Package org.springframework.security.config.http

Source Code of org.springframework.security.config.http.FilterSecurityMetadataSourceBeanDefinitionParserTests

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package org.springframework.security.config.http;

import static org.junit.Assert.*;

import java.util.Collection;

import org.junit.After;
import org.junit.Test;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.ConfigTestUtils;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;

/**
* Tests for {@link FilterInvocationSecurityMetadataSourceParser}.
* @author Luke Taylor
*/
public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
    private AbstractXmlApplicationContext appContext;

    @After
    public void closeAppContext() {
        if (appContext != null) {
            appContext.close();
            appContext = null;
        }
    }

    private void setContext(String context) {
        appContext = new InMemoryXmlApplicationContext(context);
    }


    @Test
    public void parsingMinimalConfigurationIsSuccessful() {
        setContext(
                "<filter-security-metadata-source id='fids'>" +
                "   <intercept-url pattern='/**' access='ROLE_A'/>" +
                "</filter-security-metadata-source>");
        DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
        Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
        assertNotNull(cad);
        assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
    }

    @Test
    public void expressionsAreSupported() {
        setContext(
                "<filter-security-metadata-source id='fids' use-expressions='true'>" +
                "   <intercept-url pattern='/**' access=\"hasRole('ROLE_A')\" />" +
                "</filter-security-metadata-source>");

        ExpressionBasedFilterInvocationSecurityMetadataSource fids =
            (ExpressionBasedFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
        ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
        assertEquals(1, cad.length);
        assertEquals("hasRole('ROLE_A')", cad[0].toString());
    }

    // SEC-1201
    @Test
    public void interceptUrlsSupportPropertyPlaceholders() {
        System.setProperty("secure.url", "/secure");
        System.setProperty("secure.role", "ROLE_A");
        setContext(
                "<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
                "<filter-security-metadata-source id='fids'>" +
                "   <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
                "</filter-security-metadata-source>");
        DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
        Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
        assertNotNull(cad);
        assertEquals(1, cad.size());
        assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
    }

    @Test
    public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
        setContext(
                "<http auto-config='true'/>" +
                "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>" +
                "   <b:property name='securityMetadataSource'>" +
                "       <filter-security-metadata-source>" +
                "           <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +
                "           <intercept-url pattern='/secure/**' access='ROLE_USER'/>" +
                "           <intercept-url pattern='/**' access='ROLE_USER'/>" +
                "       </filter-security-metadata-source>" +
                "   </b:property>" +
                "   <b:property name='authenticationManager' ref='" + BeanIds.AUTHENTICATION_MANAGER +"'/>"+
                "</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
    }

    private FilterInvocation createFilterInvocation(String path, String method) {
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI(null);
        request.setMethod(method);

        request.setServletPath(path);

        return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
    }
}
TOP

Related Classes of org.springframework.security.config.http.FilterSecurityMetadataSourceBeanDefinitionParserTests

  • org.springframework.mock.web.MockFilterChain
  • org.springframework.mock.web.MockHttpServletRequest
  • org.springframework.mock.web.MockHttpServletResponse
  • org.springframework.security.access.SecurityConfig
  • org.springframework.security.config.util.InMemoryXmlApplicationContext
  • org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource
  • org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
  • org.springframework.security.web.FilterInvocation
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.