Example 66 with SimpleGrantedAuthority
use of org.springframework.security.core.authority.SimpleGrantedAuthority in project spring-security by spring-projects.
the class AclImplementationSecurityCheckTests method testSecurityCheckNoACEs.
@Test
public void testSecurityCheckNoACEs() throws Exception {
Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL", "ROLE_AUDITING", "ROLE_OWNERSHIP");
auth.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(auth);
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
Acl acl = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
// Create another authorization strategy
AclAuthorizationStrategy aclAuthorizationStrategy2 = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), new SimpleGrantedAuthority("ROLE_THREE"));
Acl acl2 = new AclImpl(identity, new Long(1), aclAuthorizationStrategy2, new ConsoleAuditLogger());
// Check access in case the principal has no authorization rights
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL);
fail("It should have thrown NotFoundException");
} catch (NotFoundException expected) {
}
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING);
fail("It should have thrown NotFoundException");
} catch (NotFoundException expected) {
}
try {
aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
fail("It should have thrown NotFoundException");
} catch (NotFoundException expected) {
}
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
Authentication(org.springframework.security.core.Authentication)
NotFoundException(org.springframework.security.acls.model.NotFoundException)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Acl(org.springframework.security.acls.model.Acl)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Example 67 with SimpleGrantedAuthority
use of org.springframework.security.core.authority.SimpleGrantedAuthority in project spring-security by spring-projects.
the class BasicLookupStrategyTests method initializeBeans.
@Before
public void initializeBeans() {
EhCacheBasedAclCache cache = new EhCacheBasedAclCache(getCache(), new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_USER")));
AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"));
strategy = new BasicLookupStrategy(dataSource, cache, authorizationStrategy, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()));
strategy.setPermissionFactory(new DefaultPermissionFactory());
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Example 68 with SimpleGrantedAuthority
use of org.springframework.security.core.authority.SimpleGrantedAuthority in project spring-security by spring-projects.
the class CasAuthenticationTokenTests method testGetters.
@Test
public void testGetters() {
// Build the proxy list returned in the ticket from CAS
final Assertion assertion = new AssertionImpl("test");
CasAuthenticationToken token = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
assertThat(token.getKeyHash()).isEqualTo("key".hashCode());
assertThat(token.getPrincipal()).isEqualTo(makeUserDetails());
assertThat(token.getCredentials()).isEqualTo("Password");
assertThat(token.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_ONE"));
assertThat(token.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_TWO"));
assertThat(token.getAssertion()).isEqualTo(assertion);
assertThat(token.getUserDetails().getUsername()).isEqualTo(makeUserDetails().getUsername());
}
Also used :
AssertionImpl(org.jasig.cas.client.validation.AssertionImpl)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Assertion(org.jasig.cas.client.validation.Assertion)
Test(org.junit.Test)
Example 69 with SimpleGrantedAuthority
use of org.springframework.security.core.authority.SimpleGrantedAuthority in project spring-security by spring-projects.
the class SpringCacheBasedAclCacheTests method cacheOperationsAclWithoutParent.
@SuppressWarnings("rawtypes")
@Test
public void cacheOperationsAclWithoutParent() throws Exception {
Cache cache = getCache();
Map realCache = (Map) cache.getNativeCache();
ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100));
AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
AuditLogger auditLogger = new ConsoleAuditLogger();
PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(auditLogger);
SpringCacheBasedAclCache myCache = new SpringCacheBasedAclCache(cache, permissionGrantingStrategy, aclAuthorizationStrategy);
MutableAcl acl = new AclImpl(identity, Long.valueOf(1), aclAuthorizationStrategy, auditLogger);
assertThat(realCache).isEmpty();
myCache.putInCache(acl);
// Check we can get from cache the same objects we put in
assertThat(acl).isEqualTo(myCache.getFromCache(Long.valueOf(1)));
assertThat(acl).isEqualTo(myCache.getFromCache(identity));
// Put another object in cache
ObjectIdentity identity2 = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101));
MutableAcl acl2 = new AclImpl(identity2, Long.valueOf(2), aclAuthorizationStrategy, new ConsoleAuditLogger());
myCache.putInCache(acl2);
// Try to evict an entry that doesn't exist
myCache.evictFromCache(Long.valueOf(3));
myCache.evictFromCache(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102)));
assertThat(4).isEqualTo(realCache.size());
myCache.evictFromCache(Long.valueOf(1));
assertThat(2).isEqualTo(realCache.size());
// Check the second object inserted
assertThat(acl2).isEqualTo(myCache.getFromCache(Long.valueOf(2)));
assertThat(acl2).isEqualTo(myCache.getFromCache(identity2));
myCache.evictFromCache(identity2);
assertThat(0).isEqualTo(realCache.size());
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
PermissionGrantingStrategy(org.springframework.security.acls.model.PermissionGrantingStrategy)
ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity)
MutableAcl(org.springframework.security.acls.model.MutableAcl)
Map(java.util.Map)
Cache(org.springframework.cache.Cache)
Test(org.junit.Test)
Example 70 with SimpleGrantedAuthority
use of org.springframework.security.core.authority.SimpleGrantedAuthority in project spring-boot by spring-projects.
the class MvcEndpointSecurityInterceptorTests method sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess.
@Test
public void sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess() throws Exception {
Principal principal = mock(Principal.class);
this.request.setUserPrincipal(principal);
Authentication authentication = mock(Authentication.class);
Set<SimpleGrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("HERO"));
doReturn(authorities).when(authentication).getAuthorities();
SecurityContextHolder.getContext().setAuthentication(authentication);
assertThat(this.securityInterceptor.preHandle(this.request, this.response, this.handlerMethod)).isFalse();
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
Authentication(org.springframework.security.core.Authentication)
Principal(java.security.Principal)
Test(org.junit.Test)
Aggregations
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)109
GrantedAuthority (org.springframework.security.core.GrantedAuthority)64
Test (org.junit.Test)49
ArrayList (java.util.ArrayList)30
Authentication (org.springframework.security.core.Authentication)27
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)22
HashSet (java.util.HashSet)14
User (org.springframework.security.core.userdetails.User)11
ObjectIdentity (org.springframework.security.acls.model.ObjectIdentity)8
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8
MutableAcl (org.springframework.security.acls.model.MutableAcl)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)7
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)7
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)7
Before (org.junit.Before)6
OrcidOAuth2Authentication (org.orcid.core.oauth.OrcidOAuth2Authentication)6
ScopePathType (org.orcid.jaxb.model.message.ScopePathType)6
List (java.util.List)5
Map (java.util.Map)5
DBUnitTest (org.orcid.test.DBUnitTest)5
