SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying.
This commit is contained in:
@@ -0,0 +1,23 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import org.springframework.transaction.PlatformTransactionManager;
|
||||
import org.springframework.transaction.TransactionDefinition;
|
||||
import org.springframework.transaction.TransactionException;
|
||||
import org.springframework.transaction.TransactionStatus;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class MockTransactionManager implements PlatformTransactionManager {
|
||||
public TransactionStatus getTransaction(TransactionDefinition definition) throws TransactionException {
|
||||
return mock(TransactionStatus.class);
|
||||
}
|
||||
|
||||
public void commit(TransactionStatus status) throws TransactionException {
|
||||
}
|
||||
|
||||
public void rollback(TransactionStatus status) throws TransactionException {
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,7 @@ package org.springframework.security.config;
|
||||
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.security.core.session.SessionCreationEvent;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class TransactionalTestBusinessBean implements TestBusinessBean {
|
||||
public void setInteger(int i) {
|
||||
}
|
||||
|
||||
public int getInteger() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
public void setString(String s) {
|
||||
}
|
||||
|
||||
@Transactional
|
||||
public void doSomething() {
|
||||
}
|
||||
|
||||
public void unprotected() {
|
||||
}
|
||||
}
|
||||
@@ -2,9 +2,14 @@ package org.springframework.security.config.method;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.*;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.aop.framework.Advised;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
@@ -13,29 +18,34 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
|
||||
import org.springframework.security.config.TestBusinessBean;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||
private ClassPathXmlApplicationContext appContext;
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration(locations = "classpath:org/springframework/security/config/method-security.xml")
|
||||
public class InterceptMethodsBeanDefinitionDecoratorTests implements ApplicationContextAware {
|
||||
@Autowired
|
||||
@Qualifier("target")
|
||||
private TestBusinessBean target;
|
||||
@Autowired
|
||||
@Qualifier("transactionalTarget")
|
||||
private TestBusinessBean transactionalTarget;
|
||||
private ApplicationContext appContext;
|
||||
|
||||
@Before
|
||||
public void loadContext() {
|
||||
@BeforeClass
|
||||
public static void loadContext() {
|
||||
// Set value for placeholder
|
||||
System.setProperty("admin.role", "ROLE_ADMIN");
|
||||
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml");
|
||||
target = (TestBusinessBean) appContext.getBean("target");
|
||||
}
|
||||
|
||||
@After
|
||||
public void closeAppContext() {
|
||||
if (appContext != null) {
|
||||
appContext.close();
|
||||
}
|
||||
public void clearContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@@ -74,6 +84,15 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
|
||||
target.doSomething();
|
||||
fail("Expected AccessDeniedException");
|
||||
}
|
||||
|
||||
@Test(expected = AuthenticationException.class)
|
||||
public void transactionalMethodsShouldBeSecured() throws Exception {
|
||||
transactionalTarget.doSomething();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
|
||||
this.appContext = applicationContext;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user