Examples with RunAsManager org.springframework.security.access.intercept.RunAsManager used on opensource projects

Search in sources :

Example 6 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method runAsReplacementIsCorrectlySet.

@Test
public void runAsReplacementIsCorrectlySet() throws Exception {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(token);
    token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class);
    interceptor.setRunAsManager(runAs);
    mdsReturnsUserRole();
    when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))).thenReturn(runAsToken);
    String result = advisedTarget.makeUpperCase("hello");
    assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true");
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation)

Example 7 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class MethodSecurityInterceptorTests method gettersReturnExpectedData.

@Test
public void gettersReturnExpectedData() {
    RunAsManager runAs = mock(RunAsManager.class);
    AfterInvocationManager aim = mock(AfterInvocationManager.class);
    interceptor.setRunAsManager(runAs);
    interceptor.setAfterInvocationManager(aim);
    assertThat(interceptor.getAccessDecisionManager()).isEqualTo(adm);
    assertThat(interceptor.getRunAsManager()).isEqualTo(runAs);
    assertThat(interceptor.getAuthenticationManager()).isEqualTo(authman);
    assertThat(interceptor.getSecurityMetadataSource()).isEqualTo(mds);
    assertThat(interceptor.getAfterInvocationManager()).isEqualTo(aim);
}
Also used : AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager) RunAsManager(org.springframework.security.access.intercept.RunAsManager)

Example 8 with RunAsManager

use of org.springframework.security.access.intercept.RunAsManager in project spring-security by spring-projects.

the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
    SecurityContext ctx = SecurityContextHolder.getContext();
    Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
    token.setAuthenticated(true);
    ctx.setAuthentication(token);
    RunAsManager runAsManager = mock(RunAsManager.class);
    when(runAsManager.buildRunAs(eq(token), any(), anyCollection())).thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
    interceptor.setRunAsManager(runAsManager);
    FilterInvocation fi = createinvocation();
    FilterChain chain = fi.getChain();
    doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
    AfterInvocationManager aim = mock(AfterInvocationManager.class);
    interceptor.setAfterInvocationManager(aim);
    try {
        interceptor.invoke(fi);
        fail("Expected exception");
    } catch (RuntimeException expected) {
    }
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) Authentication(org.springframework.security.core.Authentication) FilterChain(javax.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) FilterInvocation(org.springframework.security.web.FilterInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Aggregations

RunAsManager (org.springframework.security.access.intercept.RunAsManager)8 RunAsUserToken (org.springframework.security.access.intercept.RunAsUserToken)5 SecurityContext (org.springframework.security.core.context.SecurityContext)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 List (java.util.List)2 Test (org.junit.Test)2 AfterInvocationManager (org.springframework.security.access.intercept.AfterInvocationManager)2 FilterChain (javax.servlet.FilterChain)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Bean (org.springframework.context.annotation.Bean)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 MethodSecurityInterceptor (org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)1 AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)1 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1 Authentication (org.springframework.security.core.Authentication)1 FilterInvocation (org.springframework.security.web.FilterInvocation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial