Simplify RequestMatcherDelegatingAuthorizationManager.Builder matcher registration

Closes gh-11624
This commit is contained in:
Evgeniy Cheban
2023-04-27 23:25:38 +03:00
committed by Marcus Hert Da Coregio
parent 8efdc5c926
commit 0cefb27928
3 changed files with 390 additions and 3 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,16 +21,20 @@ import java.util.function.Supplier;
import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcherEntry;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
/**
* Tests for {@link RequestMatcherDelegatingAuthorizationManager}.
@@ -120,4 +124,225 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
.withMessage("mappingsConsumer cannot be null");
}
@Test
public void mappingsWhenConfiguredAfterAnyRequestThenException() {
assertThatIllegalStateException()
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
.mappings((m) -> m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE,
AuthenticatedAuthorizationManager.authenticated()))))
.withMessage("Can't configure mappings after anyRequest");
}
@Test
public void addWhenConfiguredAfterAnyRequestThenException() {
assertThatIllegalStateException()
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
.add(AnyRequestMatcher.INSTANCE, AuthenticatedAuthorizationManager.authenticated()))
.withMessage("Can't add mappings after anyRequest");
}
@Test
public void requestMatchersWhenConfiguredAfterAnyRequestThenException() {
assertThatIllegalStateException()
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().anyRequest().authenticated()
.requestMatchers(new AntPathRequestMatcher("/authenticated")).authenticated().build())
.withMessage("Can't configure requestMatchers after anyRequest");
}
@Test
public void anyRequestWhenConfiguredAfterAnyRequestThenException() {
assertThatIllegalStateException().isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().authenticated().anyRequest().authenticated().build())
.withMessage("Can't configure anyRequest after itself");
}
@Test
public void anyRequestWhenPermitAllThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().permitAll().build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void anyRequestWhenDenyAllThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().denyAll().build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void authenticatedWhenAuthenticatedUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().authenticated().build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void authenticatedWhenAnonymousUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().authenticated().build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void fullyAuthenticatedWhenAuthenticatedUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().fullyAuthenticated().build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void fullyAuthenticatedWhenAnonymousUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().fullyAuthenticated().build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void fullyAuthenticatedWhenRememberMeUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().fullyAuthenticated().build();
AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void rememberMeWhenRememberMeUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().rememberMe().build();
AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void rememberMeWhenAuthenticatedUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().rememberMe().build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void anonymousWhenAnonymousUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().anonymous().build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void anonymousWhenAuthenticatedUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().anonymous().build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void hasRoleAdminWhenAuthenticatedUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasRole("ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void hasRoleAdminWhenAuthenticatedAdminThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasRole("ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyRole("USER", "ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyRole("USER", "ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyRole("USER", "ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void hasAuthorityRoleAdminWhenAuthenticatedUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAuthority("ROLE_ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
@Test
public void hasAuthorityRoleAdminWhenAuthenticatedAdminThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAuthority("ROLE_ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
}
@Test
public void hasAnyAuthorityRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.anyRequest().hasAnyRole("USER", "ADMIN").build();
AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null);
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}
}