PermitAllSupport supports AuthorizeHttpRequestsConfigurer

PermitAllSupport supports either an ExpressionUrlAuthorizationConfigurer or an AuthorizeHttpRequestsConfigurer. If none or both are configured an error message is thrown.

Closes gh-10482
This commit is contained in:
Igor Pelesic
2021-11-18 12:48:43 +01:00
committed by Josh Cummings
parent f838b7cb1d
commit a3a9de1b9b
5 changed files with 157 additions and 10 deletions

View File

@@ -22,9 +22,11 @@ import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@@ -83,4 +85,40 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
assertThat(abstain).isNull();
}
@Test
public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.mappings((m) -> {
m.put(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true));
m.put(AnyRequestMatcher.INSTANCE, AuthorityAuthorizationManager.hasRole("ADMIN"));
m.put(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false));
m.put(new MvcRequestMatcher(null, "/afterAny"), (a, o) -> new AuthorizationDecision(true));
}).build();
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
assertThat(grant).isNotNull();
assertThat(grant.isGranted()).isTrue();
AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
assertThat(deny).isNotNull();
assertThat(deny.isGranted()).isFalse();
AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny"));
assertThat(afterAny).isNotNull();
assertThat(afterAny.isGranted()).isFalse();
AuthorizationDecision unmapped = manager.check(authentication, new MockHttpServletRequest(null, "/unmapped"));
assertThat(unmapped).isNotNull();
assertThat(unmapped.isGranted()).isFalse();
}
@Test
public void addWhenMappingsConsumerNullThenException() {
assertThatIllegalArgumentException()
.isThrownBy(() -> RequestMatcherDelegatingAuthorizationManager.builder().mappings(null).build())
.withMessage("mappingsConsumer cannot be null");
}
}