SEC-1216: Replacement of custom-after-invocation-provider with after-invocation-provider element. Some changes to help prevent proxying of aop infrastructure classes (use of AopInfrastructureBean marker interface)
This commit is contained in:
@@ -57,10 +57,12 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test(expected = ApplicationContextException.class)
|
||||
public void missingServerEltCausesConfigException() {
|
||||
setContext("<ldap-authentication-provider />");
|
||||
setContext(
|
||||
"<authentication-manager>" +
|
||||
" <ldap-authentication-provider />" +
|
||||
"</authentication-manager>");
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void supportsPasswordComparisonAuthentication() {
|
||||
setContext("<ldap-server /> " +
|
||||
|
||||
@@ -117,9 +117,11 @@ public class LdapUserServiceBeanDefinitionParserTests {
|
||||
public void isSupportedByAuthenticationProviderElement() {
|
||||
setContext(
|
||||
"<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org'/>" +
|
||||
"<authentication-provider>" +
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider>" +
|
||||
" <ldap-user-service user-search-filter='(uid={0})' />" +
|
||||
"</authentication-provider>");
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -1,15 +1,8 @@
|
||||
package org.springframework.security.config.method;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.config.ConfigTestUtils;
|
||||
import org.springframework.security.config.MockAfterInvocationProvider;
|
||||
import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
|
||||
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
|
||||
@@ -24,23 +17,10 @@ public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customAfterInvocationProviderIsAddedToInterceptor() {
|
||||
setContext(
|
||||
"<global-method-security />" +
|
||||
public void customAfterInvocationProviderIsSupportedIn20Schema() {
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
"<b:bean id='aip' class='org.springframework.security.config.MockAfterInvocationProvider'>" +
|
||||
" <custom-after-invocation-provider />" +
|
||||
"</b:bean>" +
|
||||
ConfigTestUtils.AUTH_PROVIDER_XML
|
||||
);
|
||||
|
||||
MethodSecurityInterceptor msi = (MethodSecurityInterceptor) appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.SECURITY_INTERCEPTOR_ID);
|
||||
AfterInvocationProviderManager apm = (AfterInvocationProviderManager) msi.getAfterInvocationManager();
|
||||
assertNotNull(apm);
|
||||
assertEquals(1, apm.getProviders().size());
|
||||
assertTrue(apm.getProviders().get(0) instanceof MockAfterInvocationProvider);
|
||||
}
|
||||
|
||||
private void setContext(String context) {
|
||||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
"</b:bean>", "2.0.4", null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,16 +17,16 @@ import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.annotation.BusinessService;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.intercept.RunAsManagerImpl;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
|
||||
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.ConfigTestUtils;
|
||||
import org.springframework.security.config.PostProcessedMockUserDetailsService;
|
||||
import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@@ -184,6 +184,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
);
|
||||
}
|
||||
|
||||
// SEC-936
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void worksWithoutTargetOrClass() {
|
||||
setContext(
|
||||
@@ -210,7 +211,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
AffirmativeBased adm = (AffirmativeBased) appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.ACCESS_MANAGER_ID);
|
||||
List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
|
||||
PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
|
||||
AfterInvocationProviderManager pm = (AfterInvocationProviderManager) appContext.getBean(BeanIds.AFTER_INVOCATION_MANAGER);
|
||||
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor)
|
||||
appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
|
||||
AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor)msi.getAdvice()).getAfterInvocationManager();
|
||||
PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
|
||||
assertTrue(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler") == FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
|
||||
}
|
||||
@@ -269,7 +272,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
|
||||
setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
|
||||
RunAsManagerImpl ram = (RunAsManagerImpl) appContext.getBean("runAsMgr");
|
||||
assertSame(ram, FieldUtils.getFieldValue(appContext.getBean(GlobalMethodSecurityBeanDefinitionParser.SECURITY_INTERCEPTOR_ID), "runAsManager"));
|
||||
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor)
|
||||
appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
|
||||
assertSame(ram, FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager"));
|
||||
}
|
||||
|
||||
private void setContext(String context) {
|
||||
|
||||
Reference in New Issue
Block a user