diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java index 681dfbcd44..15f0325482 100644 --- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java @@ -1,9 +1,5 @@ package org.springframework.security.config.method; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - import org.springframework.aop.config.AbstractInterceptorDrivenBeanDefinitionDecorator; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinitionHolder; @@ -13,7 +9,6 @@ import org.springframework.beans.factory.support.ManagedMap; import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; import org.springframework.beans.factory.xml.ParserContext; -import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource; @@ -24,6 +19,8 @@ import org.springframework.util.xml.DomUtils; import org.w3c.dom.Element; import org.w3c.dom.Node; +import java.util.*; + /** * @author Luke Taylor * @author Ben Alex diff --git a/config/src/test/java/org/springframework/security/config/MockTransactionManager.java b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java new file mode 100644 index 0000000000..c57af303e2 --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/MockTransactionManager.java @@ -0,0 +1,23 @@ +package org.springframework.security.config; + +import static org.mockito.Mockito.mock; + +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionException; +import org.springframework.transaction.TransactionStatus; + +/** + * @author Luke Taylor + */ +public class MockTransactionManager implements PlatformTransactionManager { + public TransactionStatus getTransaction(TransactionDefinition definition) throws TransactionException { + return mock(TransactionStatus.class); + } + + public void commit(TransactionStatus status) throws TransactionException { + } + + public void rollback(TransactionStatus status) throws TransactionException { + } +} diff --git a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java index 58920390d0..c5acb05afd 100644 --- a/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java +++ b/config/src/test/java/org/springframework/security/config/TestBusinessBeanImpl.java @@ -2,6 +2,7 @@ package org.springframework.security.config; import org.springframework.context.ApplicationListener; import org.springframework.security.core.session.SessionCreationEvent; +import org.springframework.transaction.annotation.Transactional; /** * @author Luke Taylor diff --git a/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java new file mode 100644 index 0000000000..feabc99365 --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/TransactionalTestBusinessBean.java @@ -0,0 +1,25 @@ +package org.springframework.security.config; + +import org.springframework.transaction.annotation.Transactional; + +/** + * @author Luke Taylor + */ +public class TransactionalTestBusinessBean implements TestBusinessBean { + public void setInteger(int i) { + } + + public int getInteger() { + return 0; + } + + public void setString(String s) { + } + + @Transactional + public void doSomething() { + } + + public void unprotected() { + } +} diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index 3346f7ba44..b19e8baa6e 100644 --- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -2,9 +2,14 @@ package org.springframework.security.config.method; import static org.junit.Assert.*; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; +import org.junit.*; +import org.junit.runner.RunWith; +import org.springframework.aop.framework.Advised; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; import org.springframework.context.ApplicationListener; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.security.access.AccessDeniedException; @@ -13,29 +18,34 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.config.TestBusinessBean; +import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; /** * @author Luke Taylor */ -public class InterceptMethodsBeanDefinitionDecoratorTests { - private ClassPathXmlApplicationContext appContext; +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = "classpath:org/springframework/security/config/method-security.xml") +public class InterceptMethodsBeanDefinitionDecoratorTests implements ApplicationContextAware { + @Autowired + @Qualifier("target") private TestBusinessBean target; + @Autowired + @Qualifier("transactionalTarget") + private TestBusinessBean transactionalTarget; + private ApplicationContext appContext; - @Before - public void loadContext() { + @BeforeClass + public static void loadContext() { // Set value for placeholder System.setProperty("admin.role", "ROLE_ADMIN"); - appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml"); - target = (TestBusinessBean) appContext.getBean("target"); } @After - public void closeAppContext() { - if (appContext != null) { - appContext.close(); - } + public void clearContext() { SecurityContextHolder.clearContext(); } @@ -74,6 +84,15 @@ public class InterceptMethodsBeanDefinitionDecoratorTests { SecurityContextHolder.getContext().setAuthentication(token); target.doSomething(); - fail("Expected AccessDeniedException"); + } + + @Test(expected = AuthenticationException.class) + public void transactionalMethodsShouldBeSecured() throws Exception { + transactionalTarget.doSomething(); + } + + @Override + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + this.appContext = applicationContext; } } diff --git a/config/src/test/resources/org/springframework/security/config/method-security.xml b/config/src/test/resources/org/springframework/security/config/method-security.xml index ca44261632..21f442df45 100644 --- a/config/src/test/resources/org/springframework/security/config/method-security.xml +++ b/config/src/test/resources/org/springframework/security/config/method-security.xml @@ -3,11 +3,24 @@ + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> + + + + + + + + + + +