Search in sources :

Example 1 with MethodSecurityMetadataSource

use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testMethodSecurityBackingOff.

@Test
public void testMethodSecurityBackingOff() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(CustomMethodSecurity.class, TestSecurityConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
    List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
    assertThat(sources.size()).isEqualTo(1);
    assertThat(sources.get(0).getClass().getName()).isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
}
Also used : DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource) Test(org.junit.Test)

Example 2 with MethodSecurityMetadataSource

use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testJsr250SecurityAnnotationOverride.

@Test
public void testJsr250SecurityAnnotationOverride() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    this.context.getBean(OAuth2MethodSecurityConfiguration.class);
    ClientDetails config = this.context.getBean(ClientDetails.class);
    DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
    List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
    assertThat(sources.size()).isEqualTo(1);
    assertThat(sources.get(0).getClass().getName()).isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName());
    verifyAuthentication(config, HttpStatus.OK);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) Test(org.junit.Test)

Example 3 with MethodSecurityMetadataSource

use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testClassicSecurityAnnotationOverride.

@Test
public void testClassicSecurityAnnotationOverride() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    this.context.getBean(OAuth2MethodSecurityConfiguration.class);
    ClientDetails config = this.context.getBean(ClientDetails.class);
    DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
    List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
    assertThat(sources.size()).isEqualTo(1);
    assertThat(sources.get(0).getClass().getName()).isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName());
    verifyAuthentication(config, HttpStatus.OK);
}
Also used : SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) Test(org.junit.Test)

Example 4 with MethodSecurityMetadataSource

use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-boot by spring-projects.

the class OAuth2AutoConfigurationTests method testDefaultPrePostSecurityAnnotations.

@Test
public void testDefaultPrePostSecurityAnnotations() {
    this.context = new AnnotationConfigServletWebServerApplicationContext();
    this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
    this.context.refresh();
    this.context.getBean(OAuth2MethodSecurityConfiguration.class);
    ClientDetails config = this.context.getBean(ClientDetails.class);
    DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
    List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
    assertThat(sources.size()).isEqualTo(1);
    assertThat(sources.get(0).getClass().getName()).isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
    verifyAuthentication(config);
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource) Test(org.junit.Test)

Example 5 with MethodSecurityMetadataSource

use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-security by spring-projects.

the class MethodSecurityMetadataSourceAdvisorTests method testAdvisorReturnsTrueWhenMethodInvocationIsDefined.

@Test
public void testAdvisorReturnsTrueWhenMethodInvocationIsDefined() throws Exception {
    Class<TargetObject> clazz = TargetObject.class;
    Method method = clazz.getMethod("countLength", new Class[] { String.class });
    MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
    given(mds.getAttributes(method, clazz)).willReturn(SecurityConfig.createList("ROLE_A"));
    MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
    assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isTrue();
}
Also used : Method(java.lang.reflect.Method) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) TargetObject(org.springframework.security.TargetObject) Test(org.junit.jupiter.api.Test)

Aggregations

MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)8 Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)5 DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)5 Test (org.junit.Test)4 AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)4 Test (org.junit.jupiter.api.Test)3 PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)3 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)3 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3 Method (java.lang.reflect.Method)2 TargetObject (org.springframework.security.TargetObject)2 SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)2 ArrayList (java.util.ArrayList)1 MethodInterceptor (org.aopalliance.intercept.MethodInterceptor)1 Bean (org.springframework.context.annotation.Bean)1 Role (org.springframework.context.annotation.Role)1 ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1 MethodSecurityInterceptor (org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)1 GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1