Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR

Fixes gh-3697
This commit is contained in:
Andrei Ivanov
2016-02-12 16:43:29 +02:00
committed by Rob Winch
parent 2fac7dfb15
commit 9008a7af1d
2 changed files with 61 additions and 1 deletions

View File

@@ -19,6 +19,7 @@ import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import org.junit.*;
import org.junit.rules.ExpectedException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AccountExpiredException;
@@ -52,6 +53,8 @@ import java.util.*;
public class SwitchUserFilterTests {
private final static List<GrantedAuthority> ROLES_12 = AuthorityUtils
.createAuthorityList("ROLE_ONE", "ROLE_TWO");
@Rule
public ExpectedException thrown = ExpectedException.none();
@Before
public void authenticateCurrentUser() {
@@ -86,6 +89,17 @@ public class SwitchUserFilterTests {
}
private Authentication switchToUserWithAuthorityRole(String name, String switchAuthorityRole) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, name);
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchAuthorityRole(switchAuthorityRole);
return filter.attemptSwitchUser(request);
}
@Test
public void requiresExitUserMatchesCorrectly() {
SwitchUserFilter filter = new SwitchUserFilter();
@@ -412,9 +426,44 @@ public class SwitchUserFilterTests {
}
}
assertNotNull(switchedFrom);
assertSame(source, switchedFrom.getSource());
}
// gh-3697
@Test
public void switchAuthorityRoleCannotBeNull() throws Exception {
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage("switchAuthorityRole cannot be null");
switchToUserWithAuthorityRole("dano", null);
}
// gh-3697
@Test
public void switchAuthorityRoleCanBeChanged() throws Exception {
String switchAuthorityRole = "PREVIOUS_ADMINISTRATOR";
// original user
UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken(
"orig", "hawaii50", ROLES_12);
SecurityContextHolder.getContext().setAuthentication(source);
SecurityContextHolder.getContext().setAuthentication(switchToUser("jacklord"));
Authentication switched = switchToUserWithAuthorityRole("dano", switchAuthorityRole);
SwitchUserGrantedAuthority switchedFrom = null;
for (GrantedAuthority ga : switched.getAuthorities()) {
if (ga instanceof SwitchUserGrantedAuthority) {
switchedFrom = (SwitchUserGrantedAuthority) ga;
break;
}
}
assertNotNull(switchedFrom);
assertSame(source, switchedFrom.getSource());
assertEquals(switchAuthorityRole, switchedFrom.getAuthority());
}
// ~ Inner Classes
// ==================================================================================================