GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Deleted attributes sample

2.0.x
Luke Taylor 18 years ago
parent
6ecfa0541f
commit
014f21ee85
7 changed files with 0 additions and 398 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      samples/attributes/.cvsignore
  2. 42
      samples/attributes/pom.xml
  3. 48
      samples/attributes/src/main/java/sample/attributes/BankService.java
  4. 35
      samples/attributes/src/main/java/sample/attributes/BankServiceImpl.java
  5. 76
      samples/attributes/src/main/java/sample/attributes/Main.java
  6. 97
      samples/attributes/src/main/resources/applicationContext.xml
  7. 96
      samples/attributes/src/test/java/sample/attributes/BankTests.java

4
samples/attributes/.cvsignore
Unescape View File

@ -1,4 +0,0 @@ @@ -1,4 +0,0 @@
classes
generated
reports
target

42
samples/attributes/pom.xml
Unescape View File

@ -1,42 +0,0 @@ @@ -1,42 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-samples</artifactId>
<version>2.0-SNAPSHOT</version>
</parent>
<artifactId>spring-security-sample-attributes</artifactId>
<name>Spring Security - Attributes sample</name>
<dependencies>
<dependency>
<groupId>xdoclet</groupId>
<artifactId>xjavadoc</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-compiler</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-api</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>commons-attributes</groupId>
<artifactId>commons-attributes-plugin</artifactId>
<version>2.1</version>
<type>plugin</type>
</dependency>
</dependencies>
</project>

48
samples/attributes/src/main/java/sample/attributes/BankService.java
Unescape View File

@ -1,48 +0,0 @@ @@ -1,48 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.attributes;
/**
* DOCUMENT ME!
*
* @author Cameron Braid
* @author Ben Alex
* @version $Id$
*
*/
public interface BankService {
//~ Methods ========================================================================================================
/**
* The SecurityConfig below will be merged with the interface-level SecurityConfig above by Commons Attributes.
* ie: this is equivalent to defining BankService=ROLE_TELLER,ROLE_PERMISSION_BALANACE in the bean context.
*
* @return DOCUMENT ME!
*
* @@net.sf.acegisecurity.SecurityConfig("ROLE_PERMISSION_BALANCE")
*/
float balance(String accountNumber);
/**
* The SecurityConfig below will be merged with the interface-level SecurityConfig above by Commons Attributes.
* ie: this is equivalent to defining BankService=ROLE_TELLER,ROLE_PERMISSION_LIST in the bean context.
*
* @return DOCUMENT ME!
*
* @@net.sf.acegisecurity.SecurityConfig("ROLE_PERMISSION_LIST")
*/
String[] listAccounts();
}

35
samples/attributes/src/main/java/sample/attributes/BankServiceImpl.java
Unescape View File

@ -1,35 +0,0 @@ @@ -1,35 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.attributes;
/**
* DOCUMENT ME!
*
* @author Cameron Braid
* @author Ben Alex
* @version $Id$
*/
public class BankServiceImpl implements BankService {
//~ Methods ========================================================================================================
public float balance(String accountNumber) {
return 42000000;
}
public String[] listAccounts() {
return new String[] {"1", "2", "3"};
}
}

76
samples/attributes/src/main/java/sample/attributes/Main.java
Unescape View File

@ -1,76 +0,0 @@ @@ -1,76 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.attributes;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* DOCUMENT ME!
*
* @author Cameron Braid
* @author Ben Alex
* @version $Id$
*/
public class Main {
//~ Methods ========================================================================================================
/**
* This can be done in a web app by using a filter or <code>SpringMvcIntegrationInterceptor</code>.
*/
private static void createSecureContext() {
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public static void main(String[] args) throws Exception {
createSecureContext();
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("applicationContext.xml");
BankService service = (BankService) context.getBean("bankService");
// will succeed
service.listAccounts();
// will fail
try {
System.out.println(
"We expect an AccessDeniedException now, as we do not hold the ROLE_PERMISSION_BALANCE granted authority, and we're using a unanimous access decision manager... ");
service.balance("1");
} catch (AccessDeniedException e) {
e.printStackTrace();
}
destroySecureContext();
}
}

97
samples/attributes/src/main/resources/applicationContext.xml
Unescape View File

@ -1,97 +0,0 @@ @@ -1,97 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*
* $Id$
-->
<beans>
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
<!-- RunAsManager -->
<bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
<!-- This authentication provider accepts any presented TestingAuthenticationToken -->
<bean id="testingAuthenticationProvider" class="org.springframework.security.providers.TestingAuthenticationProvider"/>
<!-- The authentication manager that iterates through our only authentication provider -->
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="testingAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings -->
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
<!-- A unanimous access decision manager -->
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>
<!-- ===================== SECURITY DEFINITIONS ======================= -->
<bean id="attributes" class="org.springframework.metadata.commons.CommonsAttributes"/>
<bean id="objectDefinitionSource" class="org.springframework.security.intercept.method.MethodDefinitionAttributes">
<property name="attributes"><ref local="attributes"/></property>
</bean>
<!-- We don't validate config attributes, as it's unsupported by MethodDefinitionAttributes -->
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="validateConfigAttributes"><value>false</value></property>
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="runAsManager"><ref local="runAsManager"/></property>
<property name="objectDefinitionSource"><ref local="objectDefinitionSource"/></property>
</bean>
<bean id="bankService" class="sample.attributes.BankServiceImpl"/>
<!--
This bean is a postprocessor that will automatically apply relevant advisors
to any bean in child factories.
-->
<bean id="autoproxy"
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
</bean>
<!--
AOP advisor that will automatically wire the MethodSecurityInterceptor (above)
into BankServiceImpl (above). The configuration attributes used are obtained
from the securityInterceptor.objectDefinitionSouce, which in the
above configuration is a Commons Attributes-based source.
-->
<bean id="methodSecurityAdvisor"
class="org.springframework.security.intercept.method.aopalliance.MethodDefinitionSourceAdvisor"
autowire="constructor" >
</bean>
</beans>

96
samples/attributes/src/test/java/sample/attributes/BankTests.java
Unescape View File

@ -1,96 +0,0 @@ @@ -1,96 +0,0 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.attributes;
import junit.framework.TestCase;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.acegisecurity.providers.TestingAuthenticationToken;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* Tests security objects.
*
* @author Ben Alex
* @version $Id$
*/
public class BankTests extends TestCase {
//~ Instance fields ================================================================================================
private BankService service;
private ClassPathXmlApplicationContext ctx;
//~ Constructors ===================================================================================================
public BankTests() {
}
public BankTests(String arg0) {
super(arg0);
}
//~ Methods ========================================================================================================
public final void setUp() throws Exception {
super.setUp();
ctx = new ClassPathXmlApplicationContext("applicationContext.xml");
service = (BankService) ctx.getBean("bankService");
}
public void tearDown() {
SecurityContextHolder.clearContext();
}
private static void createSecureContext() {
TestingAuthenticationToken auth = new TestingAuthenticationToken("test", "test",
new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE_PERMISSION_LIST")
});
SecurityContextHolder.getContext().setAuthentication(auth);
}
private static void destroySecureContext() {
SecurityContextHolder.setContext(new SecurityContextImpl());
}
public void testDeniedAccess() throws Exception {
createSecureContext();
try {
service.balance("1");
fail("Should have thrown AccessDeniedException");
} catch (AccessDeniedException expected) {
assertTrue(true);
}
destroySecureContext();
}
public void testListAccounts() throws Exception {
createSecureContext();
service.listAccounts();
destroySecureContext();
}
}
Write Preview
Loading…
Cancel
Save