Examples with AuthorizationDecision org.springframework.security.authorization.AuthorizationDecision used on opensource projects

Search in sources :

Example 6 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class Jsr250AuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.

@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedAdmin");
    Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isFalse();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 7 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision.

@Test
public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething", new Class[] {}, new Object[] {});
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
    assertThat(decision).isNull();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 8 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecision.

@Test
public void checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecision() throws Exception {
    List<String> list = Collections.singletonList("deny");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingList", new Class[] { List.class }, new Object[] { list });
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isFalse();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 9 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision.

@Test
public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "deny" });
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isFalse();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 10 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PreAuthorizeAuthorizationManagerTests method checkDoSomethingStringWhenArgIsGrantThenGrantedDecision.

@Test
public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
    PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Aggregations

AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)39 Test (org.junit.jupiter.api.Test)36 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)27 TestAuthentication (org.springframework.security.authentication.TestAuthentication)27 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)13 Authentication (org.springframework.security.core.Authentication)13 PayloadExchangeMatcherEntry (org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)4 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3 Supplier (java.util.function.Supplier)2 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AuthorityAuthorizationManager (org.springframework.security.authorization.AuthorityAuthorizationManager)2 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)1 BDDMockito.given (org.mockito.BDDMockito.given)1 Mock (org.mockito.Mock)1 MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial