Example 16 with AuthorizationDecision
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PayloadExchangeMatcherReactiveAuthorizationManagerTests method checkWhenFirstMatchThenSecondUsed.
@Test
public void checkWhenFirstMatchThenSecondUsed() {
AuthorizationDecision expected = new AuthorizationDecision(true);
given(this.authz.check(any(), any())).willReturn(Mono.just(expected));
PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager.builder().add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)).add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2)).build();
assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
}
Also used :
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
PayloadExchangeMatcherEntry(org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)
Test(org.junit.jupiter.api.Test)
Example 17 with AuthorizationDecision
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class PayloadExchangeMatcherReactiveAuthorizationManagerTests method checkWhenSecondMatchThenSecondUsed.
@Test
public void checkWhenSecondMatchThenSecondUsed() {
AuthorizationDecision expected = new AuthorizationDecision(true);
given(this.authz2.check(any(), any())).willReturn(Mono.just(expected));
PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager.builder().add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz)).add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)).build();
assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected);
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
MockitoExtension(org.mockito.junit.jupiter.MockitoExtension)
Mock(org.mockito.Mock)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Mono(reactor.core.publisher.Mono)
PayloadExchangeMatchers(org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers)
PayloadExchangeAuthorizationContext(org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
Test(org.junit.jupiter.api.Test)
PayloadExchange(org.springframework.security.rsocket.api.PayloadExchange)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
ReactiveAuthorizationManager(org.springframework.security.authorization.ReactiveAuthorizationManager)
BDDMockito.given(org.mockito.BDDMockito.given)
PayloadExchangeMatcher(org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher)
PayloadExchangeMatcherEntry(org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
PayloadExchangeMatcherEntry(org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)
Test(org.junit.jupiter.api.Test)
Example 18 with AuthorizationDecision
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class AuthorizationManagerWebInvocationPrivilegeEvaluator method isAllowed.
@Override
public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) {
FilterInvocation filterInvocation = new FilterInvocation(contextPath, uri, method);
AuthorizationDecision decision = this.authorizationManager.check(() -> authentication, filterInvocation.getHttpRequest());
return decision != null && decision.isGranted();
}
Also used :
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Example 19 with AuthorizationDecision
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class AuthorizationManagerBeforeMethodInterceptor method attemptAuthorization.
private void attemptAuthorization(MethodInvocation mi) {
this.logger.debug(LogMessage.of(() -> "Authorizing method invocation " + mi));
AuthorizationDecision decision = this.authorizationManager.check(AUTHENTICATION_SUPPLIER, mi);
if (decision != null && !decision.isGranted()) {
this.logger.debug(LogMessage.of(() -> "Failed to authorize " + mi + " with authorization manager " + this.authorizationManager + " and decision " + decision));
throw new AccessDeniedException("Access Denied");
}
this.logger.debug(LogMessage.of(() -> "Authorized method invocation " + mi));
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
Example 20 with AuthorizationDecision
use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.
the class AuthorizationManagerAfterMethodInterceptor method attemptAuthorization.
private void attemptAuthorization(MethodInvocation mi, Object result) {
this.logger.debug(LogMessage.of(() -> "Authorizing method invocation " + mi));
AuthorizationDecision decision = this.authorizationManager.check(AUTHENTICATION_SUPPLIER, new MethodInvocationResult(mi, result));
if (decision != null && !decision.isGranted()) {
this.logger.debug(LogMessage.of(() -> "Failed to authorize " + mi + " with authorization manager " + this.authorizationManager + " and decision " + decision));
throw new AccessDeniedException("Access Denied");
}
this.logger.debug(LogMessage.of(() -> "Authorized method invocation " + mi));
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
Aggregations
AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)39
Test (org.junit.jupiter.api.Test)36
MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)27
TestAuthentication (org.springframework.security.authentication.TestAuthentication)27
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)13
Authentication (org.springframework.security.core.Authentication)13
PayloadExchangeMatcherEntry (org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)4
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3
Supplier (java.util.function.Supplier)2
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
AccessDeniedException (org.springframework.security.access.AccessDeniedException)2
AuthorityAuthorizationManager (org.springframework.security.authorization.AuthorityAuthorizationManager)2
MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)2
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)1
BDDMockito.given (org.mockito.BDDMockito.given)1
Mock (org.mockito.Mock)1
MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)1
