Search in sources :

Example 6 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesRegexThrowsException.

@Test(expected = AccessDeniedException.class)
public void testScopesRegexThrowsException() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("ns_admin:read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasScopeMatching('.*_admin:write')");
    assertFalse((Boolean) expression.getValue(context));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 7 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesWithOr.

@Test
public void testScopesWithOr() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "bar", "", "client_credentials", "ROLE_CLIENT"));
    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass", AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('write') or #oauth2.isUser()");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 8 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testOauthClient.

@Test
public void testOauthClient() throws Exception {
    AuthorizationRequest request = new AuthorizationRequest("foo", Collections.singleton("read"));
    request.setResourceIdsAndAuthoritiesFromClientDetails(new BaseClientDetails("foo", "", "", "client_credentials", "ROLE_CLIENT"));
    Authentication userAuthentication = null;
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request(request.getRequestParameters(), request.getClientId(), request.getAuthorities(), request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions());
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole('ROLE_CLIENT')");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 9 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testScopesRegex.

@Test
public void testScopesRegex() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("ns_admin:read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasScopeMatching('.*_admin:read')");
    assertTrue((Boolean) expression.getValue(context));
    expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScopeMatching('.*_admin:write','.*_admin:read')");
    assertTrue((Boolean) expression.getValue(context));
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Example 10 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class InterceptorStatusTokenTests method testOperation.

@Test
public void testOperation() {
    List<ConfigAttribute> attr = SecurityConfig.createList("FOO");
    MethodInvocation mi = new SimpleMethodInvocation();
    SecurityContext ctx = SecurityContextHolder.createEmptyContext();
    InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi);
    assertThat(token.isContextHolderRefreshRequired()).isTrue();
    assertThat(token.getAttributes()).isEqualTo(attr);
    assertThat(token.getSecureObject()).isEqualTo(mi);
    assertThat(token.getSecurityContext()).isSameAs(ctx);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) SecurityContext(org.springframework.security.core.context.SecurityContext) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Aggregations

SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)24 MethodInvocation (org.aopalliance.intercept.MethodInvocation)23 Test (org.junit.Test)23 EvaluationContext (org.springframework.expression.EvaluationContext)9 Expression (org.springframework.expression.Expression)9 PreInvocationExpressionAttribute (org.springframework.security.access.expression.method.PreInvocationExpressionAttribute)9 Authentication (org.springframework.security.core.Authentication)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 ConfigAttribute (org.springframework.security.access.ConfigAttribute)4 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)3 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3 Method (java.lang.reflect.Method)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Collection (java.util.Collection)1 Vector (java.util.Vector)1 TargetObject (org.springframework.security.TargetObject)1 AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)1