Make single definition of defaultRolePrefix and rolePrefix
Previous to this commit, role prefix had to be set in every class causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to define the role prefix in a single point. Fixes gh-3701
This commit is contained in:
@@ -33,6 +33,7 @@ import org.springframework.expression.Expression;
|
||||
import org.springframework.expression.ExpressionParser;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.config.GrantedAuthorityDefaults;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
@@ -62,7 +63,7 @@ public class DefaultWebSecurityExpressionHandlerTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void expressionPropertiesAreResolvedAgainsAppContextBeans() throws Exception {
|
||||
public void expressionPropertiesAreResolvedAgainstAppContextBeans() throws Exception {
|
||||
StaticApplicationContext appContext = new StaticApplicationContext();
|
||||
RootBeanDefinition bean = new RootBeanDefinition(SecurityConfig.class);
|
||||
bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A");
|
||||
@@ -95,4 +96,22 @@ public class DefaultWebSecurityExpressionHandlerTests {
|
||||
|
||||
verify(trustResolver).isAnonymous(authentication);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultRolePrefix() {
|
||||
StaticApplicationContext appContext = new StaticApplicationContext();
|
||||
RootBeanDefinition bean = new RootBeanDefinition(GrantedAuthorityDefaults.class);
|
||||
bean.getConstructorArgumentValues().addGenericArgumentValue("ROL_");
|
||||
appContext.registerBeanDefinition("authorityDefaults", bean);
|
||||
handler.setApplicationContext(appContext);
|
||||
|
||||
EvaluationContext ctx = handler.createEvaluationContext(
|
||||
mock(Authentication.class), mock(FilterInvocation.class));
|
||||
ExpressionParser parser = handler.getExpressionParser();
|
||||
assertThat(parser.parseExpression("@authorityDefaults.getRolePrefix() == 'ROL_'").getValue(
|
||||
ctx, Boolean.class)).isTrue();
|
||||
assertThat(parser.parseExpression("@authorityDefaults.rolePrefix == 'ROL_'").getValue(ctx,
|
||||
Boolean.class)).isTrue();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -36,6 +36,9 @@ import org.powermock.core.classloader.annotations.PrepareForTest;
|
||||
import org.powermock.modules.junit4.PowerMockRunner;
|
||||
import org.powermock.reflect.internal.WhiteboxImpl;
|
||||
|
||||
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
@@ -43,11 +46,13 @@ import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.concurrent.DelegatingSecurityContextRunnable;
|
||||
import org.springframework.security.config.GrantedAuthorityDefaults;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -67,6 +72,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Rob Winch
|
||||
* @author Eddú Meléndez
|
||||
*/
|
||||
@RunWith(PowerMockRunner.class)
|
||||
@PrepareForTest(ClassUtils.class)
|
||||
@@ -195,7 +201,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
||||
|
||||
// SEC-2296
|
||||
@Test
|
||||
public void loginWithExstingUser() throws Exception {
|
||||
public void loginWithExistingUser() throws Exception {
|
||||
TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
|
||||
"password", "ROLE_USER");
|
||||
when(this.authenticationManager
|
||||
@@ -415,4 +421,31 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
||||
|
||||
return this.requestCaptor.getValue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultRolePrefix() {
|
||||
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
|
||||
context.register(FilterConfiguration.class);
|
||||
context.refresh();
|
||||
|
||||
SecurityContextHolderAwareRequestFilter filter = context.getBean(SecurityContextHolderAwareRequestFilter.class);
|
||||
GrantedAuthorityDefaults authorityDefaults = (GrantedAuthorityDefaults) ReflectionTestUtils.getField(filter, "rolePrefix");
|
||||
assertThat(authorityDefaults.getRolePrefix()).isEqualTo("ROL_");
|
||||
}
|
||||
|
||||
@Configuration
|
||||
static class FilterConfiguration {
|
||||
|
||||
@Bean
|
||||
public GrantedAuthorityDefaults authorityDefaults() {
|
||||
return new GrantedAuthorityDefaults("ROL_");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityContextHolderAwareRequestFilter requestFilter() {
|
||||
return new SecurityContextHolderAwareRequestFilter();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user