Search in sources :

Example 16 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method accessIsGrantedIfNoPreAuthorizeAttributeIsUsed.

@Test
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
    Collection arg = createCollectionArg("joe", "bob", "sam");
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null)))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
    // All objects should have been removed, because the expression is always false
    assertThat(arg).isEmpty();
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) Collection(java.util.Collection) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 17 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method matchingArgAgainstAuthenticationNameIsSuccessful.

@Test
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
    assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 18 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class MethodExpressionVoterTests method hasRoleExpressionDeniesUserWithoutRole.

@Test
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
    List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
    cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
    MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
    assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) PreInvocationExpressionAttribute(org.springframework.security.access.expression.method.PreInvocationExpressionAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) ArrayList(java.util.ArrayList) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Test(org.junit.Test)

Example 19 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class AbstractSecurityInterceptorTests method detectsIfInvocationPassedIncompatibleSecureObject.

// ~ Methods
// ========================================================================================================
@Test(expected = IllegalArgumentException.class)
public void detectsIfInvocationPassedIncompatibleSecureObject() throws Exception {
    MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
    si.setRunAsManager(mock(RunAsManager.class));
    si.setAuthenticationManager(mock(AuthenticationManager.class));
    si.setAfterInvocationManager(mock(AfterInvocationManager.class));
    si.setAccessDecisionManager(mock(AccessDecisionManager.class));
    si.setSecurityMetadataSource(mock(SecurityMetadataSource.class));
    si.beforeInvocation(new SimpleMethodInvocation());
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) AccessDecisionManager(org.springframework.security.access.AccessDecisionManager) SecurityMetadataSource(org.springframework.security.access.SecurityMetadataSource) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Test(org.junit.Test)

Example 20 with SimpleMethodInvocation

use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.

the class AfterInvocationProviderManagerTests method testCorrectOperation.

// ~ Methods
// ========================================================================================================
@Test
public void testCorrectOperation() throws Exception {
    AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
    List list = new Vector();
    list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
    list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
    list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
    manager.setProviders(list);
    assertThat(manager.getProviders()).isEqualTo(list);
    manager.afterPropertiesSet();
    List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" });
    List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" });
    List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" });
    List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
    List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" });
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")).isEqualTo("swap1");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")).isEqualTo("swap2");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")).isEqualTo("swap3");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")).isEqualTo("content-before-swapping");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")).isEqualTo("swap3");
}
Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) List(java.util.List) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)24 MethodInvocation (org.aopalliance.intercept.MethodInvocation)23 Test (org.junit.Test)23 EvaluationContext (org.springframework.expression.EvaluationContext)9 Expression (org.springframework.expression.Expression)9 PreInvocationExpressionAttribute (org.springframework.security.access.expression.method.PreInvocationExpressionAttribute)9 Authentication (org.springframework.security.core.Authentication)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)7 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 ConfigAttribute (org.springframework.security.access.ConfigAttribute)4 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)3 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3 Method (java.lang.reflect.Method)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Collection (java.util.Collection)1 Vector (java.util.Vector)1 TargetObject (org.springframework.security.TargetObject)1 AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)1