Update DefaultWebInvocationPrivilegeEvaluator to use current ServletContext

Closes gh-10208
This commit is contained in:
Marcus Da Coregio
2021-08-27 11:38:22 -03:00
committed by Marcus Hert Da Coregio
parent 6db58cbf8a
commit faec20bc69
4 changed files with 68 additions and 7 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.web.FilterInvocation.DummyRequest;
import org.springframework.security.web.util.UrlUtils;
@@ -131,4 +132,14 @@ public class FilterInvocationTests {
UrlUtils.buildRequestUrl(request);
}
@Test
public void constructorWhenServletContextProvidedThenSetServletContextInRequest() {
String contextPath = "";
String servletPath = "/path";
String method = "";
MockServletContext mockServletContext = new MockServletContext();
FilterInvocation filterInvocation = new FilterInvocation(contextPath, servletPath, method, mockServletContext);
assertThat(filterInvocation.getRequest().getServletContext()).isSameAs(mockServletContext);
}
}

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,8 +18,10 @@ package org.springframework.security.web.access;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.intercept.RunAsManager;
@@ -27,6 +29,7 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
@@ -34,9 +37,11 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyList;
import static org.mockito.ArgumentMatchers.anyObject;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
import static org.mockito.BDDMockito.willThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
/**
* Tests
@@ -106,4 +111,17 @@ public class DefaultWebInvocationPrivilegeEvaluatorTests {
assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
}
@Test
public void isAllowedWhenServletContextIsSetThenPassedFilterInvocationHasServletContext() {
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
MockServletContext servletContext = new MockServletContext();
ArgumentCaptor<FilterInvocation> filterInvocationArgumentCaptor = ArgumentCaptor
.forClass(FilterInvocation.class);
DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(this.interceptor);
wipe.setServletContext(servletContext);
wipe.isAllowed("/foo/index.jsp", token);
verify(this.adm).decide(eq(token), filterInvocationArgumentCaptor.capture(), any());
assertThat(filterInvocationArgumentCaptor.getValue().getRequest().getServletContext()).isNotNull();
}
}