target securing advice
This commit is contained in:
@@ -0,0 +1,134 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.aop.framework.ProxyFactory;
|
||||
import org.springframework.integration.message.BlockingTarget;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.message.Target;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.InsufficientAuthenticationException;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class TargetSecuringAdvisorTests {
|
||||
|
||||
public Object proxy(Object target, TargetSecuringAdvisor advisor) {
|
||||
ProxyFactory proxyFactory = new ProxyFactory(target);
|
||||
proxyFactory.addAdvisor(advisor);
|
||||
|
||||
return proxyFactory.getProxy();
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTargetSendIntercpeted() {
|
||||
TestTarget target = new TestTarget();
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testTargetSendAdvised() {
|
||||
TargetSecuringAdvisor advisor = new TargetSecuringAdvisor(new AlwaysDenyAccessDecisionManager(), "ROLE_ADMIN");
|
||||
Target target = (Target) proxy(new TestTarget(), advisor);
|
||||
target.send(new StringMessage("test"));
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testBlockingTargetSendAdvised() {
|
||||
TargetSecuringAdvisor advisor = new TargetSecuringAdvisor(new AlwaysDenyAccessDecisionManager(), "ROLE_ADMIN");
|
||||
Target target = (Target) proxy(new BlockingTestTarget(), advisor);
|
||||
target.send(new StringMessage("test"));
|
||||
}
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
public void testBlockingTargetSendWithTimeoutAdvised() {
|
||||
TargetSecuringAdvisor advisor = new TargetSecuringAdvisor(new AlwaysDenyAccessDecisionManager(), "ROLE_ADMIN");
|
||||
BlockingTarget target = (BlockingTarget) proxy(new BlockingTestTarget(), advisor);
|
||||
target.send(new StringMessage("test"), 10l);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTargetSendNotFromTargetInterface() {
|
||||
TargetSecuringAdvisor advisor = new TargetSecuringAdvisor(new AlwaysDenyAccessDecisionManager(), "ROLE_ADMIN");
|
||||
OtherSend target = (OtherSend) proxy(new TestTarget(), advisor);
|
||||
target.send(10l);
|
||||
}
|
||||
|
||||
static interface OtherSend {
|
||||
|
||||
public void send(long l);
|
||||
}
|
||||
|
||||
static class AlwaysDenyAccessDecisionManager implements AccessDecisionManager {
|
||||
|
||||
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
|
||||
throws AccessDeniedException, InsufficientAuthenticationException {
|
||||
throw new AccessDeniedException("dave");
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static class TestTarget implements Target, OtherSend {
|
||||
|
||||
boolean invoked;
|
||||
|
||||
public boolean send(Message<?> message) {
|
||||
invoked = true;
|
||||
return false;
|
||||
}
|
||||
|
||||
public void send(long a) {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static class BlockingTestTarget implements BlockingTarget {
|
||||
|
||||
boolean invoked;
|
||||
|
||||
public boolean send(Message<?> message) {
|
||||
invoked = true;
|
||||
return false;
|
||||
}
|
||||
|
||||
public void send() {
|
||||
}
|
||||
|
||||
public boolean send(Message<?> message, long timeout) {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,110 @@
|
||||
/*
|
||||
* Copyright 2002-2008 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.aop.framework.ProxyFactory;
|
||||
import org.springframework.integration.message.Message;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.message.Target;
|
||||
import org.springframework.integration.security.SecurityContextUtils;
|
||||
import org.springframework.integration.security.TargetSecuringInterceptor;
|
||||
import org.springframework.integration.security.config.SecurityTestUtil;
|
||||
import org.springframework.security.AccessDecisionManager;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.vote.RoleVoter;
|
||||
import org.springframework.security.vote.UnanimousBased;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jonas Partner
|
||||
*
|
||||
*/
|
||||
public class TargetSecuringInterceptorTests {
|
||||
|
||||
|
||||
UnanimousBased accessDecisionManager;
|
||||
|
||||
@Before
|
||||
public void setup(){
|
||||
accessDecisionManager = new UnanimousBased();
|
||||
List<AccessDecisionVoter> voterList = new ArrayList<AccessDecisionVoter>();
|
||||
voterList.add(new AuthenticatedVoter());
|
||||
voterList.add(new RoleVoter());
|
||||
accessDecisionManager.setDecisionVoters(voterList);
|
||||
}
|
||||
|
||||
|
||||
|
||||
public Object createProxy(Object target,String securityAttributes, AccessDecisionManager accessDecisionManager){
|
||||
TargetSecuringInterceptor interceptor = new TargetSecuringInterceptor(new ConfigAttributeDefinition(StringUtils.tokenizeToStringArray(securityAttributes,",")), accessDecisionManager);
|
||||
ProxyFactory factory = new ProxyFactory(target);
|
||||
factory.addAdvice(interceptor);
|
||||
return factory.getProxy();
|
||||
}
|
||||
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void testAccessDenied(){
|
||||
Target proxiedTarget = (Target) createProxy(new TestTarget(), "IS_AUTHENTICATED_FULLY, ROLE_ADMIN", accessDecisionManager);
|
||||
SecurityContext sctx = SecurityTestUtil.createContext("bob", "password", "IS_AUTHENTICATED_ANONYMOUSLY", "ROLE_USER");
|
||||
StringMessage message = new StringMessage("test");
|
||||
SecurityContextUtils.setSecurityContextHeader(sctx, message);
|
||||
proxiedTarget.send(message);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAccessGranted(){
|
||||
Target proxiedTarget = (Target) createProxy(new TestTarget(), "IS_AUTHENTICATED_FULLY, ROLE_ADMIN", accessDecisionManager);
|
||||
SecurityContext sctx = SecurityTestUtil.createContext("bob", "password", "IS_AUTHENTICATED_ANONYMOUSLY", "ROLE_USER", "ROLE_ADMIN");
|
||||
StringMessage message = new StringMessage("test");
|
||||
SecurityContextUtils.setSecurityContextHeader(sctx, message);
|
||||
proxiedTarget.send(message);
|
||||
}
|
||||
|
||||
|
||||
@Test(expected=RuntimeException.class)
|
||||
public void testNotAuthenticated(){
|
||||
Target proxiedTarget = (Target) createProxy(new TestTarget(), "IS_AUTHENTICATED_FULLY, ROLE_ADMIN", accessDecisionManager);
|
||||
StringMessage message = new StringMessage("test");
|
||||
proxiedTarget.send(message);
|
||||
}
|
||||
|
||||
|
||||
static class TestTarget implements Target{
|
||||
|
||||
boolean invoked;
|
||||
|
||||
public boolean send(Message<?> message) {
|
||||
invoked = true;
|
||||
return false;
|
||||
}
|
||||
|
||||
public void send(long l) {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user