/*
* Copyright 2002-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.springframework.security.data.repository.query;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.fest.assertions.Assertions.assertThat;
public class SecurityEvaluationContextExtensionTests {
SecurityEvaluationContextExtension securityExtension;
@Before
public void setup() {
securityExtension = new SecurityEvaluationContextExtension();
}
@After
public void cleanup() {
SecurityContextHolder.clearContext();
}
@Test(expected = IllegalArgumentException.class)
public void getRootObjectSecurityContextHolderAuthenticationNull() {
getRoot().getAuthentication();
}
@Test
public void getRootObjectSecurityContextHolderAuthentication() {
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
SecurityContextHolder.getContext().setAuthentication(authentication);
assertThat(getRoot().getAuthentication()).isSameAs(authentication);
}
@Test
public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() {
TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
securityExtension = new SecurityEvaluationContextExtension(explicit);
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
SecurityContextHolder.getContext().setAuthentication(authentication);
assertThat(getRoot().getAuthentication()).isSameAs(explicit);
}
@Test
public void getRootObjectExplicitAuthentication() {
TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
securityExtension = new SecurityEvaluationContextExtension(explicit);
assertThat(getRoot().getAuthentication()).isSameAs(explicit);
}
private SecurityExpressionRoot getRoot() {
return (SecurityExpressionRoot) securityExtension.getRootObject();
}
}