Add AuthorizationManager that uses ExpressionHandler
Closes gh-11105
This commit is contained in:
committed by
Josh Cummings
parent
3f861f7f20
commit
07b0be3f42
@@ -0,0 +1,105 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.access.expression;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.expression.Expression;
|
||||
import org.springframework.expression.ExpressionParser;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.authentication.TestAuthentication;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
/**
|
||||
* Tests for {@link WebExpressionAuthorizationManager}.
|
||||
*
|
||||
* @author Evgeniy Cheban
|
||||
*/
|
||||
class WebExpressionAuthorizationManagerTests {
|
||||
|
||||
@Test
|
||||
void instantiateWhenExpressionStringNullThenIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(null))
|
||||
.withMessage("expressionString cannot be empty");
|
||||
}
|
||||
|
||||
@Test
|
||||
void instantiateWhenExpressionStringEmptyThenIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(""))
|
||||
.withMessage("expressionString cannot be empty");
|
||||
}
|
||||
|
||||
@Test
|
||||
void instantiateWhenExpressionStringBlankThenIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new WebExpressionAuthorizationManager(" "))
|
||||
.withMessage("expressionString cannot be empty");
|
||||
}
|
||||
|
||||
@Test
|
||||
void instantiateWhenExpressionHandlerNotSetThenDefaultUsed() {
|
||||
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
|
||||
assertThat(manager).extracting("expressionHandler").isInstanceOf(DefaultHttpSecurityExpressionHandler.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
void setExpressionHandlerWhenNullThenIllegalArgumentException() {
|
||||
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> manager.setExpressionHandler(null))
|
||||
.withMessage("expressionHandler cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
void setExpressionHandlerWhenNotNullThenVerifyExpressionHandler() {
|
||||
String expressionString = "hasRole('ADMIN')";
|
||||
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager(expressionString);
|
||||
DefaultHttpSecurityExpressionHandler expressionHandler = new DefaultHttpSecurityExpressionHandler();
|
||||
ExpressionParser mockExpressionParser = mock(ExpressionParser.class);
|
||||
Expression mockExpression = mock(Expression.class);
|
||||
given(mockExpressionParser.parseExpression(expressionString)).willReturn(mockExpression);
|
||||
expressionHandler.setExpressionParser(mockExpressionParser);
|
||||
manager.setExpressionHandler(expressionHandler);
|
||||
assertThat(manager).extracting("expressionHandler").isEqualTo(expressionHandler);
|
||||
assertThat(manager).extracting("expression").isEqualTo(mockExpression);
|
||||
verify(mockExpressionParser).parseExpression(expressionString);
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() {
|
||||
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin,
|
||||
new RequestAuthorizationContext(new MockHttpServletRequest()));
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() {
|
||||
WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')");
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser,
|
||||
new RequestAuthorizationContext(new MockHttpServletRequest()));
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user