Make single definition of defaultRolePrefix and rolePrefix

Previous to this commit, role prefix had to be set in every class
causing repetition. Now, bean `GrantedAuthorityDefaults` can be used to
define the role prefix in a single point.

Fixes gh-3701
This commit is contained in:
Eddú Meléndez
2016-06-21 16:55:16 +10:00
committed by Rob Winch
parent 2e6656e9d3
commit eabeaf35d6
13 changed files with 362 additions and 29 deletions

View File

@@ -33,6 +33,7 @@ import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.config.GrantedAuthorityDefaults;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
@@ -62,7 +63,7 @@ public class DefaultWebSecurityExpressionHandlerTests {
}
@Test
public void expressionPropertiesAreResolvedAgainsAppContextBeans() throws Exception {
public void expressionPropertiesAreResolvedAgainstAppContextBeans() throws Exception {
StaticApplicationContext appContext = new StaticApplicationContext();
RootBeanDefinition bean = new RootBeanDefinition(SecurityConfig.class);
bean.getConstructorArgumentValues().addGenericArgumentValue("ROLE_A");
@@ -95,4 +96,22 @@ public class DefaultWebSecurityExpressionHandlerTests {
verify(trustResolver).isAnonymous(authentication);
}
@Test
public void testDefaultRolePrefix() {
StaticApplicationContext appContext = new StaticApplicationContext();
RootBeanDefinition bean = new RootBeanDefinition(GrantedAuthorityDefaults.class);
bean.getConstructorArgumentValues().addGenericArgumentValue("ROL_");
appContext.registerBeanDefinition("authorityDefaults", bean);
handler.setApplicationContext(appContext);
EvaluationContext ctx = handler.createEvaluationContext(
mock(Authentication.class), mock(FilterInvocation.class));
ExpressionParser parser = handler.getExpressionParser();
assertThat(parser.parseExpression("@authorityDefaults.getRolePrefix() == 'ROL_'").getValue(
ctx, Boolean.class)).isTrue();
assertThat(parser.parseExpression("@authorityDefaults.rolePrefix == 'ROL_'").getValue(ctx,
Boolean.class)).isTrue();
}
}

View File

@@ -36,6 +36,9 @@ import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.powermock.reflect.internal.WhiteboxImpl;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AuthenticationManager;
@@ -43,11 +46,13 @@ import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.concurrent.DelegatingSecurityContextRunnable;
import org.springframework.security.config.GrantedAuthorityDefaults;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.util.ClassUtils;
import static org.assertj.core.api.Assertions.assertThat;
@@ -67,6 +72,7 @@ import static org.powermock.api.mockito.PowerMockito.when;
*
* @author Ben Alex
* @author Rob Winch
* @author Eddú Meléndez
*/
@RunWith(PowerMockRunner.class)
@PrepareForTest(ClassUtils.class)
@@ -195,7 +201,7 @@ public class SecurityContextHolderAwareRequestFilterTests {
// SEC-2296
@Test
public void loginWithExstingUser() throws Exception {
public void loginWithExistingUser() throws Exception {
TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user",
"password", "ROLE_USER");
when(this.authenticationManager
@@ -415,4 +421,31 @@ public class SecurityContextHolderAwareRequestFilterTests {
return this.requestCaptor.getValue();
}
@Test
public void testDefaultRolePrefix() {
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
context.register(FilterConfiguration.class);
context.refresh();
SecurityContextHolderAwareRequestFilter filter = context.getBean(SecurityContextHolderAwareRequestFilter.class);
GrantedAuthorityDefaults authorityDefaults = (GrantedAuthorityDefaults) ReflectionTestUtils.getField(filter, "rolePrefix");
assertThat(authorityDefaults.getRolePrefix()).isEqualTo("ROL_");
}
@Configuration
static class FilterConfiguration {
@Bean
public GrantedAuthorityDefaults authorityDefaults() {
return new GrantedAuthorityDefaults("ROL_");
}
@Bean
public SecurityContextHolderAwareRequestFilter requestFilter() {
return new SecurityContextHolderAwareRequestFilter();
}
}
}