Examples with RunAsManager org.springframework.security.access.intercept.RunAsManager used on opensource projects

Search in sources :

Example 1 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class AspectJMethodSecurityInterceptorTests method invokeWithAspectJCallbackRunAsReplacementCleansAfterException.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Example 2 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class AspectJMethodSecurityInterceptorTests method invokeRunAsReplacementCleansAfterException.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void invokeRunAsReplacementCleansAfterException() throws Throwable {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    given(this.joinPoint.proceed()).willThrow(new RuntimeException());
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(this.joinPoint));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Example 3 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation.

@Test
public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception {
    final RunAsManager ram = mock(RunAsManager.class);
    given(ram.supports(MethodInvocation.class)).willReturn(false);
    this.interceptor.setRunAsManager(ram);
    assertThatIllegalArgumentException().isThrownBy(() -> this.interceptor.afterPropertiesSet());
}
Also used : RunAsManager(org.springframework.security.access.intercept.RunAsManager) Test(org.junit.jupiter.api.Test)

Example 4 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method runAsReplacementCleansAfterException.

// SEC-1967
@Test
public void runAsReplacementCleansAfterException() {
    createTarget(true);
    given(this.realTarget.makeUpperCase(anyString())).willThrow(new RuntimeException());
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    mdsReturnsUserRole();
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.advisedTarget.makeUpperCase("hello"));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Example 5 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class GlobalMethodSecurityConfiguration method methodSecurityInterceptor.

/**
	 * Creates the default MethodInterceptor which is a MethodSecurityInterceptor using
	 * the following methods to construct it.
	 * <ul>
	 * <li>{@link #accessDecisionManager()}</li>
	 * <li>{@link #afterInvocationManager()}</li>
	 * <li>{@link #authenticationManager()}</li>
	 * <li>{@link #methodSecurityMetadataSource()}</li>
	 * <li>{@link #runAsManager()}</li>
	 *
	 * </ul>
	 *
	 * <p>
	 * Subclasses can override this method to provide a different
	 * {@link MethodInterceptor}.
	 * </p>
	 *
	 * @return
	 * @throws Exception
	 */
@Bean
public MethodInterceptor methodSecurityInterceptor() throws Exception {
    this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor() : new MethodSecurityInterceptor();
    methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
    methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
    methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource());
    RunAsManager runAsManager = runAsManager();
    if (runAsManager != null) {
        methodSecurityInterceptor.setRunAsManager(runAsManager);
    }
    return this.methodSecurityInterceptor;
}
Also used : RunAsManager(org.springframework.security.access.intercept.RunAsManager) AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor) AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor) MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor) Bean(org.springframework.context.annotation.Bean)

Aggregations

RunAsManager (org.springframework.security.access.intercept.RunAsManager)9 Test (org.junit.jupiter.api.Test)7 RunAsUserToken (org.springframework.security.access.intercept.RunAsUserToken)5 SecurityContext (org.springframework.security.core.context.SecurityContext)5 List (java.util.List)4 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 Bean (org.springframework.context.annotation.Bean)2 AfterInvocationManager (org.springframework.security.access.intercept.AfterInvocationManager)2 MethodSecurityInterceptor (org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)2 AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)2 FilterChain (jakarta.servlet.FilterChain)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1 Authentication (org.springframework.security.core.Authentication)1 FilterInvocation (org.springframework.security.web.FilterInvocation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial