root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

No longer required.

This commit is contained in:
Ben Alex 2004-03-27 00:43:12 +00:00
parent 94e384b944
commit e3dc29ae96
4 changed files with 0 additions and 651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

434
core/src/test/java/org/acegisecurity/vote/VoterManagerTests.java
View File

@ -1,434 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import junit.framework.TestCase;
import net.sf.acegisecurity.AccessDecisionManager;
import net.sf.acegisecurity.AccessDeniedException;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.util.List;
import java.util.Vector;
/**
* Tests voter decision managers.
*
* @author Ben Alex
* @version $Id$
*/
public class VoterManagerTests extends TestCase {
//~ Instance fields ========================================================
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===========================================================
public VoterManagerTests() {
super();
}
public VoterManagerTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext(
"/net/sf/acegisecurity/vote/applicationContext.xml");
}
public static void main(String[] args) {
junit.textui.TestRunner.run(VoterManagerTests.class);
}
public void testAbstractAccessDecisionManagerSetter()
throws Exception {
AffirmativeBased affirmative = new AffirmativeBased();
affirmative.setAllowIfAllAbstainDecisions(false);
assertTrue(!affirmative.isAllowIfAllAbstainDecisions());
affirmative.setAllowIfAllAbstainDecisions(true);
assertTrue(affirmative.isAllowIfAllAbstainDecisions());
}
public void testAbstractAccessDecisionManagerVoterListHandling()
throws Exception {
XVoter x = new XVoter();
List xVoterList = new Vector();
xVoterList.add(x);
AffirmativeBased affirmative = new AffirmativeBased();
affirmative.setDecisionVoters(xVoterList);
try {
affirmative.setDecisionVoters(null);
fail("Should have thrown IllegalArgumentException as list null");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
List sampleList = new Vector();
try {
affirmative.setDecisionVoters(sampleList);
fail("Should have thrown IllegalArgumentException as list empty");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
sampleList.add(x); // valid (is AccessDecisionVoter)
sampleList.add("Hello world"); // invalid (not AccessDecisionVoter)
try {
affirmative.setDecisionVoters(sampleList);
fail(
"Should have thrown IllegalArgumentException as list has invalid entries");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testAffirmative() throws Exception {
AffirmativeBased mgr = (AffirmativeBased) ctx.getBean(
"affirmativeBased");
ConfigAttributeDefinition config;
TestingAuthenticationToken auth;
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"), new GrantedAuthorityImpl("ROLE_MAGIC")});
// Check if we'd be given access, even with a definite deny vote
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd be denied access, with only one definite deny vote
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd get access if ROLE_2 was all that is acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if YYYY was all that is acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if everything was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
config.addConfigAttribute(new SecurityConfig("XXXX")); // grant
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if ROLE_9 was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_9")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"),});
// Check if we'd get access if ROLE_1 and 2 was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get granted access even if one returned deny
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
config.addConfigAttribute(new SecurityConfig("XXXX")); // deny
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if all returned deny
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("YYYY")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd be denied access if all abstained
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("NONE_WILL_VOTE")); // abstain
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Now check it works given we approve access if all abstain
mgr.setAllowIfAllAbstainDecisions(true);
mgr.decide(auth, null, config);
assertTrue(true);
}
public void testConsensus() throws Exception {
ConsensusBased mgr = (ConsensusBased) ctx.getBean("consensusBased");
ConfigAttributeDefinition config;
TestingAuthenticationToken auth;
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"), new GrantedAuthorityImpl("ROLE_MAGIC")});
// Check if we'd be given access, even with a definite deny vote
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd be denied access, with only one definite deny vote
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd get access if ROLE_2 was all that is acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if YYYY was all that is acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if everything was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
config.addConfigAttribute(new SecurityConfig("XXXX")); // grant
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if ROLE_9 was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_9")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"),});
// Check if we'd get access if ROLE_1 and 2 was acceptable
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get granted access even if one returned deny
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant and return
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // not tested
config.addConfigAttribute(new SecurityConfig("XXXX")); // deny
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if all returned deny
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("XXXX")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd get denied access if equal votes, after changing setting
assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
mgr.setAllowIfEqualGrantedDeniedDecisions(false);
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd be denied access if all abstained
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("NONE_WILL_VOTE")); // abstain
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Now check it works given we approve access if all abstain
mgr.setAllowIfAllAbstainDecisions(true);
mgr.decide(auth, null, config);
assertTrue(true);
}
public void testUnanimous() throws Exception {
UnanimousBased mgr = (UnanimousBased) ctx.getBean("unanimousBased");
ConfigAttributeDefinition config;
TestingAuthenticationToken auth;
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"), new GrantedAuthorityImpl("ROLE_MAGIC")});
// Check if we'd be denied access, with only one definite deny vote and many affirmative
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd get access if ROLE_2 was all that is required
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if YYYY was all that is required
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get access if everything was required
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
config.addConfigAttribute(new SecurityConfig("XXXX")); // grant
config.addConfigAttribute(new SecurityConfig("YYYY")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if ROLE_9 was required
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_9")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_1"), new GrantedAuthorityImpl(
"ROLE_2"),});
// Check if we'd get access if ROLE_1 and 2 was required
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
mgr.decide(auth, null, config);
assertTrue(true);
// Check if we'd get denied access if all any return deny at all
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
config.addConfigAttribute(new SecurityConfig("XXXX")); // deny
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Check if we'd be denied access if all abstained
config = new ConfigAttributeDefinition();
config.addConfigAttribute(new SecurityConfig("NONE_WILL_VOTE")); // abstain
try {
mgr.decide(auth, null, config);
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
// Now check it works given we approve access if all abstain
mgr.setAllowIfAllAbstainDecisions(true);
mgr.decide(auth, null, config);
assertTrue(true);
}
}

78
core/src/test/java/org/acegisecurity/vote/XVoter.java
View File

@ -1,78 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import org.aopalliance.intercept.MethodInvocation;
import java.util.Iterator;
/**
* Implementation of an {@link AccessDecisionVoter} for unit testing.
*
* <p>
* If the {@link ConfigAttribute#getAttribute()} has a value of
* <code>XXXX</code>, a granted authority that equals <code>ROLE_MAGIC</code>
* will cause a grant vote. The voter will abstain if there is no
* configuration attribute named <code>XXXX</code>.
* </p>
*
* <p>
* All comparisons are case sensitive.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class XVoter implements AccessDecisionVoter {
//~ Methods ================================================================
public boolean supports(ConfigAttribute attribute) {
if ("XXXX".equals(attribute.getAttribute())) {
return true;
} else {
return false;
}
}
public int vote(Authentication authentication, MethodInvocation invocation,
ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
for (int i = 0; i < authentication.getAuthorities().length;
i++) {
if ("ROLE_MAGIC".equals(
authentication.getAuthorities()[i].getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
}

78
core/src/test/java/org/acegisecurity/vote/YVoter.java
View File

@ -1,78 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import org.aopalliance.intercept.MethodInvocation;
import java.util.Iterator;
/**
* Implementation of an {@link AccessDecisionVoter} for unit testing.
*
* <p>
* If the {@link ConfigAttribute#getAttribute()} has a value of
* <code>YYYY</code>, a granted authority that equals <code>ROLE_MAGIC</code>
* will cause a grant vote. The voter will abstain if there is no
* configuration attribute named <code>YYYY</code>.
* </p>
*
* <p>
* All comparisons are case sensitive.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class YVoter implements AccessDecisionVoter {
//~ Methods ================================================================
public boolean supports(ConfigAttribute attribute) {
if ("YYYY".equals(attribute.getAttribute())) {
return true;
} else {
return false;
}
}
public int vote(Authentication authentication, MethodInvocation invocation,
ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
for (int i = 0; i < authentication.getAuthorities().length;
i++) {
if ("ROLE_MAGIC".equals(
authentication.getAuthorities()[i].getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
}

61
core/src/test/java/org/acegisecurity/vote/applicationContext.xml
View File

@ -1,61 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
* $Id$
-->
<beans>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings -->
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
<!-- An access decision voter that reads XXXX configuaration settings -->
<bean id="xVoter" class="net.sf.acegisecurity.vote.XVoter"/>
<!-- An access decision voter that reads YYYY configuaration settings -->
<bean id="yVoter" class="net.sf.acegisecurity.vote.YVoter"/>
<!-- An access decision voter that reads DENY_FOR_SURE configuaration settings -->
<bean id="denyVoter" class="net.sf.acegisecurity.vote.DenyVoter"/>
<bean id="unanimousBased" class="net.sf.acegisecurity.vote.UnanimousBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="denyVoter"/>
<ref bean="xVoter"/>
<ref bean="yVoter"/>
</list>
</property>
</bean>
<bean id="affirmativeBased" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="denyVoter"/>
<ref bean="xVoter"/>
<ref bean="yVoter"/>
</list>
</property>
</bean>
<bean id="consensusBased" class="net.sf.acegisecurity.vote.ConsensusBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="allowIfEqualGrantedDeniedDecisions"><value>true</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="denyVoter"/>
<ref bean="xVoter"/>
<ref bean="yVoter"/>
</list>
</property>
</bean>
</beans>