Luke Taylor
18 years ago
2 changed files with 78 additions and 0 deletions
@ -0,0 +1,26 @@ |
|||||||
|
package org.springframework.security.integration; |
||||||
|
|
||||||
|
import org.junit.Test; |
||||||
|
import org.junit.runner.RunWith; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import org.springframework.security.AccessDeniedException; |
||||||
|
import org.springframework.security.concurrent.SessionRegistry; |
||||||
|
import org.springframework.security.context.SecurityContextHolder; |
||||||
|
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; |
||||||
|
import org.springframework.test.context.ContextConfiguration; |
||||||
|
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; |
||||||
|
|
||||||
|
@ContextConfiguration(locations={"/sec-936-app-context.xml"}) |
||||||
|
@RunWith(SpringJUnit4ClassRunner.class) |
||||||
|
public class SEC936ApplicationContextTests { |
||||||
|
@Autowired |
||||||
|
/** SessionRegistry is used as the test service interface (nothing to do with the test) */ |
||||||
|
private SessionRegistry sessionRegistry; |
||||||
|
|
||||||
|
@Test(expected=AccessDeniedException.class) |
||||||
|
public void securityInterceptorHandlesCallWithNoTargetObject() { |
||||||
|
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("bob","bobspassword")); |
||||||
|
sessionRegistry.getAllPrincipals(); |
||||||
|
} |
||||||
|
|
||||||
|
} |
||||||
@ -0,0 +1,52 @@ |
|||||||
|
<beans xmlns="http://www.springframework.org/schema/beans" |
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||||
|
xmlns:util="http://www.springframework.org/schema/util" |
||||||
|
xmlns:security="http://www.springframework.org/schema/security" |
||||||
|
xsi:schemaLocation=" |
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd |
||||||
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd |
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"> |
||||||
|
|
||||||
|
<security:authentication-provider> |
||||||
|
<security:user-service> |
||||||
|
<security:user name="bob" password="bobspassword" authorities="ROLE_A,ROLE_B"/> |
||||||
|
</security:user-service> |
||||||
|
</security:authentication-provider> |
||||||
|
|
||||||
|
<security:authentication-manager alias="authenticationManager"/> |
||||||
|
|
||||||
|
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> |
||||||
|
<property name="allowIfAllAbstainDecisions" value="false"/> |
||||||
|
<property name="decisionVoters"> |
||||||
|
<util:list> |
||||||
|
<bean class="org.springframework.security.vote.RoleVoter" /> |
||||||
|
<bean class="org.springframework.security.vote.AuthenticatedVoter" /> |
||||||
|
</util:list> |
||||||
|
</property> |
||||||
|
</bean> |
||||||
|
|
||||||
|
<bean id="securityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor"> |
||||||
|
<property name="validateConfigAttributes" value="true"/> |
||||||
|
<property name="rejectPublicInvocations" value="true"/> |
||||||
|
<property name="authenticationManager" ref="authenticationManager"/> |
||||||
|
<property name="accessDecisionManager" ref="accessDecisionManager"/> |
||||||
|
<property name="objectDefinitionSource"><value> |
||||||
|
org.springframework.security.concurrent.SessionRegistry.get*=ROLE_C |
||||||
|
</value></property> |
||||||
|
</bean> |
||||||
|
|
||||||
|
<bean id="httpRemoteService" class="org.springframework.aop.framework.ProxyFactoryBean"> |
||||||
|
<property name="proxyInterfaces" value="org.springframework.security.concurrent.SessionRegistry"/> |
||||||
|
<property name="interceptorNames"> |
||||||
|
<list> |
||||||
|
<value>securityInterceptor</value> |
||||||
|
<value>httpInvokerClientInterceptor</value> |
||||||
|
</list> |
||||||
|
</property> |
||||||
|
</bean> |
||||||
|
|
||||||
|
<bean id="httpInvokerClientInterceptor" class="org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor"> |
||||||
|
<property name="serviceUrl" value="http://somehost/someUrl"/> |
||||||
|
</bean> |
||||||
|
|
||||||
|
</beans> |
||||||
Loading…
Reference in new issue