use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class Jsr250AuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.
@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedAdmin");
Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
AuthorizationDecision decision = manager.check(authentication, methodInvocation);
assertThat(decision.isGranted()).isFalse();
authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
decision = manager.check(authentication, methodInvocation);
assertThat(decision.isGranted()).isTrue();
}
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision.
@Test
public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() throws Exception {
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething", new Class[] {}, new Object[] {});
PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
assertThat(decision).isNull();
}
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecision.
@Test
public void checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecision() throws Exception {
List<String> list = Collections.singletonList("deny");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingList", new Class[] { List.class }, new Object[] { list });
MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision.
@Test
public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws Exception {
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PreAuthorizeAuthorizationManagerTests method checkDoSomethingStringWhenArgIsGrantThenGrantedDecision.
@Test
public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exception {
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
Aggregations