@Test public void hasRoleExpressionDeniesUserWithoutRole() throws Exception { List<ConfigAttribute> cad = new ArrayList<>(1); cad.add(new PreInvocationExpressionAttribute(null, null, "hasRole('joedoesnt')")); MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray()); assertThat(am.vote(joe, mi, cad)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED); }
@Test public void ruleDefinedInAClassMethodIsApplied() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe"); assertThat( am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "T(org.springframework.security.access.expression.method.SecurityRules).isJoe(#argument)")))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); }
@Test public void hasRoleExpressionAllowsUserWithRole() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray()); assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "hasRole('blah')")))).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); }
@Test public void matchingArgAgainstAuthenticationNameIsSuccessful() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe"); assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute(null, null, "(#argument == principal) and (principal == 'joe')")))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); }
@Test public void collectionPreFilteringIsSuccessful() throws Exception { List arg = createCollectionArg("joe", "bob", "sam"); MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg); am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute( "(filterObject == 'joe' or filterObject == 'sam')", "collection", "permitAll"))); assertThat(arg).containsExactly("joe", "sam"); }
@Test public void accessIsGrantedIfNoPreAuthorizeAttributeIsUsed() throws Exception { Collection arg = createCollectionArg("joe", "bob", "sam"); MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), arg); assertThat(am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute( "(filterObject == 'jim')", "collection", null)))) .isEqualTo(AccessDecisionVoter.ACCESS_GRANTED); // All objects should have been removed, because the expression is always false assertThat(arg).isEmpty(); }
@Test(expected = IllegalArgumentException.class) public void nullNamedFilterTargetIsRejected() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), new Object[] { null }); am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute( "(filterObject == 'joe')", "collection", null))); }
@Test(expected = IllegalArgumentException.class) public void arraysCannotBePrefiltered() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAnArray(), createArrayArg("sam", "joe")); am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute( "(filterObject == 'jim')", "someArray", null))); }
@Test(expected = IllegalArgumentException.class) public void incorrectFilterTargetNameIsRejected() throws Exception { MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingACollection(), createCollectionArg("joe", "bob")); am.vote(joe, mi, createAttributes(new PreInvocationExpressionAttribute( "(filterObject == 'joe')", "collcetion", null))); }