Replace expected @Test attributes with AssertJ

Replace JUnit expected @Test attributes with AssertJ calls.
This commit is contained in:
Phillip Webb
2020-09-10 21:33:16 -07:00
committed by Josh Cummings
parent 20baa7d409
commit c502312719
243 changed files with 2115 additions and 1591 deletions

View File

@@ -47,14 +47,16 @@ public class InvalidConfigurationTests {
}
// Parser should throw a SAXParseException
@Test(expected = XmlBeanDefinitionStoreException.class)
@Test
public void passwordEncoderCannotAppearAtTopLevel() {
setContext("<password-encoder hash='md5'/>");
assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
.isThrownBy(() -> setContext("<password-encoder hash='md5'/>"));
}
@Test(expected = XmlBeanDefinitionStoreException.class)
@Test
public void authenticationProviderCannotAppearAtTopLevel() {
setContext("<authentication-provider ref='blah'/>");
assertThatExceptionOfType(XmlBeanDefinitionStoreException.class)
.isThrownBy(() -> setContext("<authentication-provider ref='blah'/>"));
}
@Test

View File

@@ -38,6 +38,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
@@ -71,15 +72,17 @@ public class Issue50Tests {
// no exception
}
@Test(expected = UsernameNotFoundException.class)
@Test
public void authenticateWhenMissingUserThenUsernameNotFoundException() {
this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
}
@Test(expected = BadCredentialsException.class)
@Test
public void authenticateWhenInvalidPasswordThenBadCredentialsException() {
this.userRepo.save(User.withUsernameAndPassword("test", "password"));
this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("test", "invalid"));
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken("test", "invalid")));
}
@Test
@@ -90,12 +93,12 @@ public class Issue50Tests {
assertThat(result.getName()).isEqualTo("test");
}
@Test(expected = AccessDeniedException.class)
@Test
public void globalMethodSecurityIsEnabledWhenNotAllowedThenAccessDenied() {
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_USER"));
this.userRepo.save(User.withUsernameAndPassword("denied", "password"));
Authentication result = this.authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
}
}

View File

@@ -27,6 +27,8 @@ import org.springframework.security.config.annotation.SecurityConfigurer;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -44,14 +46,14 @@ public class AbstractConfiguredSecurityBuilderTests {
this.builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void constructorWhenObjectPostProcessorIsNullThenThrowIllegalArgumentException() {
new TestConfiguredSecurityBuilder(null);
assertThatIllegalArgumentException().isThrownBy(() -> new TestConfiguredSecurityBuilder(null));
}
@Test(expected = IllegalArgumentException.class)
@Test
public void objectPostProcessorWhenNullThenThrowIllegalArgumentException() {
this.builder.objectPostProcessor(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.builder.objectPostProcessor(null));
}
@Test
@@ -61,15 +63,15 @@ public class AbstractConfiguredSecurityBuilderTests {
assertThat(this.builder.getConfigurers(TestSecurityConfigurer.class)).hasSize(1);
}
@Test(expected = IllegalStateException.class)
@Test
public void buildWhenBuildTwiceThenThrowIllegalStateException() throws Exception {
this.builder.build();
this.builder.build();
assertThatIllegalStateException().isThrownBy(() -> this.builder.build());
}
@Test(expected = IllegalStateException.class)
@Test
public void getObjectWhenNotBuiltThenThrowIllegalStateException() {
this.builder.getObject();
assertThatIllegalStateException().isThrownBy(this.builder::getObject);
}
@Test
@@ -81,22 +83,22 @@ public class AbstractConfiguredSecurityBuilderTests {
verify(DelegateSecurityConfigurer.CONFIGURER).configure(this.builder);
}
@Test(expected = IllegalStateException.class)
@Test
public void getConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
true);
builder.apply(new DelegateSecurityConfigurer());
builder.apply(new DelegateSecurityConfigurer());
builder.getConfigurer(DelegateSecurityConfigurer.class);
assertThatIllegalStateException().isThrownBy(() -> builder.getConfigurer(DelegateSecurityConfigurer.class));
}
@Test(expected = IllegalStateException.class)
@Test
public void removeConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class),
true);
builder.apply(new DelegateSecurityConfigurer());
builder.apply(new DelegateSecurityConfigurer());
builder.removeConfigurer(DelegateSecurityConfigurer.class);
assertThatIllegalStateException().isThrownBy(() -> builder.removeConfigurer(DelegateSecurityConfigurer.class));
}
@Test

View File

@@ -26,6 +26,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* Tests for {@link AbstractRequestMatcherRegistry}.
*
@@ -33,29 +35,34 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
*/
public class AbstractRequestMatcherRegistryAnyMatcherTests {
@Test(expected = BeanCreationException.class)
@Test
public void antMatchersCanNotWorkAfterAnyRequest() {
loadConfig(AntMatchersAfterAnyRequestConfig.class);
assertThatExceptionOfType(BeanCreationException.class)
.isThrownBy(() -> loadConfig(AntMatchersAfterAnyRequestConfig.class));
}
@Test(expected = BeanCreationException.class)
@Test
public void mvcMatchersCanNotWorkAfterAnyRequest() {
loadConfig(MvcMatchersAfterAnyRequestConfig.class);
assertThatExceptionOfType(BeanCreationException.class)
.isThrownBy(() -> loadConfig(MvcMatchersAfterAnyRequestConfig.class));
}
@Test(expected = BeanCreationException.class)
@Test
public void regexMatchersCanNotWorkAfterAnyRequest() {
loadConfig(RegexMatchersAfterAnyRequestConfig.class);
assertThatExceptionOfType(BeanCreationException.class)
.isThrownBy(() -> loadConfig(RegexMatchersAfterAnyRequestConfig.class));
}
@Test(expected = BeanCreationException.class)
@Test
public void anyRequestCanNotWorkAfterItself() {
loadConfig(AnyRequestAfterItselfConfig.class);
assertThatExceptionOfType(BeanCreationException.class)
.isThrownBy(() -> loadConfig(AnyRequestAfterItselfConfig.class));
}
@Test(expected = BeanCreationException.class)
@Test
public void requestMatchersCanNotWorkAfterAnyRequest() {
loadConfig(RequestMatchersAfterAnyRequestConfig.class);
assertThatExceptionOfType(BeanCreationException.class)
.isThrownBy(() -> loadConfig(RequestMatchersAfterAnyRequestConfig.class));
}
private void loadConfig(Class<?>... configs) {

View File

@@ -30,6 +30,7 @@ import org.springframework.security.config.test.SpringTestRule;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.Mockito.mock;
/**
@@ -41,14 +42,16 @@ public class Sec2515Tests {
public final SpringTestRule spring = new SpringTestRule();
// SEC-2515
@Test(expected = FatalBeanException.class)
@Test
public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanThenThrowFatalBeanException() {
this.spring.register(StackOverflowSecurityConfig.class).autowire();
assertThatExceptionOfType(FatalBeanException.class)
.isThrownBy(() -> this.spring.register(StackOverflowSecurityConfig.class).autowire());
}
@Test(expected = FatalBeanException.class)
@Test
public void loadConfigWhenAuthenticationManagerNotConfiguredAndRegisterBeanCustomNameThenThrowFatalBeanException() {
this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire();
assertThatExceptionOfType(FatalBeanException.class)
.isThrownBy(() -> this.spring.register(CustomBeanNameStackOverflowSecurityConfig.class).autowire());
}
// SEC-2549

View File

@@ -34,6 +34,7 @@ import org.springframework.security.messaging.util.matcher.MessageMatcher;
import org.springframework.util.AntPathMatcher;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
@RunWith(MockitoJUnitRunner.class)
@@ -96,9 +97,9 @@ public class MessageSecurityMetadataSourceRegistryTests {
assertThat(getAttribute()).isEqualTo("permitAll");
}
@Test(expected = IllegalArgumentException.class)
@Test
public void pathMatcherNull() {
this.messages.simpDestPathMatcher(null);
assertThatIllegalArgumentException().isThrownBy(() -> this.messages.simpDestPathMatcher(null));
}
@Test

View File

@@ -31,6 +31,8 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* Tests for {@link AuthenticationProviderBeanDefinitionParser}.
*
@@ -140,18 +142,20 @@ public class AuthenticationProviderBeanDefinitionParserTests {
}
// SEC-1466
@Test(expected = BeanDefinitionParsingException.class)
@Test
public void exernalProviderDoesNotSupportChildElements() {
assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() ->
// @formatter:off
this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>"
+ " <authentication-provider ref='aProvider'> "
+ " <password-encoder ref='customPasswordEncoder'/>"
+ " </authentication-provider>"
+ " </authentication-manager>"
+ " <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
+ " <b:bean id='customPasswordEncoder' "
+ " class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
this.appContext = new InMemoryXmlApplicationContext(" <authentication-manager>"
+ " <authentication-provider ref='aProvider'> "
+ " <password-encoder ref='customPasswordEncoder'/>"
+ " </authentication-provider>"
+ " </authentication-manager>"
+ " <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>"
+ " <b:bean id='customPasswordEncoder' "
+ " class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>")
// @formatter:on
);
}
private AuthenticationProvider getProvider() {

View File

@@ -26,6 +26,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Luke Taylor
@@ -122,26 +123,28 @@ public class UserServiceBeanDefinitionParserTests {
assertThat(bob.isEnabled()).isFalse();
}
@Test(expected = FatalBeanException.class)
@Test
public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
assertThatExceptionOfType(FatalBeanException.class).isThrownBy(() ->
// @formatter:off
setContext("<user-service id='service' properties='doesntmatter.props'>"
+ " <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+ "</user-service>");
setContext("<user-service id='service' properties='doesntmatter.props'>"
+ " <user name='joe' password='joespassword' authorities='ROLE_A'/>"
+ "</user-service>")
// @formatter:on
UserDetailsService userService = (UserDetailsService) this.appContext.getBean("service");
userService.loadUserByUsername("Joe");
);
}
@Test(expected = FatalBeanException.class)
@Test
public void multipleTopLevelUseWithoutIdThrowsException() {
setContext("<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>");
assertThatExceptionOfType(FatalBeanException.class).isThrownBy(() -> setContext(
"<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>"));
}
@Test(expected = FatalBeanException.class)
@Test
public void userServiceWithMissingPropertiesFileThrowsException() {
setContext("<user-service id='service' properties='classpath:doesntexist.properties'/>");
assertThatExceptionOfType(FatalBeanException.class).isThrownBy(
() -> setContext("<user-service id='service' properties='classpath:doesntexist.properties'/>"));
}
private void setContext(String context) {

View File

@@ -50,6 +50,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@@ -110,16 +111,16 @@ public class GrantedAuthorityDefaultsJcTests {
this.messageService.getJsrMessage();
}
@Test(expected = AccessDeniedException.class)
@Test
public void messageDenied() {
setup("DENIED");
this.messageService.getMessage();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getMessage);
}
@Test(expected = AccessDeniedException.class)
@Test
public void jsrMessageDenied() {
setup("DENIED");
this.messageService.getJsrMessage();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getJsrMessage);
}
// SEC-2926

View File

@@ -43,6 +43,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration
@@ -103,16 +104,16 @@ public class GrantedAuthorityDefaultsXmlTests {
this.messageService.getJsrMessage();
}
@Test(expected = AccessDeniedException.class)
@Test
public void messageDenied() {
setup("DENIED");
this.messageService.getMessage();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getMessage);
}
@Test(expected = AccessDeniedException.class)
@Test
public void jsrMessageDenied() {
setup("DENIED");
this.messageService.getJsrMessage();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.messageService::getJsrMessage);
}
// SEC-2926

View File

@@ -36,6 +36,7 @@ import org.springframework.security.web.access.expression.ExpressionBasedFilterI
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* Tests for {@link FilterInvocationSecurityMetadataSourceParser}.
@@ -119,11 +120,12 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
// @formatter:on
}
@Test(expected = BeanDefinitionParsingException.class)
@Test
public void parsingInterceptUrlServletPathFails() {
setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
+ " <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
+ "</filter-security-metadata-source>");
assertThatExceptionOfType(BeanDefinitionParsingException.class)
.isThrownBy(() -> setContext("<filter-security-metadata-source id='fids' use-expressions='false'>"
+ " <intercept-url pattern='/secure' access='ROLE_USER' servlet-path='/spring' />"
+ "</filter-security-metadata-source>"));
}
private FilterInvocation createFilterInvocation(String path, String method) {

View File

@@ -96,10 +96,11 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
this.target = null;
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
loadContext();
this.target.someUserMethod1();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(this.target::someUserMethod1);
}
@Test
@@ -114,13 +115,13 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
assertThat(((MethodSecurityMetadataSourceAdvisor) advisors[0]).getOrder()).isEqualTo(1001);
}
@Test(expected = AccessDeniedException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
loadContext();
TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE");
token.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(token);
this.target.someAdminMethod();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
}
@Test
@@ -138,7 +139,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
assertThat(service.getPostProcessorWasHere()).isEqualTo("Hello from the post processor!");
}
@Test(expected = AccessDeniedException.class)
@Test
public void worksWithAspectJAutoproxy() {
// @formatter:off
setContext("<global-method-security>"
@@ -155,7 +156,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
service.loadUserByUsername("notused");
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.loadUserByUsername("notused"));
}
@Test
@@ -201,13 +202,14 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
this.target.someOther(0);
}
@Test(expected = BeanDefinitionParsingException.class)
@Test
public void duplicateElementCausesError() {
setContext("<global-method-security />" + "<global-method-security />");
assertThatExceptionOfType(BeanDefinitionParsingException.class)
.isThrownBy(() -> setContext("<global-method-security />" + "<global-method-security />"));
}
// SEC-936
@Test(expected = AccessDeniedException.class)
@Test
public void worksWithoutTargetOrClass() {
// @formatter:off
setContext("<global-method-security secured-annotations='enabled'/>"
@@ -221,7 +223,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
this.target = (BusinessService) this.appContext.getBean("businessService");
this.target.someUserMethod1();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someUserMethod1);
}
// Expression configuration tests
@@ -242,7 +244,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
.isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
}
@Test(expected = AccessDeniedException.class)
@Test
public void accessIsDeniedForHasRoleExpression() {
// @formatter:off
setContext("<global-method-security pre-post-annotations='enabled'/>"
@@ -251,7 +253,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
// @formatter:on
SecurityContextHolder.getContext().setAuthentication(this.bob);
this.target = (BusinessService) this.appContext.getBean("target");
this.target.someAdminMethod();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
}
@Test
@@ -322,7 +324,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
}
// SEC-1450
@Test(expected = AuthenticationException.class)
@Test
@SuppressWarnings("unchecked")
public void genericsAreMatchedByProtectPointcut() {
// @formatter:off
@@ -334,7 +336,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
+ ConfigTestUtils.AUTH_PROVIDER_XML);
// @formatter:on
Foo foo = (Foo) this.appContext.getBean("target");
foo.foo(new SecurityConfig("A"));
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A")));
}
// SEC-1448

View File

@@ -40,6 +40,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Luke Taylor
@@ -82,9 +83,10 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
this.target.unprotected();
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
this.target.doSomething();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(this.target::doSomething);
}
@Test
@@ -95,17 +97,17 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
this.target.doSomething();
}
@Test(expected = AccessDeniedException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
this.target.doSomething();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::doSomething);
}
@Test(expected = AuthenticationException.class)
@Test
public void transactionalMethodsShouldBeSecured() {
this.transactionalTarget.doSomething();
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(this.transactionalTarget::doSomething);
}
@Override

View File

@@ -29,6 +29,8 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Luke Taylor
*/
@@ -57,9 +59,10 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
SecurityContextHolder.clearContext();
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
this.target.someUserMethod1();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> this.target.someUserMethod1());
}
@Test
@@ -78,12 +81,12 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
this.target.someUserMethod1();
}
@Test(expected = AccessDeniedException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
this.target.someAdminMethod();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
}
@Test

View File

@@ -27,6 +27,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
*
@@ -43,11 +45,11 @@ public class PreAuthorizeTests {
SecurityContextHolder.clearContext();
}
@Test(expected = AccessDeniedException.class)
@Test
public void preAuthorizeAdminRoleDenied() {
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
this.service.preAuthorizeAdminRole();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::preAuthorizeAdminRole);
}
@Test
@@ -64,11 +66,12 @@ public class PreAuthorizeTests {
this.service.contactPermission(new Contact("user"));
}
@Test(expected = AccessDeniedException.class)
@Test
public void preAuthorizeContactPermissionDenied() {
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN"));
this.service.contactPermission(new Contact("admin"));
assertThatExceptionOfType(AccessDeniedException.class)
.isThrownBy(() -> this.service.contactPermission(new Contact("admin")));
}
}

View File

@@ -26,6 +26,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
*
@@ -34,14 +36,14 @@ public class Sec2196Tests {
private ConfigurableApplicationContext context;
@Test(expected = AccessDeniedException.class)
@Test
public void genericMethodsProtected() {
loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>"
+ "<b:bean class='" + Service.class.getName() + "'/>");
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("test", "pass", "ROLE_USER"));
Service service = this.context.getBean(Service.class);
service.save(new User());
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.save(new User()));
}
@Test

View File

@@ -65,9 +65,10 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
SecurityContextHolder.clearContext();
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
this.target.someUserMethod1();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(this.target::someUserMethod1);
}
@Test
@@ -78,28 +79,29 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
this.target.someUserMethod1();
}
@Test(expected = AccessDeniedException.class)
@Test
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
SecurityContextHolder.getContext().setAuthentication(token);
this.target.someAdminMethod();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
}
// SEC-1387
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void targetIsSerializableBeforeUse() throws Exception {
BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
chompedTarget.someAdminMethod();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(chompedTarget::someAdminMethod);
}
@Test(expected = AccessDeniedException.class)
@Test
public void targetIsSerializableAfterUse() throws Exception {
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(this.target::someAdminMethod);
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u", "p", "ROLE_A"));
BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(this.target);
chompedTarget.someAdminMethod();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(chompedTarget::someAdminMethod);
}
private Object serializeAndDeserialize(Object o) throws IOException, ClassNotFoundException {

View File

@@ -27,6 +27,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Rob Winch
*
@@ -43,11 +45,11 @@ public class SecuredTests {
SecurityContextHolder.clearContext();
}
@Test(expected = AccessDeniedException.class)
@Test
public void securedAdminRoleDenied() {
SecurityContextHolder.getContext()
.setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER"));
this.service.securedAdminRole();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.service::securedAdminRole);
}
@Test

View File

@@ -31,6 +31,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.Mockito.mock;
/**
@@ -44,9 +45,9 @@ public class Gh4020GlobalMethodSecurityConfigurationTests {
DenyAllService denyAll;
// gh-4020
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void denyAll() {
this.denyAll.denyAll();
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class).isThrownBy(this.denyAll::denyAll);
}
@Configuration

View File

@@ -23,6 +23,8 @@ import org.springframework.security.config.annotation.web.reactive.ServerHttpSec
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.test.web.reactive.server.WebTestClient;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
/**
* @author Rob Winch
* @since 5.0
@@ -105,31 +107,34 @@ public class AuthorizeExchangeSpecTests {
// @formatter:on
}
@Test(expected = IllegalStateException.class)
@Test
public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
this.http.authorizeExchange().pathMatchers("/incomplete");
this.http.authorizeExchange().pathMatchers("/throws-exception");
assertThatIllegalStateException()
.isThrownBy(() -> this.http.authorizeExchange().pathMatchers("/throws-exception"));
}
@Test(expected = IllegalStateException.class)
@Test
public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
assertThatIllegalStateException().isThrownBy(() ->
// @formatter:off
this.http.authorizeExchange()
.anyExchange().denyAll()
.pathMatchers("/never-reached");
this.http.authorizeExchange()
.anyExchange().denyAll()
.pathMatchers("/never-reached")
// @formatter:on
);
}
@Test(expected = IllegalStateException.class)
@Test
public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
this.http.authorizeExchange().pathMatchers("/incomplete");
this.http.build();
assertThatIllegalStateException().isThrownBy(this.http::build);
}
@Test(expected = IllegalStateException.class)
@Test
public void buildWhenMatcherDefinedWithNoAccessInLambdaThenThrowsException() {
this.http.authorizeExchange((exchanges) -> exchanges.pathMatchers("/incomplete"));
this.http.build();
assertThatIllegalStateException().isThrownBy(this.http::build);
}
private WebTestClient buildClient() {

View File

@@ -84,7 +84,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
}
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void securityInterceptorIsAppliedWhenUsedWithAopConfig() {
// @formatter:off
setContext("<aop:config>"
@@ -99,10 +99,11 @@ public class MethodSecurityInterceptorWithAopConfigTests {
// Check both against interface and class
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> target.makeLowerCase("TEST"));
target.makeUpperCase("test");
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> target.makeUpperCase("test"));
}
@Test(expected = AuthenticationCredentialsNotFoundException.class)
@Test
public void securityInterceptorIsAppliedWhenUsedWithBeanNameAutoProxyCreator() {
// @formatter:off
setContext("<b:bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>"
@@ -126,7 +127,8 @@ public class MethodSecurityInterceptorWithAopConfigTests {
ITargetObject target = (ITargetObject) this.appContext.getBean("target");
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> target.makeLowerCase("TEST"));
target.makeUpperCase("test");
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
.isThrownBy(() -> target.makeUpperCase("test"));
}
private void setContext(String context) {