use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.
the class MethodExpressionVoterTests method accessIsGrantedIfNoPreAuthorizeAttributeIsUsed.
@Test
public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
Collection arg = createCollectionArg("joe", "bob", "sam");
MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null)))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
// All objects should have been removed, because the expression is always false
assertThat(arg).isEmpty();
}
use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.
the class MethodExpressionVoterTests method matchingArgAgainstAuthenticationNameIsSuccessful.
@Test
public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
}
use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.
the class MethodExpressionVoterTests method hasRoleExpressionDeniesUserWithoutRole.
@Test
public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.
the class AbstractSecurityInterceptorTests method detectsIfInvocationPassedIncompatibleSecureObject.
// ~ Methods
// ========================================================================================================
@Test(expected = IllegalArgumentException.class)
public void detectsIfInvocationPassedIncompatibleSecureObject() throws Exception {
MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
si.setRunAsManager(mock(RunAsManager.class));
si.setAuthenticationManager(mock(AuthenticationManager.class));
si.setAfterInvocationManager(mock(AfterInvocationManager.class));
si.setAccessDecisionManager(mock(AccessDecisionManager.class));
si.setSecurityMetadataSource(mock(SecurityMetadataSource.class));
si.beforeInvocation(new SimpleMethodInvocation());
}
use of org.springframework.security.util.SimpleMethodInvocation in project spring-security by spring-projects.
the class AfterInvocationProviderManagerTests method testCorrectOperation.
// ~ Methods
// ========================================================================================================
@Test
public void testCorrectOperation() throws Exception {
AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
List list = new Vector();
list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
manager.setProviders(list);
assertThat(manager.getProviders()).isEqualTo(list);
manager.afterPropertiesSet();
List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" });
List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" });
List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" });
List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" });
assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")).isEqualTo("swap1");
assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")).isEqualTo("swap2");
assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")).isEqualTo("swap3");
assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")).isEqualTo("content-before-swapping");
assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")).isEqualTo("swap3");
}
Aggregations