SEC-1768: Added tests to reproduce "double-proxying" issue combining intercept-methods and tx-annotation-driven. Problem is caused by use of ProxyFactoryBean with auto-proxying.

This commit is contained in:
Luke Taylor
2011-06-18 14:32:11 +01:00
parent b0a60a7ff2
commit 5a1ddc660b
6 changed files with 98 additions and 20 deletions

View File

@@ -0,0 +1,23 @@
package org.springframework.security.config;
import static org.mockito.Mockito.mock;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionException;
import org.springframework.transaction.TransactionStatus;
/**
* @author Luke Taylor
*/
public class MockTransactionManager implements PlatformTransactionManager {
public TransactionStatus getTransaction(TransactionDefinition definition) throws TransactionException {
return mock(TransactionStatus.class);
}
public void commit(TransactionStatus status) throws TransactionException {
}
public void rollback(TransactionStatus status) throws TransactionException {
}
}

View File

@@ -2,6 +2,7 @@ package org.springframework.security.config;
import org.springframework.context.ApplicationListener;
import org.springframework.security.core.session.SessionCreationEvent;
import org.springframework.transaction.annotation.Transactional;
/**
* @author Luke Taylor

View File

@@ -0,0 +1,25 @@
package org.springframework.security.config;
import org.springframework.transaction.annotation.Transactional;
/**
* @author Luke Taylor
*/
public class TransactionalTestBusinessBean implements TestBusinessBean {
public void setInteger(int i) {
}
public int getInteger() {
return 0;
}
public void setString(String s) {
}
@Transactional
public void doSomething() {
}
public void unprotected() {
}
}

View File

@@ -2,9 +2,14 @@ package org.springframework.security.config.method;
import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.*;
import org.junit.runner.RunWith;
import org.springframework.aop.framework.Advised;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.ApplicationListener;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.access.AccessDeniedException;
@@ -13,29 +18,34 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.config.TestBusinessBean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
/**
* @author Luke Taylor
*/
public class InterceptMethodsBeanDefinitionDecoratorTests {
private ClassPathXmlApplicationContext appContext;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = "classpath:org/springframework/security/config/method-security.xml")
public class InterceptMethodsBeanDefinitionDecoratorTests implements ApplicationContextAware {
@Autowired
@Qualifier("target")
private TestBusinessBean target;
@Autowired
@Qualifier("transactionalTarget")
private TestBusinessBean transactionalTarget;
private ApplicationContext appContext;
@Before
public void loadContext() {
@BeforeClass
public static void loadContext() {
// Set value for placeholder
System.setProperty("admin.role", "ROLE_ADMIN");
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml");
target = (TestBusinessBean) appContext.getBean("target");
}
@After
public void closeAppContext() {
if (appContext != null) {
appContext.close();
}
public void clearContext() {
SecurityContextHolder.clearContext();
}
@@ -74,6 +84,15 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
SecurityContextHolder.getContext().setAuthentication(token);
target.doSomething();
fail("Expected AccessDeniedException");
}
@Test(expected = AuthenticationException.class)
public void transactionalMethodsShouldBeSecured() throws Exception {
transactionalTarget.doSomething();
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.appContext = applicationContext;
}
}