Search in sources :

Example 21 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingListWhenReturnObjectContainsGrantThenGrantedDecision.

@Test
public void checkDoSomethingListWhenReturnObjectContainsGrantThenGrantedDecision() throws Exception {
    List<String> list = Arrays.asList("grant", "deny");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingList", new Class[] { List.class }, new Object[] { list });
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 22 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkDoSomethingStringWhenArgIsGrantThenGrantedDecision.

@Test
public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exception {
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "grant" });
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result);
    assertThat(decision).isNotNull();
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Test(org.junit.jupiter.api.Test)

Example 23 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.

@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin");
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isFalse();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 24 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PostAuthorizeAuthorizationManagerTests method checkRequiresUserWhenClassAnnotationsThenApplies.

@Test
public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser");
    MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null);
    PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isTrue();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, result);
    assertThat(decision.isGranted()).isFalse();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 25 with AuthorizationDecision

use of org.springframework.security.authorization.AuthorizationDecision in project spring-security by spring-projects.

the class PreAuthorizeAuthorizationManagerTests method checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence.

@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
    Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin");
    PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager();
    AuthorizationDecision decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isFalse();
    authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
    decision = manager.check(authentication, methodInvocation);
    assertThat(decision.isGranted()).isTrue();
}
Also used : AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision) TestAuthentication(org.springframework.security.authentication.TestAuthentication) Authentication(org.springframework.security.core.Authentication) MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)39 Test (org.junit.jupiter.api.Test)36 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)27 TestAuthentication (org.springframework.security.authentication.TestAuthentication)27 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)13 Authentication (org.springframework.security.core.Authentication)13 PayloadExchangeMatcherEntry (org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry)4 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3 Supplier (java.util.function.Supplier)2 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AuthorityAuthorizationManager (org.springframework.security.authorization.AuthorityAuthorizationManager)2 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)1 BDDMockito.given (org.mockito.BDDMockito.given)1 Mock (org.mockito.Mock)1 MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)1