@Bean public RoleHierarchy roleHiearchy() { RoleHierarchyImpl result = new RoleHierarchyImpl(); result.setHierarchy("ROLE_USER > ROLE_ADMIN"); return result; } }
@Bean RoleHierarchy roleHierarchy() { RoleHierarchyImpl result = new RoleHierarchyImpl(); result.setHierarchy("ROLE_USER > ROLE_ADMIN"); return result; } }
@Test public void testCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException e) { } try { roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException e) { } try { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_A"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException e) { } try { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_E\nROLE_E > ROLE_D\nROLE_D > ROLE_B"); fail("Cycle in role hierarchy was not detected!"); } catch (CycleInRoleHierarchyException e) { } }
@Test public void testNoCyclesInRoleHierarchy() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); try { roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D"); } catch (CycleInRoleHierarchyException e) { fail("A cycle in role hierarchy was incorrectly detected!"); } }
@Test public void hierarchicalRoleIsIncludedInDecision() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); // User has role A, role B is required TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A"); RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl); assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))).isEqualTo(RoleHierarchyVoter.ACCESS_GRANTED); } }
@Test public void roleHierarchy() { authentication = new TestingAuthenticationToken("admin", "pass", "ROLE_ADMIN"); RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl(); roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER"); handler.setRoleHierarchy(roleHierarchy); EvaluationContext context = handler.createEvaluationContext(authentication, message); Expression expression = handler.getExpressionParser().parseExpression( "hasRole('ROLE_USER')"); assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue(); }
@Test public void testTransitiveRoleHierarchies() { List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList( "ROLE_A"); List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C"); List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B", "ROLE_C", "ROLE_D"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_B > ROLE_C\nROLE_C > ROLE_D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); }
@Test public void testWhitespaceRoleHierarchies() { List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList( "ROLE A"); List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C"); List<GrantedAuthority> authorities3 = AuthorityUtils.createAuthorityList("ROLE A", "ROLE B", "ROLE>C", "ROLE D"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE A > ROLE B\nROLE B > ROLE>C"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); roleHierarchyImpl.setHierarchy( "ROLE A > ROLE B\nROLE B > ROLE>C\nROLE>C > ROLE D"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities3)).isTrue(); } }
@Test public void testRoleHierarchyWithNullOrEmptyAuthorities() { List<GrantedAuthority> authorities0 = null; List<GrantedAuthority> authorities1 = new ArrayList<>(); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities( authorities0)).isNotNull(); assertThat( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0)).isEmpty(); assertThat(roleHierarchyImpl.getReachableGrantedAuthorities( authorities1)).isNotNull(); assertThat( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1)).isEmpty(); }
@Test public void testSimpleRoleHierarchy() { List<GrantedAuthority> authorities0 = AuthorityUtils.createAuthorityList( "ROLE_0"); List<GrantedAuthority> authorities1 = AuthorityUtils.createAuthorityList( "ROLE_A"); List<GrantedAuthority> authorities2 = AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); assertThat(HierarchicalRolesTestHelper.containTheSameGrantedAuthorities( roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue(); }
@Test public void testSimpleRoleHierarchyWithCustomGrantedAuthorityImplementation() { List<GrantedAuthority> authorities0 = HierarchicalRolesTestHelper.createAuthorityList( "ROLE_0"); List<GrantedAuthority> authorities1 = HierarchicalRolesTestHelper.createAuthorityList( "ROLE_A"); List<GrantedAuthority> authorities2 = HierarchicalRolesTestHelper.createAuthorityList( "ROLE_A", "ROLE_B"); RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); assertThat( HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( roleHierarchyImpl.getReachableGrantedAuthorities(authorities0), authorities0)).isTrue(); assertThat( HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( roleHierarchyImpl.getReachableGrantedAuthorities(authorities1), authorities2)).isTrue(); assertThat( HierarchicalRolesTestHelper.containTheSameGrantedAuthoritiesCompareByAuthorityString( roleHierarchyImpl.getReachableGrantedAuthorities(authorities2), authorities2)).isTrue(); }
roleHierarchyImpl.setHierarchy( "ROLE_A > ROLE_B\nROLE_A > ROLE_C\nROLE_C > ROLE_D\nROLE_B > ROLE_D");
@Test public void expectedAuthoritiesAreReturned() { RoleHierarchyImpl rh = new RoleHierarchyImpl(); rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C"); RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh); Collection<? extends GrantedAuthority> authorities = mapper .mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); assertThat(authorities).hasSize(4); mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy()); authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D")); assertThat(authorities).hasSize(2); } }
@Bean public RoleHierarchy roleHierarchy() { RoleHierarchyImpl rhi = new RoleHierarchyImpl(); rhi.setHierarchy(AuthoritiesConstants.ADMIN + " > " + AuthoritiesConstants.USER + " " + AuthoritiesConstants.USER + " > " + AuthoritiesConstants.ANONYMOUS); return rhi; }