Commit f1012c10 authored by Phillip Webb's avatar Phillip Webb

Polish

parent 031c9bf1
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
...@@ -128,7 +128,8 @@ public class MvcEndpointSecurityInterceptor extends HandlerInterceptorAdapter { ...@@ -128,7 +128,8 @@ public class MvcEndpointSecurityInterceptor extends HandlerInterceptorAdapter {
private class AuthoritiesValidator { private class AuthoritiesValidator {
private boolean hasAuthority(String role) { private boolean hasAuthority(String role) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); Authentication authentication = SecurityContextHolder.getContext()
.getAuthentication();
if (authentication != null) { if (authentication != null) {
for (GrantedAuthority authority : authentication.getAuthorities()) { for (GrantedAuthority authority : authentication.getAuthorities()) {
if (authority.getAuthority().equals(role)) { if (authority.getAuthority().equals(role)) {
......
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
...@@ -130,11 +130,13 @@ public class MvcEndpointSecurityInterceptorTests { ...@@ -130,11 +130,13 @@ public class MvcEndpointSecurityInterceptorTests {
} }
@Test @Test
public void sensitiveEndpointIfRoleNotCorrectShouldCheckAuthorities() throws Exception { public void sensitiveEndpointIfRoleNotCorrectShouldCheckAuthorities()
throws Exception {
Principal principal = mock(Principal.class); Principal principal = mock(Principal.class);
this.request.setUserPrincipal(principal); this.request.setUserPrincipal(principal);
Authentication authentication = mock(Authentication.class); Authentication authentication = mock(Authentication.class);
Set<SimpleGrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("SUPER_HERO")); Set<SimpleGrantedAuthority> authorities = Collections
.singleton(new SimpleGrantedAuthority("SUPER_HERO"));
doReturn(authorities).when(authentication).getAuthorities(); doReturn(authorities).when(authentication).getAuthorities();
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
assertThat(this.securityInterceptor.preHandle(this.request, this.response, assertThat(this.securityInterceptor.preHandle(this.request, this.response,
...@@ -142,11 +144,13 @@ public class MvcEndpointSecurityInterceptorTests { ...@@ -142,11 +144,13 @@ public class MvcEndpointSecurityInterceptorTests {
} }
@Test @Test
public void sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess() throws Exception { public void sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess()
throws Exception {
Principal principal = mock(Principal.class); Principal principal = mock(Principal.class);
this.request.setUserPrincipal(principal); this.request.setUserPrincipal(principal);
Authentication authentication = mock(Authentication.class); Authentication authentication = mock(Authentication.class);
Set<SimpleGrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("HERO")); Set<SimpleGrantedAuthority> authorities = Collections
.singleton(new SimpleGrantedAuthority("HERO"));
doReturn(authorities).when(authentication).getAuthorities(); doReturn(authorities).when(authentication).getAuthorities();
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
assertThat(this.securityInterceptor.preHandle(this.request, this.response, assertThat(this.securityInterceptor.preHandle(this.request, this.response,
......
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
...@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat; ...@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
/** /**
* Tests for {@link MvcEndpointSecurityInterceptor} when Spring Security is not available.
*
* @author Madhura Bhave * @author Madhura Bhave
*/ */
@RunWith(ModifiedClassPathRunner.class) @RunWith(ModifiedClassPathRunner.class)
...@@ -77,7 +79,8 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests { ...@@ -77,7 +79,8 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
} }
@Test @Test
public void sensitiveEndpointIfRoleNotPresentShouldNotValidateAuthorities() throws Exception { public void sensitiveEndpointIfRoleNotPresentShouldNotValidateAuthorities()
throws Exception {
Principal principal = mock(Principal.class); Principal principal = mock(Principal.class);
this.request.setUserPrincipal(principal); this.request.setUserPrincipal(principal);
this.servletContext.declareRoles("HERO"); this.servletContext.declareRoles("HERO");
...@@ -105,5 +108,5 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests { ...@@ -105,5 +108,5 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
} }
} }
}
}
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
......
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
......
/* /*
* Copyright 2012-2016 the original author or authors. * Copyright 2012-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
package org.springframework.boot.maven; package org.springframework.boot.maven;
import java.util.Iterator; import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.StringTokenizer; import java.util.StringTokenizer;
...@@ -87,29 +87,15 @@ public abstract class AbstractDependencyFilterMojo extends AbstractMojo { ...@@ -87,29 +87,15 @@ public abstract class AbstractDependencyFilterMojo extends AbstractMojo {
this.excludeArtifactIds = excludeArtifactIds; this.excludeArtifactIds = excludeArtifactIds;
} }
@SuppressWarnings("unchecked")
protected Set<Artifact> filterDependencies(Set<Artifact> dependencies, protected Set<Artifact> filterDependencies(Set<Artifact> dependencies,
FilterArtifacts filters) throws MojoExecutionException { FilterArtifacts filters) throws MojoExecutionException {
List<ArtifactsFilter> artifactsFilters = filters.getFilters();
try { try {
for (ArtifactsFilter filter : artifactsFilters) { Set<Artifact> filtered = new LinkedHashSet<Artifact>(dependencies);
Set<Artifact> result = filter.filter(dependencies); filtered.retainAll(filters.filter(dependencies));
applyFiltering(dependencies, result); return filtered;
}
return dependencies;
}
catch (ArtifactFilterException e) {
throw new MojoExecutionException(e.getMessage(), e);
} }
} catch (ArtifactFilterException ex) {
throw new MojoExecutionException(ex.getMessage(), ex);
private void applyFiltering(Set<Artifact> original, Set<Artifact> filtered) {
Iterator<Artifact> iterator = original.iterator();
while (iterator.hasNext()) {
Artifact element = iterator.next();
if (!filtered.contains(element)) {
iterator.remove();
}
} }
} }
......
...@@ -103,7 +103,7 @@ public class DependencyFilterMojoTests { ...@@ -103,7 +103,7 @@ public class DependencyFilterMojoTests {
} }
@Test @Test
public void filterExcludeKeepOrder() throws MojoExecutionException { public void filterExcludeKeepOrder() throws MojoExecutionException {
Exclude exclude = new Exclude(); Exclude exclude = new Exclude();
exclude.setGroupId("com.bar"); exclude.setGroupId("com.bar");
exclude.setArtifactId("two"); exclude.setArtifactId("two");
...@@ -121,7 +121,8 @@ public class DependencyFilterMojoTests { ...@@ -121,7 +121,8 @@ public class DependencyFilterMojoTests {
return createArtifact(groupId, artifactId, null); return createArtifact(groupId, artifactId, null);
} }
private static Artifact createArtifact(String groupId, String artifactId, String scope) { private static Artifact createArtifact(String groupId, String artifactId,
String scope) {
Artifact a = mock(Artifact.class); Artifact a = mock(Artifact.class);
given(a.getGroupId()).willReturn(groupId); given(a.getGroupId()).willReturn(groupId);
given(a.getArtifactId()).willReturn(artifactId); given(a.getArtifactId()).willReturn(artifactId);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment