Examples with MockMethodInvocation - org.springframework.security.access.intercept.method.MockMethodInvocation

Example 51 with MockMethodInvocation

use of org.springframework.security.access.intercept.method.MockMethodInvocation in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.

@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin");
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isFalse();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isTrue();
}

Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 52 with MockMethodInvocation

use of org.springframework.security.access.intercept.method.MockMethodInvocation in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationException.

@Test
public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationException() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "inheritedAnnotations");
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    assertThatExceptionOfType(AnnotationConfigurationException.class).isThrownBy(() -> manager.check(authentication, result));
}

Also used : AnnotationConfigurationException(org.springframework.core.annotation.AnnotationConfigurationException) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 53 with MockMethodInvocation

use of org.springframework.security.access.intercept.method.MockMethodInvocation in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkRequiresUserWhenClassAnnotationsThenApplies.

@Test
public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser");
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isTrue();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isFalse();
}

Example 54 with MockMethodInvocation

use of org.springframework.security.access.intercept.method.MockMethodInvocation in project spring-security by spring-projects.

the class PreAuthorizeAuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.

@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin");
    PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isFalse();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isTrue();
}

Example 55 with MockMethodInvocation

use of org.springframework.security.access.intercept.method.MockMethodInvocation in project spring-security by spring-projects.

the class PreAuthorizeAuthorizationManagerTests method checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision.

@Test
public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething", new Class[] {}, new Object[] {});
    PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
    assertThat(decision).isNull();
}

Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Aggregations

MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)72 Test (org.junit.jupiter.api.Test)70 TestAuthentication (org.springframework.security.authentication.TestAuthentication)36 AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)27 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)23 Authentication (org.springframework.security.core.Authentication)20 AnnotationConfigurationException (org.springframework.core.annotation.AnnotationConfigurationException)13 ConfigAttribute (org.springframework.security.access.ConfigAttribute)12 PreInvocationAttribute (org.springframework.security.access.prepost.PreInvocationAttribute)7 EvaluationContext (org.springframework.expression.EvaluationContext)3 SecurityExpressionRoot (org.springframework.security.access.expression.SecurityExpressionRoot)3 ArrayList (java.util.ArrayList)2 List (java.util.List)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 ProxyFactory (org.springframework.aop.framework.ProxyFactory)1 Expression (org.springframework.expression.Expression)1