject(org.springframework.security.TargetObject)
Test(org.junit.Test)
Aggregations
MethodInvocation (org.aopalliance.intercept.MethodInvocation)4
Test (org.junit.Test)4
OtherTargetObject (org.springframework.security.OtherTargetObject)4
MethodInvocationPrivilegeEvaluator (org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator)4
ITargetObject (org.springframework.security.ITargetObject)2
TargetObject (org.springframework.security.TargetObject)2
AccessDeniedException (org.springframework.security.access.AccessDeniedException)2
