Use RequestMatcherEntry

Closes gh-11046
This commit is contained in:
Josh Cummings
2022-03-30 14:31:11 -06:00
parent 04c483387e
commit c175118f62
3 changed files with 20 additions and 28 deletions

View File

@@ -27,6 +27,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcherEntry;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@@ -90,10 +91,12 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.mappings((m) -> {
m.put(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true));
m.put(AnyRequestMatcher.INSTANCE, AuthorityAuthorizationManager.hasRole("ADMIN"));
m.put(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false));
m.put(new MvcRequestMatcher(null, "/afterAny"), (a, o) -> new AuthorizationDecision(true));
m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/grant"),
(a, o) -> new AuthorizationDecision(true)));
m.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE,
AuthorityAuthorizationManager.hasRole("ADMIN")));
m.add(new RequestMatcherEntry<>(new MvcRequestMatcher(null, "/afterAny"),
(a, o) -> new AuthorizationDecision(true)));
}).build();
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
@@ -103,10 +106,6 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
assertThat(grant).isNotNull();
assertThat(grant.isGranted()).isTrue();
AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
assertThat(deny).isNotNull();
assertThat(deny.isGranted()).isFalse();
AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny"));
assertThat(afterAny).isNotNull();
assertThat(afterAny.isGranted()).isFalse();