Examples with AuthorizationDecision org.springframework.security.authorization.AuthorizationDecision used on opensource projects

Search in sources :

Example 1 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class RequestMatcherDelegatingAuthorizationManagerTests method checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager.

@Test
public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() {
    RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder().mappings((m) -> {
        m.put(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true));
        m.put(AnyRequestMatcher.INSTANCE, AuthorityAuthorizationManager.hasRole("ADMIN"));
        m.put(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false));
        m.put(new MvcRequestMatcher(null, "/afterAny"), (a, o) -> new AuthorizationDecision(true));
    }).build();
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
    assertThat(grant).isNotNull();
    assertThat(grant.isGranted()).isTrue();
    AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
    assertThat(deny).isNotNull();
    assertThat(deny.isGranted()).isFalse();
    AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny"));
    assertThat(afterAny).isNotNull();
    assertThat(afterAny.isGranted()).isFalse();
    AuthorizationDecision unmapped = manager.check(authentication, new MockHttpServletRequest(null, "/unmapped"));
    assertThat(unmapped).isNotNull();
    assertThat(unmapped.isGranted()).isFalse();
}
Also used : Test(org.junit.jupiter.api.Test) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AuthorityAuthorizationManager(org.springframework.security.authorization.AuthorityAuthorizationManager) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) Supplier(java.util.function.Supplier) AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) Test(org.junit.jupiter.api.Test)

Example 2 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests method isAllowedWhenAuthorizationManagerAllowsThenAllowedTrue.

@Test
void isAllowedWhenAuthorizationManagerAllowsThenAllowedTrue() {
    given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
    boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
    assertThat(allowed).isTrue();
    verify(this.authorizationManager).check(any(), any());
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) Test(org.junit.jupiter.api.Test)

Example 3 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class Jsr250AuthorizationManagerTests method checkDoSomethingWhenNoJsr250AnnotationsThenNullDecision.

@Test
public void checkDoSomethingWhenNoJsr250AnnotationsThenNullDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething");
    Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
    assertThat(decision).isNull();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 4 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class Jsr250AuthorizationManagerTests method checkRolesAllowedUserOrAdminWhenRoleAdminThenGrantedDecision.

@Test
public void checkRolesAllowedUserOrAdminWhenRoleAdminThenGrantedDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "rolesAllowedUserOrAdmin");
    Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 5 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class Jsr250AuthorizationManagerTests method checkRequiresUserWhenClassAnnotationsThenApplies.

@Test
public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedUser");
    Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isTrue();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isFalse();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)39 Test (org.junit.jupiter.api.Test)36 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)27 TestAuthentication (org.springframework.security.authentication.TestAuthentication)27 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)13 Authentication (org.springframework.security.core.Authentication)13 PayloadExchangeMatcherEntry (org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)4 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3 Supplier (java.util.function.Supplier)2 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AuthorityAuthorizationManager (org.springframework.security.authorization.AuthorityAuthorizationManager)2 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)1 BDDMockito.given (org.mockito.BDDMockito.given)1 Mock (org.mockito.Mock)1 MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial