Examples of org.springframework.security.util.SimpleMethodInvocation

• org.springframework.security.util.SimpleMethodInvocation
  Represents the AOP Alliance MethodInvocation. @author Ben Alex

    }

    private ContextPropagatingRemoteInvocation getRemoteInvocation() throws Exception {
        Class<TargetObject> clazz = TargetObject.class;
        Method method = clazz.getMethod("makeLowerCase", new Class[] {String.class});
        MethodInvocation mi = new SimpleMethodInvocation(new TargetObject(), method, "SOME_STRING");

        ContextPropagatingRemoteInvocationFactory factory = new ContextPropagatingRemoteInvocationFactory();

        return (ContextPropagatingRemoteInvocation) factory.createRemoteInvocation(mi);
    }

    private PreInvocationAuthorizationAdviceVoter am =
        new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice());

    @Test
    public void hasRoleExpressionAllowsUserWithRole() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')"))));
    }

    @Test
    public void hasRoleExpressionDeniesUserWithoutRole() throws Exception {
        List<ConfigAttribute> cad = new ArrayList<ConfigAttribute>(1);
        cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')"));
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray());
        assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, mi, cad));
    }

        assertEquals(AccessDecisionVoter.ACCESS_DENIED, am.vote(joe, mi, cad));
    }

    @Test
    public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
                am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')"))));
    }

    }

    @Test
    public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception {
        Collection arg = createCollectionArg("joe", "bob", "sam");
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
                am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "collection", null))));
        // All objects should have been removed, because the expression is always false
        assertEquals(0, arg.size());
    }

    }

    @Test
    public void collectionPreFilteringIsSuccessful() throws Exception {
        List arg = createCollectionArg("joe", "bob", "sam");
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg);
        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe' or filterObject == 'sam')", "collection", "permitAll")));
        assertEquals("joe and sam should still be in the list", 2, arg.size());
        assertEquals("joe", arg.get(0));
        assertEquals("sam", arg.get(1));
    }

        assertEquals("sam", arg.get(1));
    }

    @Test(expected=IllegalArgumentException.class)
    public void arraysCannotBePrefiltered() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(), createArrayArg("sam","joe"));
        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
    }

        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'jim')", "someArray", null)));
    }

    @Test(expected=IllegalArgumentException.class)
    public void incorrectFilterTargetNameIsRejected() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), createCollectionArg("joe", "bob"));
        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
    }

        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collcetion", null)));
    }

    @Test(expected=IllegalArgumentException.class)
    public void nullNamedFilterTargetIsRejected() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), new Object[] {null});
        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
    }

        am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute("(filterObject == 'joe')", "collection", null)));
    }

    @Test
    public void ruleDefinedInAClassMethodIsApplied() throws Exception {
        MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
        assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, mi,
                createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)"))));
    }