Moved all security code other than ChannelSecurityInterceptor (including endpoint interceptor and securityContext propagation) to the sandbox prior to 1.0.

This commit is contained in:
Mark Fisher
2008-09-29 02:16:50 +00:00
parent 73bf0a0a20
commit 121c7a65b1
29 changed files with 7 additions and 1601 deletions

View File

@@ -1,114 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security;
import static org.junit.Assert.assertNotNull;
import java.util.ArrayList;
import java.util.List;
import org.easymock.EasyMock;
import org.junit.Before;
import org.junit.Test;
import org.springframework.integration.channel.AbstractPollableChannel;
import org.springframework.integration.channel.ChannelInterceptor;
import org.springframework.integration.channel.MessageChannel;
import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter;
import org.springframework.integration.message.Message;
import org.springframework.integration.message.selector.MessageSelector;
/**
* @author Jonas Partner
*/
public class ChannelInterceptorRegisteringBeanPostProcessorTests {
public ArrayList<String> matchAll;
@Before
public void setUp() {
matchAll = new ArrayList<String>();
matchAll.add(".*");
}
@Test
public void testWithAbstractMessageChannel() {
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
new TestInterceptor(), matchAll);
TestChannel channel = new TestChannel();
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor);
}
@Test
public void testWithAbstractMessageChannelAndPatternThatDoes() {
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
new TestInterceptor(), matchAll);
TestChannel channel = new TestChannel();
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
assertNotNull("No channel interceptor present after post processing", channel.channelInterceptor);
}
@Test
public void testWithMockMessageChanne() {
MessageChannel channel = EasyMock.createStrictMock(MessageChannel.class);
EasyMock.replay(channel);
ChannelInterceptorRegisteringBeanPostProcessor postprocessor = new ChannelInterceptorRegisteringBeanPostProcessor(
new TestInterceptor(), matchAll);
postprocessor.postProcessAfterInitialization(channel, "shouldNotMatter");
EasyMock.verify(channel);
}
private static class TestInterceptor extends ChannelInterceptorAdapter {
}
private static class TestChannel extends AbstractPollableChannel {
ChannelInterceptor channelInterceptor;
@Override
public void addInterceptor(ChannelInterceptor interceptor) {
channelInterceptor = interceptor;
super.addInterceptor(interceptor);
}
@Override
protected Message<?> doReceive(long timeout) {
return null;
}
@Override
protected boolean doSend(Message<?> message, long timeout) {
return false;
}
public List<Message<?>> clear() {
return null;
}
public List<Message<?>> purge(MessageSelector selector) {
return null;
}
}
}

View File

@@ -24,7 +24,7 @@
<si-security:access-policy pattern="secured.*" send-access="ROLE_ADMIN"/>
</si-security:secured-channels>
<beans:bean id="testConsumer" class="org.springframework.integration.security.endpoint.TestConsumer"/>
<beans:bean id="testConsumer" class="org.springframework.integration.security.channel.TestConsumer"/>
<outbound-channel-adapter id="securedChannelAdapter" ref="testConsumer"/>

View File

@@ -26,7 +26,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.integration.channel.MessageChannel;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.SecurityTestUtil;
import org.springframework.integration.security.endpoint.TestConsumer;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.context.SecurityContext;

View File

@@ -1,128 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.channel;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.integration.channel.QueueChannel;
import org.springframework.integration.message.Message;
import org.springframework.integration.message.MessageHeaders;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.SecurityContextUtils;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
/**
* @author Jonas Partner
*/
public class SecurityContextPropagatingChannelInterceptorTests {
private QueueChannel channel;
private SecurityContextPropagatingChannelInterceptor securityPropogatingChannelInterceptor;
private StubSecurityContext securityContext;
@Before
public void setUp() {
this.channel = new QueueChannel();
this.securityPropogatingChannelInterceptor = new SecurityContextPropagatingChannelInterceptor();
this.channel.addInterceptor(securityPropogatingChannelInterceptor);
this.securityContext = new StubSecurityContext();
}
@After
public void tearDown() {
SecurityContextHolder.clearContext();
}
@Test
public void testPropogationWhenSecurityContextExists() {
this.associateContextWithThread();
Message<?> message = new StringMessage("test");
this.channel.send(message);
message = channel.receive(0);
MessageHeaders headers = message.getHeaders();
assertTrue("No security context attribute found in header.",
headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE));
SecurityContext contextFromHeader = SecurityContextUtils.getSecurityContextFromHeader(message);
assertEquals("Incorrect security context in message header.", securityContext, contextFromHeader);
}
@Test
public void testHeaderNotSetWhenNoSecurityContextExists() {
Message<?> message = new StringMessage("test");
channel.send(message);
message = channel.receive(0);
MessageHeaders headers = message.getHeaders();
assertFalse("Security context header found when no security context existed.",
headers.keySet().contains(SecurityContextUtils.SECURITY_CONTEXT_HEADER_ATTRIBUTE));
}
private void associateContextWithThread() {
SecurityContextHolder.setContext(securityContext);
}
@SuppressWarnings("serial")
private static class StubSecurityContext implements SecurityContext {
private Authentication authentication = new Authentication() {
public GrantedAuthority[] getAuthorities() {
return null;
}
public Object getCredentials() {
return null;
}
public Object getDetails() {
return null;
}
public Object getPrincipal() {
return null;
}
public boolean isAuthenticated() {
return false;
}
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
public String getName() {
return null;
}
};
public Authentication getAuthentication() {
return authentication;
}
public void setAuthentication(Authentication authentication) {
}
}
}

View File

@@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.integration.security.endpoint;
package org.springframework.integration.security.channel;
import java.util.ArrayList;
import java.util.List;
@@ -22,6 +22,9 @@ import java.util.List;
import org.springframework.integration.message.Message;
import org.springframework.integration.message.MessageConsumer;
/**
* @author Mark Fisher
*/
public class TestConsumer implements MessageConsumer {
public List<Message<?>> sentMessages = new ArrayList<Message<?>>();

View File

@@ -1,68 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import static org.junit.Assert.*;
import java.io.StringReader;
import javax.xml.parsers.DocumentBuilderFactory;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
public class IncludeExcludePatternParserTests {
IncludeExcludePatternParser patternParser;
@Before
public void setUp() {
patternParser = new IncludeExcludePatternParser();
}
@Test
public void testSimpleIncludeWithIncludeByDefaultFalse() throws Exception {
NodeList nodeList = getNodeList("<doc><includePattern>includeMe</includePattern><excludePattern>.*</excludePattern></doc>");
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(false, nodeList);
assertTrue("Did not match expected entry includeMe", matcher.isIncluded("includeMe"));
assertFalse("Matched unexpected entry notMe", matcher.isIncluded("notMe"));
}
@Test
public void testIncludeByDefaultTrue() throws Exception {
NodeList nodeList = getNodeList("<doc></doc>");
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList);
assertTrue("Did not match expected entry includeMe", matcher.isIncluded("anything"));
}
@Test
public void testIncludeByDefaultTrueButExcluded() throws Exception {
NodeList nodeList = getNodeList("<doc><excludePattern>ex.*</excludePattern><includePattern>exShouldNotMatter</includePattern></doc>");
OrderedIncludeExcludeList matcher = patternParser.createFromNodeList(true, nodeList);
assertFalse("Matched unexpected entry exNotMe", matcher.isIncluded("exNotMe"));
assertFalse("Matched unexpected entry exShouldNotMatter", matcher.isIncluded("exShouldNotMatter"));
}
public NodeList getNodeList(String xmlString) throws Exception {
StringReader reader = new StringReader(xmlString);
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(reader));
return doc.getDocumentElement().getChildNodes();
}
}

View File

@@ -1,73 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import static org.junit.Assert.*;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
/**
*
* @author Jonas Partner
*
*/
public class JdkRegExpOrderedIncludeExcludeListTests {
@Test
public void testSimpleInclusionIncludeByDefaultFalse() {
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] { true }, new String[] { ".*" });
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing"));
}
@Test
public void testNoPatternsIncludeByDefaultTrue() {
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] {}, new String[] {});
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(true, patterns);
assertTrue("Did not match expected name", matcher.isIncluded("anyoldthing"));
}
@Test
public void testNoPatternsIncludeByDefaultFalse() {
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] {}, new String[] {});
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
assertFalse("Unexpected match when match by default false and no patterns", matcher.isIncluded("anyoldthing"));
}
@Test
public void testExcludeThenIncludeWithIncludeByDefaultFalse() {
List<IncludeExcludePattern> patterns = createIncludeExcludeList(new boolean[] { false, true }, new String[] {
"admin.*", ".*" });
JdkRegExpOrderedIncludeExcludeList matcher = new JdkRegExpOrderedIncludeExcludeList(false, patterns);
assertFalse("Unexpected match when match by default false and should have been excluded", matcher
.isIncluded("adminChannel"));
}
List<IncludeExcludePattern> createIncludeExcludeList(boolean[] includeExclude, String[] patterns) {
assertEquals("flag and patterns arrays must be same length", includeExclude.length, patterns.length);
List<IncludeExcludePattern> includeExcludePatterns = new ArrayList<IncludeExcludePattern>(patterns.length);
for (int i = 0; i < includeExclude.length; i++) {
includeExcludePatterns.add(new IncludeExcludePattern(includeExclude[i], patterns[i]));
}
return includeExcludePatterns;
}
}

View File

@@ -1,31 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/integration"
xmlns:si-security="http://www.springframework.org/schema/integration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/integration
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
http://www.springframework.org/schema/integration/security
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<si-security:security-propagating-channels
propagate-by-default="false">
<si-security:propagation-patterns>
<si-security:excludePattern>
adminSpecial
</si-security:excludePattern>
<si-security:includePattern>
admin.*
</si-security:includePattern>
</si-security:propagation-patterns>
</si-security:security-propagating-channels>
</beans:beans>

View File

@@ -1,21 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/integration"
xmlns:si-security="http://www.springframework.org/schema/integration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/integration
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
http://www.springframework.org/schema/integration/security
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<si-security:security-propagating-channels propagate-by-default="true"/>
</beans:beans>

View File

@@ -1,98 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.integration.channel.PollableChannel;
import org.springframework.integration.channel.QueueChannel;
import org.springframework.integration.message.StringMessage;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* @author Jonas Partner
*/
public class SecurityPropagatingChannelsParserTests {
private ClassPathXmlApplicationContext applicationContext;
@After
public void tearDown() {
if (applicationContext != null) {
applicationContext.close();
}
SecurityContextHolder.clearContext();
}
@Test
public void testPropagationByDefault() {
loadApplicationContext(this.getClass().getSimpleName() + "-propagateByDefaultContext.xml");
QueueChannel channel = new QueueChannel();
applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel,
"Does not matter");
assertTrue("security context did not propagate by setting message bus level default",
channelPropagatesSecurityContext(channel));
}
// @Test
// public void testNoPropagationOnExcludedChannel() {
// loadApplicationContext(this.getClass().getSimpleName() +
// "-propagateByDefaultContext.xml");
// assertFalse("security context propagated when channel was explicitly
// excluded",
// channelPropagatesSecurityContext(excludedFromPropagation));
// }
//
@Test
public void testNoPropagationWithExcludedChannel() {
loadApplicationContext(this.getClass().getSimpleName() + "-noPropagationByDefaultContext.xml");
QueueChannel channel = new QueueChannel();
applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(channel,
"adminSpecial");
assertFalse("security context propagated when channel excluded", channelPropagatesSecurityContext(channel));
}
private boolean channelPropagatesSecurityContext(PollableChannel channel) {
login("bob", "bobspassword");
channel.send(new StringMessage("testMessage"));
SecurityContext context = (SecurityContext) channel.receive(-1).getHeaders().get(
"SPRING_SECURITY_CONTEXT");
return context != null;
}
private void login(String username, String password) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(username, password);
SecurityContext context = new SecurityContextImpl();
context.setAuthentication(authToken);
SecurityContextHolder.setContext(context);
}
private void loadApplicationContext(String resource) {
this.applicationContext = new ClassPathXmlApplicationContext(resource, this.getClass());
AutowireCapableBeanFactory beanFactory = this.applicationContext.getAutowireCapableBeanFactory();
beanFactory.autowireBean(this);
}
}

View File

@@ -1,61 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/integration"
xmlns:si-security="http://www.springframework.org/schema/integration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/integration
http://www.springframework.org/schema/integration/spring-integration-1.0.xsd
http://www.springframework.org/schema/integration/security
http://www.springframework.org/schema/integration/security/spring-integration-security-1.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<message-bus/>
<channel id="input"/>
<service-activator id="endpoint"
input-channel="input"
output-channel="output"
ref="testHandler">
<interceptors>
<si-security:endpoint-security-policy access="ROLE_ADMIN"/>
</interceptors>
</service-activator>
<outbound-channel-adapter id="output" ref="testConsumer"/>
<beans:bean id="testHandler"
class="org.springframework.integration.security.endpoint.TestHandler"/>
<beans:bean id="testConsumer"
class="org.springframework.integration.security.endpoint.TestConsumer"/>
<beans:bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="true"/>
<beans:property name="decisionVoters">
<beans:list>
<beans:bean
class="org.springframework.security.vote.RoleVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<security:authentication-provider
user-service-ref="userDetailsService" />
<security:user-service id="userDetailsService">
<security:user name="jimi" password="jimispassword"
authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="bob" password="bobspassword"
authorities="ROLE_USER"/>
</security:user-service>
</beans:beans>

View File

@@ -1,87 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.endpoint;
import static org.junit.Assert.assertEquals;
import org.junit.After;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.integration.channel.MessageChannel;
import org.springframework.integration.message.MessagingException;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.SecurityTestUtil;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
/**
* @author Jonas Partner
* @author Mark Fisher
*/
@ContextConfiguration
public class EndpointSecurityIntegrationTests extends AbstractJUnit4SpringContextTests {
@Autowired
@Qualifier("input")
MessageChannel input;
@Autowired
TestHandler testHandler;
@Autowired
TestConsumer testConsumer;
@After
public void tearDown() {
SecurityContextHolder.clearContext();
}
@Test
@DirtiesContext
public void testWithPermision() {
login("bob", "bobspassword", "ROLE_ADMIN");
input.send(new StringMessage("test"));
assertEquals("Wrong size of message list in handler", 1, testHandler.sentMessages.size());
assertEquals("Wrong size of message list in consumer", 1, testConsumer.sentMessages.size());
}
@Test(expected = AccessDeniedException.class)
@DirtiesContext
public void testWithoutPermision() throws Throwable {
login("bob", "bobspassword", "ROLE_USER");
try {
input.send(new StringMessage("test"));
}
catch (MessagingException e) {
throw e.getCause();
}
}
private void login(String username, String password, String... roles) {
SecurityContext context = SecurityTestUtil.createContext(username, password, roles);
SecurityContextHolder.setContext(context);
}
}

View File

@@ -1,137 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.endpoint;
import static org.easymock.EasyMock.createMock;
import static org.easymock.EasyMock.expectLastCall;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
import static org.junit.Assert.assertNull;
import org.junit.Test;
import org.springframework.integration.message.Message;
import org.springframework.integration.message.StringMessage;
import org.springframework.integration.security.SecurityContextUtils;
import org.springframework.integration.security.SecurityTestUtil;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
/**
* @author Jonas Partner
* @author Mark Fisher
*/
public class SecurityEndpointInterceptorTests {
@Test(expected = AccessDeniedException.class)
public void testUnauthenticatedAccessToSecuredEndpointWithNullMessage() throws Throwable {
try {
Message<?> message = null;
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
adm.decide(null, message, attDefintion);
expectLastCall().andThrow(new AccessDeniedException("nope"));
replay(adm);
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
interceptor.preHandle(message);
verify(adm);
}
finally {
assertNull("Authentication was not null after invocation threw AccessDeniedException",
SecurityContextHolder.getContext().getAuthentication());
}
}
@Test(expected = AccessDeniedException.class)
public void testUnauthenticatedAccessToSecuredEndpointWithNoSecurityContext() throws Throwable {
try {
Message<?> message = this.createMessageWithoutContext();
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
adm.decide(null, message, attDefintion);
expectLastCall().andThrow(new AccessDeniedException("nope"));
replay(adm);
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
interceptor.preHandle(message);
verify(adm);
}
finally {
assertNull("Authentication was not null after invocation threw AccessDeniedException",
SecurityContextHolder.getContext().getAuthentication());
}
}
@Test(expected = AccessDeniedException.class)
public void testUnauthenticatedAccessToSecuredEndpointWithSecurityContext() throws Throwable {
try {
SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword",
new String[] { "ROLE_ADMIN" });
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
Message<?> message = this.createMessageWithContext(context);
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
adm.decide(context.getAuthentication(), message, attDefintion);
expectLastCall().andThrow(new AccessDeniedException("nope"));
replay(adm);
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
interceptor.preHandle(message);
verify(adm);
}
finally {
assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext()
.getAuthentication());
}
}
@Test
public void testAuthenticatedAccessToSecuredEndpoint() throws Throwable {
try {
SecurityContext context = SecurityTestUtil.createContext("bob", "bobspassword",
new String[] { "ROLE_ADMIN" });
ConfigAttributeDefinition attDefintion = new ConfigAttributeDefinition("ROLE_ADMIN");
Message<?> message = this.createMessageWithContext(context);
AccessDecisionManager adm = createMock(AccessDecisionManager.class);
adm.decide(context.getAuthentication(), message, attDefintion);
expectLastCall();
replay(adm);
SecurityEndpointInterceptor interceptor = new SecurityEndpointInterceptor(attDefintion, adm);
interceptor.preHandle(message);
verify(adm);
}
finally {
assertNull("Authentication was not null after successful invocation", SecurityContextHolder.getContext()
.getAuthentication());
}
}
public Message<?> createMessageWithContext(SecurityContext securityContext) {
Message<?> message = new StringMessage("test");
return SecurityContextUtils.setSecurityContextHeader(securityContext, message);
}
public Message<?> createMessageWithoutContext() {
return new StringMessage("test");
}
}

View File

@@ -1,36 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.endpoint;
import java.util.ArrayList;
import java.util.List;
import org.springframework.integration.message.Message;
/**
* @author Mark Fisher
*/
public class TestHandler {
public List<Message<?>> sentMessages = new ArrayList<Message<?>>();
public Message<?> handle(Message<?> message) {
sentMessages.add(message);
return message;
}
}