Add AspectJ AuthorizationManager Support
Closes gh-11326
This commit is contained in:
@@ -32,6 +32,7 @@ import org.springframework.aop.support.DefaultPointcutAdvisor;
|
||||
import org.springframework.aop.support.JdkRegexpMethodPointcut;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.context.annotation.AdviceMode;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Role;
|
||||
@@ -406,6 +407,17 @@ public class PrePostMethodSecurityConfigurationTests {
|
||||
this.methodSecurityService.preAuthorizeBean(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenAspectJThenRegistersAspects() {
|
||||
this.spring.register(AspectJMethodSecurityServiceConfig.class).autowire();
|
||||
assertThat(this.spring.getContext().containsBean("preFilterAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("postFilterAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("preAuthorizeAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("postAuthorizeAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("securedAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("annotationSecurityAspect$0")).isFalse();
|
||||
}
|
||||
|
||||
@EnableMethodSecurity
|
||||
static class MethodSecurityServiceConfig {
|
||||
|
||||
@@ -547,4 +559,19 @@ public class PrePostMethodSecurityConfigurationTests {
|
||||
|
||||
}
|
||||
|
||||
@EnableMethodSecurity(mode = AdviceMode.ASPECTJ, securedEnabled = true)
|
||||
static class AspectJMethodSecurityServiceConfig {
|
||||
|
||||
@Bean
|
||||
MethodSecurityService methodSecurityService() {
|
||||
return new MethodSecurityServiceImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
Authz authz() {
|
||||
return new Authz();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -85,6 +85,17 @@ public class MethodSecurityBeanDefinitionParserTests {
|
||||
.withMessage("Access Denied");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenAspectJThenRegistersAspects() {
|
||||
this.spring.configLocations(xml("AspectJMethodSecurityServiceEnabled")).autowire();
|
||||
assertThat(this.spring.getContext().containsBean("preFilterAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("postFilterAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("preAuthorizeAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("postAuthorizeAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("securedAspect$0")).isTrue();
|
||||
assertThat(this.spring.getContext().containsBean("annotationSecurityAspect$0")).isFalse();
|
||||
}
|
||||
|
||||
@WithAnonymousUser
|
||||
@Test
|
||||
public void preAuthorizePermitAllWhenRoleAnonymousThenPasses() {
|
||||
|
||||
Reference in New Issue
Block a user