SEC-1418: Deprecate GrantedAuthorityImpl in favour of final SimpleGrantedAuthority.
It should be noted that equality checks or lookups with Strings or other authority types will now fail where they would have succeeded before.
This commit is contained in:
Luke Taylor
+16
-19
@@ -15,44 +15,38 @@
|
||||
|
||||
package org.springframework.security.taglibs.authz;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.*;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Francois Beausoleil
|
||||
*/
|
||||
public class AuthorizeTagAttributeTests extends TestCase {
|
||||
public class AuthorizeTagAttributeTests {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private final JspAuthorizeTag authorizeTag = new JspAuthorizeTag();
|
||||
private TestingAuthenticationToken currentUser;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR","ROLE_RESTRICTED");
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(currentUser);
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR", "ROLE_RESTRICTED"));
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAssertsIfAllGrantedSecond() throws JspException {
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_SUPERTELLER");
|
||||
authorizeTag.setIfAnyGranted("ROLE_RESTRICTED");
|
||||
@@ -60,11 +54,13 @@ public class AuthorizeTagAttributeTests extends TestCase {
|
||||
authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAssertsIfAnyGrantedLast() throws JspException {
|
||||
authorizeTag.setIfAnyGranted("ROLE_BANKER");
|
||||
assertEquals("prevents request - principal is missing ROLE_BANKER", Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAssertsIfNotGrantedFirst() throws JspException {
|
||||
authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_RESTRICTED");
|
||||
@@ -72,21 +68,22 @@ public class AuthorizeTagAttributeTests extends TestCase {
|
||||
assertEquals("prevents request - principal has ROLE_RESTRICTED", Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAssertsIfNotGrantedIgnoresWhitespaceInAttribute()
|
||||
throws JspException {
|
||||
authorizeTag.setIfAnyGranted("\tROLE_SUPERVISOR \t, \r\n\t ROLE_TELLER ");
|
||||
assertEquals("allows request - principal has ROLE_SUPERVISOR", Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testIfAllGrantedIgnoresWhitespaceInAttribute()
|
||||
throws JspException {
|
||||
@Test
|
||||
public void testIfAllGrantedIgnoresWhitespaceInAttribute() throws JspException {
|
||||
authorizeTag.setIfAllGranted("\nROLE_SUPERVISOR\t,ROLE_RESTRICTED\t\n\r ");
|
||||
assertEquals("allows request - principal has ROLE_RESTRICTED " + "and ROLE_SUPERVISOR", Tag.EVAL_BODY_INCLUDE,
|
||||
authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testIfNotGrantedIgnoresWhitespaceInAttribute()
|
||||
throws JspException {
|
||||
@Test
|
||||
public void testIfNotGrantedIgnoresWhitespaceInAttribute() throws JspException {
|
||||
authorizeTag.setIfNotGranted(" \t ROLE_TELLER \r");
|
||||
assertEquals("allows request - principal does not have ROLE_TELLER", Tag.EVAL_BODY_INCLUDE,
|
||||
authorizeTag.doStartTag());
|
||||
|
||||
+5
-11
@@ -15,17 +15,15 @@
|
||||
|
||||
package org.springframework.security.taglibs.authz;
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.el.VariableResolver;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.springframework.mock.web.MockPageContext;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.el.VariableResolver;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
|
||||
/**
|
||||
* Test case to implement commons-el expression language expansion.
|
||||
@@ -35,7 +33,6 @@ public class AuthorizeTagExpressionLanguageTests extends TestCase {
|
||||
|
||||
private final JspAuthorizeTag authorizeTag = new JspAuthorizeTag();
|
||||
private MockPageContext pageContext;
|
||||
private TestingAuthenticationToken currentUser;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@@ -46,10 +43,7 @@ public class AuthorizeTagExpressionLanguageTests extends TestCase {
|
||||
}
|
||||
};
|
||||
authorizeTag.setPageContext(pageContext);
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123", "ROLE_TELLER");
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(currentUser);
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("abc", "123", "ROLE_TELLER"));
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
|
||||
+2
-13
@@ -16,20 +16,12 @@
|
||||
package org.springframework.security.taglibs.velocity;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*/
|
||||
public class AuthzImplAttributeTest extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
@@ -39,11 +31,8 @@ public class AuthzImplAttributeTest extends TestCase {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR","ROLE_RESTRICTED");
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(currentUser);
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR","ROLE_RESTRICTED"));
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
|
||||
+2
-13
@@ -16,30 +16,19 @@
|
||||
package org.springframework.security.taglibs.velocity;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*/
|
||||
public class AuthzImplAuthorizeTagTest extends TestCase {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authz authz = new AuthzImpl();
|
||||
private TestingAuthenticationToken currentUser;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
currentUser = new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR", "ROLE_TELLER");
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(currentUser);
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
new TestingAuthenticationToken("abc", "123", "ROLE_SUPERVISOR", "ROLE_TELLER"));
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
|
||||
Reference in New Issue
Block a user