Add tests for intercept-url access attribute validation

Fixes gh-18503 Signed-off-by: CHANHAN <130114269+chanani@users.noreply.github.com>
2026-05-22 21:33:16 +00:00 · 2026-01-20 13:21:55 +09:00
parent fa87c78edb
commit d5ba9dcada
6 changed files with 145 additions and 0 deletions
@@ -337,6 +337,55 @@ public class InterceptUrlConfigTests {
 		assertThat(this.spring.getContext().getBean(AuthorizationManager.class)).isNotNull();
 	}
 	/**
 	 * gh-18503
 	 */
 	@Test
 	public void configWhenInterceptUrlMissingAccessThenException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(() -> this.spring.configLocations(this.xml("MissingAccess")).autowire())
 				.withMessageContaining("access attribute cannot be empty or null");
 	}
 	/**
 	 * gh-18503
 	 */
 	@Test
 	public void configWhenInterceptUrlEmptyAccessThenException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(() -> this.spring.configLocations(this.xml("EmptyAccess")).autowire())
 				.withMessageContaining("access attribute cannot be empty or null");
 	}
 	/**
 	 * gh-18503
 	 */
 	@Test
 	public void configWhenInterceptUrlValidAccessThenLoads() {
 		assertThatNoException()
 				.isThrownBy(() -> this.spring.configLocations(this.xml("ValidAccess")).autowire());
 	}
 	/**
 	 * gh-18503
 	 */
 	@Test
 	public void configWhenUseAuthorizationManagerFalseAndMissingAccessThenException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(() -> this.spring.configLocations(this.xml("MissingAccessLegacy")).autowire())
 				.withMessageContaining("access attribute cannot be empty or null");
 	}
 	/**
 	 * gh-18503
 	 */
 	@Test
 	public void configWhenUseAuthorizationManagerFalseAndEmptyAccessThenException() {
 		assertThatExceptionOfType(BeanDefinitionParsingException.class)
 				.isThrownBy(() -> this.spring.configLocations(this.xml("EmptyAccessLegacy")).autowire())
 				.withMessageContaining("access attribute cannot be empty or null");
 	}
 	private static RequestPostProcessor adminCredentials() {
 		return httpBasic("admin", "password");
 	}
@@ -0,0 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
 		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		xmlns="http://www.springframework.org/schema/security"
 		xsi:schemaLocation="
 			http://www.springframework.org/schema/security
 			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 	<http>
 		<intercept-url pattern="/admin/**" access="" />
 	</http>
 	<user-service>
 		<user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</user-service>
 </b:beans>
@@ -0,0 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xmlns="http://www.springframework.org/schema/security"
 		 xsi:schemaLocation="
 			http://www.springframework.org/schema/security
 			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 	<http use-authorization-manager="false">
 		<intercept-url pattern="/admin/**" access=""/>
 	</http>
 	<user-service>
 		<user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</user-service>
 </b:beans>
@@ -0,0 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xmlns="http://www.springframework.org/schema/security"
 		 xsi:schemaLocation="
 			http://www.springframework.org/schema/security
 			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 	<http>
 		<intercept-url pattern="/admin/**"/>
 	</http>
 	<user-service>
 		<user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</user-service>
 </b:beans>
@@ -0,0 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xmlns="http://www.springframework.org/schema/security"
 		 xsi:schemaLocation="
 			http://www.springframework.org/schema/security
 			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 	<http use-authorization-manager="false">
 		<intercept-url pattern="/admin/**"/>
 	</http>
 	<user-service>
 		<user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</user-service>
 </b:beans>
@@ -0,0 +1,20 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <b:beans xmlns:b="http://www.springframework.org/schema/beans"
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xmlns="http://www.springframework.org/schema/security"
 		 xsi:schemaLocation="
 			http://www.springframework.org/schema/security
 			https://www.springframework.org/schema/security/spring-security.xsd
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 	<http>
 		<intercept-url pattern="/admin/**" access="hasRole('ADMIN')" />
 		<http-basic />
 	</http>
 	<user-service>
 		<user name="user" password="{noop}password" authorities="ROLE_USER"/>
 	</user-service>
 </b:beans>