INT-1408 fixed the issue with ConfigAttributes related to upgrading to Spring Security 3
This commit is contained in:
@@ -16,6 +16,10 @@
|
||||
|
||||
package org.springframework.integration.security.channel;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.util.Assert;
|
||||
@@ -30,9 +34,9 @@ import org.springframework.util.StringUtils;
|
||||
*/
|
||||
public class ChannelAccessPolicy {
|
||||
|
||||
private final ConfigAttribute configAttributeDefinitionForSend;
|
||||
private final Collection<ConfigAttribute> configAttributeDefinitionForSend;
|
||||
|
||||
private final ConfigAttribute configAttributeDefinitionForReceive;
|
||||
private final Collection<ConfigAttribute> configAttributeDefinitionForReceive;
|
||||
|
||||
|
||||
/**
|
||||
@@ -41,21 +45,39 @@ public class ChannelAccessPolicy {
|
||||
* will be trimmed. A <code>null</code> value indicates that the policy does not
|
||||
* apply for either send or receive access type. At most one of the values may be null.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public ChannelAccessPolicy(String sendAccess, String receiveAccess) {
|
||||
Assert.isTrue(sendAccess != null || receiveAccess != null,
|
||||
boolean sendAccessDefined = StringUtils.hasText(sendAccess);
|
||||
boolean recieveAccessDefined = StringUtils.hasText(receiveAccess);
|
||||
Assert.isTrue(sendAccessDefined || recieveAccessDefined,
|
||||
"At least one of 'sendAccess' and 'receiveAccess' must not be null.");
|
||||
this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess))
|
||||
? new SecurityConfig(sendAccess) : null;
|
||||
this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess))
|
||||
? new SecurityConfig(receiveAccess) : null;
|
||||
|
||||
if (sendAccessDefined){
|
||||
String[] sendAccessValues = StringUtils.commaDelimitedListToStringArray(sendAccess);
|
||||
configAttributeDefinitionForSend = new HashSet<ConfigAttribute>();
|
||||
for (String sendAccessValue : sendAccessValues) {
|
||||
configAttributeDefinitionForSend.add(new SecurityConfig(StringUtils.trimAllWhitespace(sendAccessValue)));
|
||||
}
|
||||
} else {
|
||||
configAttributeDefinitionForSend = Collections.EMPTY_SET;
|
||||
}
|
||||
if (recieveAccessDefined){
|
||||
String[] receiveAccessValues = StringUtils.commaDelimitedListToStringArray(receiveAccess);
|
||||
configAttributeDefinitionForReceive = new HashSet<ConfigAttribute>();
|
||||
for (String receiveAccessValue : receiveAccessValues) {
|
||||
configAttributeDefinitionForReceive.add(new SecurityConfig(StringUtils.trimAllWhitespace(receiveAccessValue)));
|
||||
}
|
||||
} else {
|
||||
configAttributeDefinitionForReceive = Collections.EMPTY_SET;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public ConfigAttribute getConfigAttributeDefinitionForSend() {
|
||||
public Collection<ConfigAttribute> getConfigAttributeDefinitionForSend() {
|
||||
return this.configAttributeDefinitionForSend;
|
||||
}
|
||||
|
||||
public ConfigAttribute getConfigAttributeDefinitionForReceive() {
|
||||
public Collection<ConfigAttribute> getConfigAttributeDefinitionForReceive() {
|
||||
return this.configAttributeDefinitionForReceive;
|
||||
}
|
||||
|
||||
|
||||
@@ -72,15 +72,15 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource
|
||||
ChannelAccessPolicy accessPolicy = mapping.getValue();
|
||||
if (pattern.matcher(channelName).matches()) {
|
||||
if (invocation.isSend()) {
|
||||
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> definition = accessPolicy.getConfigAttributeDefinitionForSend();
|
||||
if (definition != null) {
|
||||
attributes.add(definition);
|
||||
attributes.addAll(definition);
|
||||
}
|
||||
}
|
||||
else if (invocation.isReceive()) {
|
||||
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> definition = accessPolicy.getConfigAttributeDefinitionForReceive();
|
||||
if (definition != null) {
|
||||
attributes.add(definition);
|
||||
attributes.addAll(definition);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -92,14 +92,10 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource
|
||||
Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
|
||||
|
||||
for (ChannelAccessPolicy policy : patternMappings.values()) {
|
||||
ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive();
|
||||
if (attribute != null){
|
||||
allAttributes.add(attribute);
|
||||
}
|
||||
attribute = policy.getConfigAttributeDefinitionForSend();
|
||||
if (attribute != null){
|
||||
allAttributes.add(attribute);
|
||||
}
|
||||
Collection<ConfigAttribute> receiveAttributes = policy.getConfigAttributeDefinitionForReceive();
|
||||
allAttributes.addAll(receiveAttributes);
|
||||
Collection<ConfigAttribute> sendAttributes = policy.getConfigAttributeDefinitionForSend();
|
||||
allAttributes.addAll(sendAttributes);
|
||||
}
|
||||
|
||||
return allAttributes;
|
||||
|
||||
@@ -62,14 +62,14 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
@DirtiesContext
|
||||
public void testSecuredWithNotEnoughPermission() {
|
||||
login("bob", "bobspassword", "ROLE_ADMIN");
|
||||
login("bob", "bobspassword", "ROLE_ADMINA");
|
||||
securedChannelAdapter.send(new GenericMessage<String>("test"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DirtiesContext
|
||||
public void testSecuredWithPermission() {
|
||||
login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT");
|
||||
login("bob", "bobspassword", "ROLE_ADMIN", "ROLE_PRESIDENT");
|
||||
securedChannelAdapter.send(new GenericMessage<String>("test"));
|
||||
assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size());
|
||||
}
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
http://www.springframework.org/schema/integration/security
|
||||
http://www.springframework.org/schema/integration/security/spring-integration-security.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
<beans:import resource="classpath:org/springframework/integration/security/config/commonSecurityConfiguration.xml"/>
|
||||
|
||||
<si-security:secured-channels>
|
||||
|
||||
@@ -16,11 +16,6 @@
|
||||
|
||||
package org.springframework.integration.security.config;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
@@ -43,10 +38,14 @@ import org.springframework.integration.core.MessageSelector;
|
||||
import org.springframework.integration.security.channel.ChannelAccessPolicy;
|
||||
import org.springframework.integration.security.channel.ChannelSecurityInterceptor;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
* @author Mark Fisher
|
||||
@@ -74,10 +73,10 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN"));
|
||||
assertNull("Policy applies to receive", receiveDefinition);
|
||||
assertTrue("Policy applies to receive", receiveDefinition.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -92,12 +91,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN"));
|
||||
assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER"));
|
||||
assertNull("Policy applies to receive", receiveDefinition);
|
||||
assertTrue("Policy applies to receive", receiveDefinition.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -112,11 +111,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
|
||||
assertNull("Policy applies to send", sendDefinition);
|
||||
assertTrue("Policy applies to receive", sendDefinition.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -131,12 +130,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
|
||||
assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER"));
|
||||
assertNull("Policy applies to send", sendDefinition);
|
||||
assertTrue("Policy applies to receive", sendDefinition.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -151,8 +150,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
assertNotNull("Pattern does not apply to 'send'", sendDefinition);
|
||||
assertNotNull("Pattern does not apply to 'receive'", receiveDefinition);
|
||||
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
|
||||
@@ -174,12 +173,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
return null;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private Collection<String> getRolesFromDefintion(ConfigAttribute definition) {
|
||||
private Collection<String> getRolesFromDefintion(Collection<ConfigAttribute> definition) {
|
||||
Set<String> roles = new HashSet<String>();
|
||||
Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute());
|
||||
for (Object next : configAttributes) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) next;
|
||||
//Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition);
|
||||
for (ConfigAttribute nextConfigAttribute : definition) {
|
||||
ConfigAttribute attribute = nextConfigAttribute;
|
||||
roles.add(attribute.getAttribute());
|
||||
}
|
||||
return roles;
|
||||
|
||||
Reference in New Issue
Block a user