Search in sources :

Example 1 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method ruleDefinedInAClassMethodIsApplied.

@Test
public void ruleDefinedInAClassMethodIsApplied() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 2 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method arraysCannotBePrefiltered.

@Test(expected = IllegalArgumentException.class)
public void arraysCannotBePrefiltered() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(), createArrayArg("sam", "joe"));
    am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 3 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method collectionPreFilteringIsSuccessful.

@Test
public void collectionPreFilteringIsSuccessful() throws Exception {
    List arg = createCollectionArg("joe", "bob", "sam");
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
    am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe' or filterObject == 'sam')", "collection", "permitAll")));
    assertThat(arg).containsExactly("joe", "sam");
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) ArrayList(java.util.ArrayList) List(java.util.List) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 4 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopes.

@Test
public void testScopes() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('read','write')");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 5 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testNonOauthClient.

@Test
public void testNonOauthClient() throws Exception {
    Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testNonOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(clientAuthentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole()");
    assertFalse((Boolean) expression.getValue(context));
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Aggregations

SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)24 MethodInvocation (org.aopalliance.intercept.MethodInvocation)23 Test (org.junit.Test)23 EvaluationContext (org.springframework.expression.EvaluationContext)9 Expression (org.springframework.expression.Expression)9 PreInvocationExpressionAttribute (org.springframework.security.access.expression.method.PreInvocationExpressionAttribute)9 Authentication (org.springframework.security.core.Authentication)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 ConfigAttribute (org.springframework.security.access.ConfigAttribute)4 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)3 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3 Method (java.lang.reflect.Method)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Collection (java.util.Collection)1 Vector (java.util.Vector)1 TargetObject (org.springframework.security.TargetObject)1 AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)1