Add AuthorizationManager that uses ExpressionHandler

Closes gh-11105
This commit is contained in:
Evgeniy Cheban
2022-04-27 17:09:28 +03:00
committed by Josh Cummings
parent 3f861f7f20
commit 07b0be3f42
6 changed files with 471 additions and 3 deletions

View File

@@ -0,0 +1,105 @@
/*
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.access.expression;
import org.junit.jupiter.api.Test;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
/**
* Tests for {@link WebExpressionAuthorizationManager}.
*
* @author Evgeniy Cheban
*/
class WebExpressionAuthorizationManagerTests {
@Test
void instantiateWhenExpressionStringNullThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(null))
.withMessage("expressionString cannot be empty");
}
@Test
void instantiateWhenExpressionStringEmptyThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(""))
.withMessage("expressionString cannot be empty");
}
@Test
void instantiateWhenExpressionStringBlankThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(" "))
.withMessage("expressionString cannot be empty");
}
@Test
void instantiateWhenExpressionHandlerNotSetThenDefaultUsed() {
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
assertThat(manager).extracting("expressionHandler").isInstanceOf(DefaultHttpSecurityExpressionHandler.class);
}
@Test
void setExpressionHandlerWhenNullThenIllegalArgumentException() {
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null))
.withMessage("expressionHandler cannot be null");
}
@Test
void setExpressionHandlerWhenNotNullThenVerifyExpressionHandler() {
String expressionString = "hasRole('ADMIN')";
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager(expressionString);
DefaultHttpSecurityExpressionHandler expressionHandler = new DefaultHttpSecurityExpressionHandler();
ExpressionParser mockExpressionParser = mock(ExpressionParser.class);
Expression mockExpression = mock(Expression.class);
given(mockExpressionParser.parseExpression(expressionString)).willReturn(mockExpression);
expressionHandler.setExpressionParser(mockExpressionParser);
manager.setExpressionHandler(expressionHandler);
assertThat(manager).extracting("expressionHandler").isEqualTo(expressionHandler);
assertThat(manager).extracting("expression").isEqualTo(mockExpression);
verify(mockExpressionParser).parseExpression(expressionString);
}
@Test
void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() {
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin,
new RequestAuthorizationContext(new MockHttpServletRequest()));
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() {
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser,
new RequestAuthorizationContext(new MockHttpServletRequest()));
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
}