Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration
Closes gh-11624
This commit is contained in:
committed by
Marcus Hert Da Coregio
parent
8efdc5c926
commit
0cefb27928
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
* Copyright 2002-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -21,16 +21,20 @@ import java.util.function.Supplier;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.authentication.TestAuthentication;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorityAuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcherEntry;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
||||
|
||||
/**
|
||||
* Tests for {@link RequestMatcherDelegatingAuthorizationManager}.
|
||||
@@ -120,4 +124,225 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
|
||||
.withMessage("mappingsConsumer cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void mappingsWhenConfiguredAfterAnyRequestThenException() {
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
|
||||
.mappings((m) -> m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE,
|
||||
AuthenticatedAuthorizationManager.authenticated()))))
|
||||
.withMessage("Can't configure mappings after anyRequest");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void addWhenConfiguredAfterAnyRequestThenException() {
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
|
||||
.add(AnyRequestMatcher.INSTANCE, AuthenticatedAuthorizationManager.authenticated()))
|
||||
.withMessage("Can't add mappings after anyRequest");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestMatchersWhenConfiguredAfterAnyRequestThenException() {
|
||||
assertThatIllegalStateException()
|
||||
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
|
||||
.requestMatchers(new AntPathRequestMatcher("/authenticated")).authenticated().build())
|
||||
.withMessage("Can't configure requestMatchers after anyRequest");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anyRequestWhenConfiguredAfterAnyRequestThenException() {
|
||||
assertThatIllegalStateException().isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().authenticated().anyRequest().authenticated().build())
|
||||
.withMessage("Can't configure anyRequest after itself");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anyRequestWhenPermitAllThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().permitAll().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anyRequestWhenDenyAllThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().denyAll().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticatedWhenAuthenticatedUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().authenticated().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticatedWhenAnonymousUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().authenticated().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void fullyAuthenticatedWhenAuthenticatedUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().fullyAuthenticated().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void fullyAuthenticatedWhenAnonymousUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().fullyAuthenticated().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void fullyAuthenticatedWhenRememberMeUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().fullyAuthenticated().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void rememberMeWhenRememberMeUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().rememberMe().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void rememberMeWhenAuthenticatedUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().rememberMe().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anonymousWhenAnonymousUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().anonymous().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anonymousWhenAuthenticatedUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().anonymous().build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasRoleAdminWhenAuthenticatedUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasRole("ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasRoleAdminWhenAuthenticatedAdminThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasRole("ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyRole("USER", "ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyRole("USER", "ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyRole("USER", "ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAuthorityRoleAdminWhenAuthenticatedUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAuthority("ROLE_ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAuthorityRoleAdminWhenAuthenticatedAdminThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAuthority("ROLE_ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyAuthorityRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.anyRequest().hasAnyRole("USER", "ADMIN").build();
|
||||
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
|
||||
assertThat(decision).isNotNull();
|
||||
assertThat(decision.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user