Search in sources :

Example 11 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class DelegatingMethodSecurityMetadataSourceTests method returnsDelegateAttributes.

@Test
public void returnsDelegateAttributes() throws Exception {
    List sources = new ArrayList();
    MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class);
    ConfigAttribute ca = mock(ConfigAttribute.class);
    List attributes = Arrays.asList(ca);
    Method toString = String.class.getMethod("toString");
    when(delegate.getAttributes(toString, String.class)).thenReturn(attributes);
    sources.add(delegate);
    mds = new DelegatingMethodSecurityMetadataSource(sources);
    assertThat(mds.getMethodSecurityMetadataSources()).isSameAs(sources);
    assertThat(mds.getAllConfigAttributes().isEmpty()).isTrue();
    MethodInvocation mi = new SimpleMethodInvocation("", toString);
    assertThat(mds.getAttributes(mi)).isSameAs(attributes);
    // Exercise the cached case
    assertThat(mds.getAttributes(mi)).isSameAs(attributes);
    assertThat(mds.getAttributes(new SimpleMethodInvocation(null, String.class.getMethod("length")))).isEmpty();
    ;
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Method(java.lang.reflect.Method) Test(org.junit.Test)

Example 12 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class DelegatingMethodSecurityMetadataSourceTests method returnsEmptyListIfDelegateReturnsNull.

@Test
public void returnsEmptyListIfDelegateReturnsNull() throws Exception {
    List sources = new ArrayList();
    MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class);
    when(delegate.getAttributes(Matchers.<Method>any(), Matchers.any(Class.class))).thenReturn(null);
    sources.add(delegate);
    mds = new DelegatingMethodSecurityMetadataSource(sources);
    assertThat(mds.getMethodSecurityMetadataSources()).isSameAs(sources);
    assertThat(mds.getAllConfigAttributes().isEmpty()).isTrue();
    MethodInvocation mi = new SimpleMethodInvocation(null, String.class.getMethod("toString"));
    assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
    // Exercise the cached case
    assertThat(mds.getAttributes(mi)).isEqualTo(Collections.emptyList());
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 13 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method nullNamedFilterTargetIsRejected.

@Test(expected = IllegalArgumentException.class)
public void nullNamedFilterTargetIsRejected() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), new Object[] { null });
    am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 14 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method incorrectFilterTargetNameIsRejected.

@Test(expected = IllegalArgumentException.class)
public void incorrectFilterTargetNameIsRejected() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), createCollectionArg("joe", "bob"));
    am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 15 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method hasRoleExpressionAllowsUserWithRole.

@Test
public void hasRoleExpressionAllowsUserWithRole() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Aggregations

SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)24 MethodInvocation (org.aopalliance.intercept.MethodInvocation)23 Test (org.junit.Test)23 EvaluationContext (org.springframework.expression.EvaluationContext)9 Expression (org.springframework.expression.Expression)9 PreInvocationExpressionAttribute (org.springframework.security.access.expression.method.PreInvocationExpressionAttribute)9 Authentication (org.springframework.security.core.Authentication)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 ConfigAttribute (org.springframework.security.access.ConfigAttribute)4 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)3 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3 Method (java.lang.reflect.Method)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Collection (java.util.Collection)1 Vector (java.util.Vector)1 TargetObject (org.springframework.security.TargetObject)1 AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)1