SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)

This commit is contained in:
Luke Taylor
2009-08-04 00:18:07 +00:00
parent eaa0dc4fce
commit 0f6642d3ab
18 changed files with 1743 additions and 1769 deletions

View File

@@ -57,10 +57,12 @@ public class LdapProviderBeanDefinitionParserTests {
@Test(expected = ApplicationContextException.class)
public void missingServerEltCausesConfigException() {
setContext("<ldap-authentication-provider />");
setContext(
"<authentication-manager>" +
" <ldap-authentication-provider />" +
"</authentication-manager>");
}
@Test
public void supportsPasswordComparisonAuthentication() {
setContext("<ldap-server /> " +

View File

@@ -117,9 +117,11 @@ public class LdapUserServiceBeanDefinitionParserTests {
public void isSupportedByAuthenticationProviderElement() {
setContext(
"<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org'/>" +
"<authentication-provider>" +
"<authentication-manager>" +
" <authentication-provider>" +
" <ldap-user-service user-search-filter='(uid={0})' />" +
"</authentication-provider>");
" </authentication-provider>" +
"</authentication-manager>");
}
@Test

View File

@@ -1,15 +1,8 @@
package org.springframework.security.config.method;
import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Test;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.config.ConfigTestUtils;
import org.springframework.security.config.MockAfterInvocationProvider;
import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
@@ -24,23 +17,10 @@ public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
}
@Test
public void customAfterInvocationProviderIsAddedToInterceptor() {
setContext(
"<global-method-security />" +
public void customAfterInvocationProviderIsSupportedIn20Schema() {
appContext = new InMemoryXmlApplicationContext(
"<b:bean id='aip' class='org.springframework.security.config.MockAfterInvocationProvider'>" +
" <custom-after-invocation-provider />" +
"</b:bean>" +
ConfigTestUtils.AUTH_PROVIDER_XML
);
MethodSecurityInterceptor msi = (MethodSecurityInterceptor) appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.SECURITY_INTERCEPTOR_ID);
AfterInvocationProviderManager apm = (AfterInvocationProviderManager) msi.getAfterInvocationManager();
assertNotNull(apm);
assertEquals(1, apm.getProviders().size());
assertTrue(apm.getProviders().get(0) instanceof MockAfterInvocationProvider);
}
private void setContext(String context) {
appContext = new InMemoryXmlApplicationContext(context);
"</b:bean>", "2.0.4", null);
}
}

View File

@@ -17,16 +17,16 @@ import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.annotation.BusinessService;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.intercept.RunAsManagerImpl;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.ConfigTestUtils;
import org.springframework.security.config.PostProcessedMockUserDetailsService;
import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -184,6 +184,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
);
}
// SEC-936
@Test(expected=AccessDeniedException.class)
public void worksWithoutTargetOrClass() {
setContext(
@@ -210,7 +211,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
AffirmativeBased adm = (AffirmativeBased) appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.ACCESS_MANAGER_ID);
List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
AfterInvocationProviderManager pm = (AfterInvocationProviderManager) appContext.getBean(BeanIds.AFTER_INVOCATION_MANAGER);
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor)
appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor)msi.getAdvice()).getAfterInvocationManager();
PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
assertTrue(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler") == FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
}
@@ -269,7 +272,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
RunAsManagerImpl ram = (RunAsManagerImpl) appContext.getBean("runAsMgr");
assertSame(ram, FieldUtils.getFieldValue(appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.SECURITY_INTERCEPTOR_ID), "runAsManager"));
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor)
appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
assertSame(ram, FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager"));
}
private void setContext(String context) {