INT-1115 upgraded si-security module to use Spring Security 3.0.2
This commit is contained in:
@@ -15,8 +15,14 @@
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.springframework.ide.eclipse.core.springbuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.springframework.ide.eclipse.core.springnature</nature>
|
||||
<nature>org.maven.ide.eclipse.maven2Nature</nature>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
</natures>
|
||||
|
||||
@@ -28,7 +28,18 @@
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${org.springframework.security.version}</version>
|
||||
<version>3.0.2.RELEASE</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-support</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>3.0.2.RELEASE</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.springframework</groupId>
|
||||
|
||||
@@ -16,7 +16,8 @@
|
||||
|
||||
package org.springframework.integration.security.channel;
|
||||
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
@@ -25,12 +26,13 @@ import org.springframework.util.StringUtils;
|
||||
* send and receive operations based on simple String values.
|
||||
*
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class ChannelAccessPolicy {
|
||||
|
||||
private final ConfigAttributeDefinition configAttributeDefinitionForSend;
|
||||
private final ConfigAttribute configAttributeDefinitionForSend;
|
||||
|
||||
private final ConfigAttributeDefinition configAttributeDefinitionForReceive;
|
||||
private final ConfigAttribute configAttributeDefinitionForReceive;
|
||||
|
||||
|
||||
/**
|
||||
@@ -42,22 +44,18 @@ public class ChannelAccessPolicy {
|
||||
public ChannelAccessPolicy(String sendAccess, String receiveAccess) {
|
||||
Assert.isTrue(sendAccess != null || receiveAccess != null,
|
||||
"At least one of 'sendAccess' and 'receiveAccess' must not be null.");
|
||||
String[] sendValues = StringUtils.trimArrayElements(
|
||||
StringUtils.commaDelimitedListToStringArray(sendAccess));
|
||||
String[] receiveValues = StringUtils.trimArrayElements(
|
||||
StringUtils.commaDelimitedListToStringArray(receiveAccess));
|
||||
this.configAttributeDefinitionForSend = (sendValues.length > 0)
|
||||
? new ConfigAttributeDefinition(sendValues) : null;
|
||||
this.configAttributeDefinitionForReceive = (receiveValues.length > 0)
|
||||
? new ConfigAttributeDefinition(receiveValues) : null;
|
||||
this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess))
|
||||
? new SecurityConfig(sendAccess) : null;
|
||||
this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess))
|
||||
? new SecurityConfig(receiveAccess) : null;
|
||||
}
|
||||
|
||||
|
||||
public ConfigAttributeDefinition getConfigAttributeDefinitionForSend() {
|
||||
public ConfigAttribute getConfigAttributeDefinitionForSend() {
|
||||
return this.configAttributeDefinitionForSend;
|
||||
}
|
||||
|
||||
public ConfigAttributeDefinition getConfigAttributeDefinitionForReceive() {
|
||||
public ConfigAttribute getConfigAttributeDefinitionForReceive() {
|
||||
return this.configAttributeDefinitionForReceive;
|
||||
}
|
||||
|
||||
|
||||
@@ -27,17 +27,17 @@ import java.util.regex.Pattern;
|
||||
|
||||
import org.springframework.integration.context.NamedComponent;
|
||||
import org.springframework.integration.core.MessageChannel;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* The {@link ObjectDefinitionSource} implementation for secured {@link MessageChannel}s.
|
||||
*
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource {
|
||||
public class ChannelInvocationDefinitionSource implements SecurityMetadataSource {
|
||||
|
||||
private final Map<Pattern, ChannelAccessPolicy> patternMappings;
|
||||
|
||||
@@ -60,13 +60,7 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource
|
||||
return this.patternMappings.keySet();
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public boolean supports(Class clazz) {
|
||||
return ChannelInvocation.class.isAssignableFrom(clazz);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public ConfigAttributeDefinition getAttributes(Object object) throws IllegalArgumentException {
|
||||
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
|
||||
Assert.isAssignable(ChannelInvocation.class, object.getClass());
|
||||
ChannelInvocation invocation = (ChannelInvocation) object;
|
||||
MessageChannel channel = invocation.getChannel();
|
||||
@@ -78,35 +72,40 @@ public class ChannelInvocationDefinitionSource implements ObjectDefinitionSource
|
||||
ChannelAccessPolicy accessPolicy = mapping.getValue();
|
||||
if (pattern.matcher(channelName).matches()) {
|
||||
if (invocation.isSend()) {
|
||||
ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend();
|
||||
if (definition != null) {
|
||||
attributes.addAll(definition.getConfigAttributes());
|
||||
attributes.add(definition);
|
||||
}
|
||||
}
|
||||
else if (invocation.isReceive()) {
|
||||
ConfigAttributeDefinition definition = accessPolicy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive();
|
||||
if (definition != null) {
|
||||
attributes.addAll(definition.getConfigAttributes());
|
||||
attributes.add(definition);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return new ConfigAttributeDefinition(attributes);
|
||||
return attributes;
|
||||
}
|
||||
|
||||
public Collection<?> getConfigAttributeDefinitions() {
|
||||
Set<ConfigAttributeDefinition> definitions = new HashSet<ConfigAttributeDefinition>();
|
||||
for (ChannelAccessPolicy accessPolicy : this.patternMappings.values()) {
|
||||
ConfigAttributeDefinition sendDefinition = accessPolicy.getConfigAttributeDefinitionForSend();
|
||||
if (sendDefinition != null) {
|
||||
definitions.add(sendDefinition);
|
||||
}
|
||||
ConfigAttributeDefinition receiveDefinition = accessPolicy.getConfigAttributeDefinitionForReceive();
|
||||
if (receiveDefinition != null) {
|
||||
definitions.add(receiveDefinition);
|
||||
}
|
||||
}
|
||||
return definitions;
|
||||
public Collection<ConfigAttribute> getAllConfigAttributes() {
|
||||
Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
|
||||
|
||||
for (ChannelAccessPolicy policy : patternMappings.values()) {
|
||||
ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive();
|
||||
if (attribute != null){
|
||||
allAttributes.add(attribute);
|
||||
}
|
||||
attribute = policy.getConfigAttributeDefinitionForSend();
|
||||
if (attribute != null){
|
||||
allAttributes.add(attribute);
|
||||
}
|
||||
}
|
||||
|
||||
return allAttributes;
|
||||
}
|
||||
|
||||
public boolean supports(Class<?> clazz) {
|
||||
return ChannelInvocation.class.isAssignableFrom(clazz);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,16 +20,16 @@ import java.lang.reflect.Method;
|
||||
|
||||
import org.aopalliance.intercept.MethodInterceptor;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import org.springframework.security.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.intercept.ObjectDefinitionSource;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.InterceptorStatusToken;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* An AOP interceptor that enforces authorization for MessageChannel send and/or receive calls.
|
||||
*
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
|
||||
|
||||
@@ -47,10 +47,6 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl
|
||||
return ChannelInvocation.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ObjectDefinitionSource obtainObjectDefinitionSource() {
|
||||
return this.objectDefinitionSource;
|
||||
}
|
||||
|
||||
public Object invoke(MethodInvocation invocation) throws Throwable {
|
||||
Method method = invocation.getMethod();
|
||||
@@ -72,4 +68,10 @@ public class ChannelSecurityInterceptor extends AbstractSecurityInterceptor impl
|
||||
return returnValue;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public SecurityMetadataSource obtainSecurityMetadataSource() {
|
||||
return this.objectDefinitionSource;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -32,6 +32,7 @@ import org.springframework.util.Assert;
|
||||
* A {@link BeanPostProcessor} that proxies {@link MessageChannel}s to apply a {@link ChannelSecurityInterceptor}.
|
||||
*
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProcessor {
|
||||
|
||||
@@ -50,7 +51,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc
|
||||
|
||||
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
|
||||
if (bean instanceof MessageChannel && shouldProxy(beanName, (MessageChannel) bean,
|
||||
(ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource())) {
|
||||
(ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource())) {
|
||||
ProxyFactory proxyFactory = new ProxyFactory(bean);
|
||||
proxyFactory.addAdvisor(new DefaultPointcutAdvisor(this.interceptor));
|
||||
return proxyFactory.getProxy();
|
||||
@@ -59,7 +60,7 @@ public class ChannelSecurityInterceptorBeanPostProcessor implements BeanPostProc
|
||||
}
|
||||
|
||||
private boolean shouldProxy(String beanName, MessageChannel channel, ChannelInvocationDefinitionSource definitionSource) {
|
||||
Set<Pattern> patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainObjectDefinitionSource()).getPatterns();
|
||||
Set<Pattern> patterns = ((ChannelInvocationDefinitionSource) this.interceptor.obtainSecurityMetadataSource()).getPatterns();
|
||||
for (Pattern pattern : patterns) {
|
||||
if (pattern.matcher(beanName).matches()) {
|
||||
return true;
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright 2002-2010 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
|
||||
/**
|
||||
* @author Oleg Zhurakousky
|
||||
* @since 2.0
|
||||
*/
|
||||
public class MockAuthenticationManager extends AbstractAuthenticationManager {
|
||||
private boolean grantAccess;
|
||||
|
||||
public MockAuthenticationManager(boolean grantAccess){
|
||||
this.grantAccess = grantAccess;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.authentication.AbstractAuthenticationManager#doAuthentication(org.springframework.security.core.Authentication)
|
||||
*/
|
||||
@Override
|
||||
protected Authentication doAuthentication(Authentication authentication)
|
||||
throws AuthenticationException {
|
||||
if (grantAccess){
|
||||
authentication.setAuthenticated(true);
|
||||
}
|
||||
return authentication;
|
||||
}
|
||||
}
|
||||
@@ -16,17 +16,20 @@
|
||||
|
||||
package org.springframework.integration.security;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextImpl;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class SecurityTestUtils {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public static SecurityContext createContext(String username, String password, String... roles) {
|
||||
SecurityContextImpl ctxImpl = new SecurityContextImpl();
|
||||
UsernamePasswordAuthenticationToken authToken;
|
||||
@@ -35,7 +38,7 @@ public class SecurityTestUtils {
|
||||
for (int i = 0; i < roles.length; i++) {
|
||||
authorities[i] = new GrantedAuthorityImpl(roles[i]);
|
||||
}
|
||||
authToken = new UsernamePasswordAuthenticationToken(username, password, authorities);
|
||||
authToken = new UsernamePasswordAuthenticationToken(username, password, CollectionUtils.arrayToList(authorities));
|
||||
}
|
||||
else {
|
||||
authToken = new UsernamePasswordAuthenticationToken(username, password);
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
<beans:import resource="classpath:org/springframework/integration/security/config/commonSecurityConfiguration.xml"/>
|
||||
|
||||
<si-security:secured-channels>
|
||||
<si-security:access-policy pattern="secured.*" send-access="ROLE_ADMIN"/>
|
||||
<si-security:access-policy pattern="securedChannel.*" send-access="ROLE_ADMIN, ROLE_PRESIDENT"/>
|
||||
</si-security:secured-channels>
|
||||
|
||||
<beans:bean id="testHandler" class="org.springframework.integration.security.channel.TestHandler"/>
|
||||
|
||||
@@ -20,22 +20,22 @@ import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.integration.core.MessageChannel;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.SecurityTestUtils;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
|
||||
|
||||
/**
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
@ContextConfiguration
|
||||
public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4SpringContextTests {
|
||||
@@ -58,10 +58,17 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring
|
||||
}
|
||||
|
||||
|
||||
@Test(expected = AccessDeniedException.class)
|
||||
@DirtiesContext
|
||||
public void testSecuredWithNotEnoughPermission() {
|
||||
login("bob", "bobspassword", "ROLE_ADMIN");
|
||||
securedChannelAdapter.send(new StringMessage("test"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DirtiesContext
|
||||
public void testSecuredWithPermission() {
|
||||
login("bob", "bobspassword", "ROLE_ADMIN");
|
||||
login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT");
|
||||
securedChannelAdapter.send(new StringMessage("test"));
|
||||
assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size());
|
||||
}
|
||||
|
||||
@@ -21,22 +21,23 @@ import java.util.regex.Pattern;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.aop.framework.ProxyFactory;
|
||||
import org.springframework.integration.channel.QueueChannel;
|
||||
import org.springframework.integration.core.MessageChannel;
|
||||
import org.springframework.integration.message.StringMessage;
|
||||
import org.springframework.integration.security.MockAuthenticationManager;
|
||||
import org.springframework.integration.security.SecurityTestUtils;
|
||||
import org.springframework.security.AccessDeniedException;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.context.SecurityContext;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.vote.AffirmativeBased;
|
||||
import org.springframework.security.vote.RoleVoter;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
public class ChannelSecurityInterceptorTests {
|
||||
|
||||
@@ -81,7 +82,8 @@ public class ChannelSecurityInterceptorTests {
|
||||
objectDefinitionSource.addPatternMapping(Pattern.compile("secured.*"), new ChannelAccessPolicy(role, null));
|
||||
ChannelSecurityInterceptor interceptor = new ChannelSecurityInterceptor(objectDefinitionSource);
|
||||
AffirmativeBased accessDecisionManager = new AffirmativeBased();
|
||||
accessDecisionManager.setDecisionVoters(Collections.singletonList(new RoleVoter()));
|
||||
|
||||
accessDecisionManager.setDecisionVoters(Collections.singletonList((AccessDecisionVoter)new RoleVoter()));
|
||||
accessDecisionManager.afterPropertiesSet();
|
||||
interceptor.setAccessDecisionManager(accessDecisionManager);
|
||||
interceptor.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
|
||||
@@ -42,14 +42,15 @@ import org.springframework.integration.core.MessageChannel;
|
||||
import org.springframework.integration.security.channel.ChannelAccessPolicy;
|
||||
import org.springframework.integration.security.channel.ChannelSecurityInterceptor;
|
||||
import org.springframework.integration.selector.MessageSelector;
|
||||
import org.springframework.security.ConfigAttribute;
|
||||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
|
||||
|
||||
/**
|
||||
* @author Jonas Partner
|
||||
* @author Mark Fisher
|
||||
* @author Oleg Zhurakousky
|
||||
*/
|
||||
@ContextConfiguration
|
||||
public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests {
|
||||
@@ -73,8 +74,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN"));
|
||||
assertNull("Policy applies to receive", receiveDefinition);
|
||||
}
|
||||
@@ -91,8 +92,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN"));
|
||||
assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER"));
|
||||
@@ -111,8 +112,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
|
||||
assertNull("Policy applies to send", sendDefinition);
|
||||
@@ -130,8 +131,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
|
||||
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
|
||||
assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER"));
|
||||
@@ -150,8 +151,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
|
||||
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
|
||||
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
|
||||
ConfigAttributeDefinition sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttributeDefinition receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
|
||||
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
|
||||
assertNotNull("Pattern does not apply to 'send'", sendDefinition);
|
||||
assertNotNull("Pattern does not apply to 'receive'", receiveDefinition);
|
||||
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
|
||||
@@ -163,7 +164,7 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private ChannelAccessPolicy retrievePolicyForPatternString(String patternString, ChannelSecurityInterceptor interceptor) {
|
||||
DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainObjectDefinitionSource());
|
||||
DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainSecurityMetadataSource());
|
||||
Map<Pattern, ChannelAccessPolicy> policies = (Map<Pattern, ChannelAccessPolicy>) accessor.getPropertyValue("patternMappings");
|
||||
for (Map.Entry<Pattern, ChannelAccessPolicy> entry : policies.entrySet()) {
|
||||
if (entry.getKey().pattern().equals(patternString)) {
|
||||
@@ -174,9 +175,9 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private Collection<String> getRolesFromDefintion(ConfigAttributeDefinition definition) {
|
||||
private Collection<String> getRolesFromDefintion(ConfigAttribute definition) {
|
||||
Set<String> roles = new HashSet<String>();
|
||||
Collection configAttributes = definition.getConfigAttributes();
|
||||
Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute());
|
||||
for (Object next : configAttributes) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) next;
|
||||
roles.add(attribute.getAttribute());
|
||||
|
||||
@@ -6,25 +6,24 @@
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
<context:annotation-config/>
|
||||
|
||||
<beans:bean id="authenticationManager" class="org.springframework.security.MockAuthenticationManager"/>
|
||||
|
||||
<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
|
||||
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
|
||||
<beans:property name="allowIfAllAbstainDecisions" value="true"/>
|
||||
<beans:property name="decisionVoters">
|
||||
<beans:list>
|
||||
<beans:bean class="org.springframework.security.vote.RoleVoter"/>
|
||||
<beans:bean class="org.springframework.security.access.vote.RoleVoter"/>
|
||||
</beans:list>
|
||||
</beans:property>
|
||||
</beans:bean>
|
||||
|
||||
<security:authentication-provider user-service-ref="userDetailsService"/>
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider user-service-ref="userDetailsService"/>
|
||||
</security:authentication-manager>
|
||||
|
||||
<security:user-service id="userDetailsService">
|
||||
<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN"/>
|
||||
|
||||
Reference in New Issue
Block a user