@ -16,8 +16,6 @@
@@ -16,8 +16,6 @@
package org.springframework.security.config.annotation.method.configuration ;
import java.io.Serializable ;
import org.junit.jupiter.api.Test ;
import org.junit.jupiter.api.extension.ExtendWith ;
import reactor.test.StepVerifier ;
@ -31,11 +29,17 @@ import org.springframework.security.access.expression.method.DefaultMethodSecuri
@@ -31,11 +29,17 @@ import org.springframework.security.access.expression.method.DefaultMethodSecuri
import org.springframework.security.authorization.AuthorizationDeniedException ;
import org.springframework.security.config.test.SpringTestContext ;
import org.springframework.security.config.test.SpringTestContextExtension ;
import org.springframework.security.core.Authentication ;
import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners ;
import org.springframework.security.test.context.support.WithMockUser ;
import org.springframework.test.context.junit.jupiter.SpringExtension ;
import static org.mockito.ArgumentMatchers.any ;
import static org.mockito.ArgumentMatchers.eq ;
import static org.mockito.BDDMockito.given ;
import static org.mockito.Mockito.mock ;
import static org.mockito.Mockito.times ;
import static org.mockito.Mockito.verify ;
@ExtendWith ( { SpringExtension . class , SpringTestContextExtension . class } )
@SecurityTestExecutionListeners
public class PrePostReactiveMethodSecurityConfigurationTests {
@ -211,13 +215,17 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
@@ -211,13 +215,17 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
@Test
@WithMockUser ( roles = "ADMIN" )
public void customMethodSecurityExpressionHandler ( ) {
public void preAuthorizeWhenCustomMethodSecurityExpressionHandlerThenUses ( ) {
this . spring . register ( MethodSecurityServiceEnabledConfig . class , PermissionEvaluatorConfig . class ) . autowire ( ) ;
ReactiveMethodSecurityService service = this . spring . getContext ( ) . getBean ( ReactiveMethodSecurityService . class ) ;
PermissionEvaluator permissionEvaluator = this . spring . getContext ( ) . getBean ( PermissionEvaluator . class ) ;
given ( permissionEvaluator . hasPermission ( any ( ) , eq ( "grant" ) , any ( ) ) ) . willReturn ( true ) ;
given ( permissionEvaluator . hasPermission ( any ( ) , eq ( "deny" ) , any ( ) ) ) . willReturn ( false ) ;
StepVerifier . create ( service . preAuthorizeHasPermission ( "grant" ) ) . expectNext ( "ok" ) . verifyComplete ( ) ;
StepVerifier . create ( service . preAuthorizeHasPermission ( "deny" ) )
. expectError ( AuthorizationDeniedException . class )
. verify ( ) ;
verify ( permissionEvaluator , times ( 2 ) ) . hasPermission ( any ( ) , any ( ) , any ( ) ) ;
}
@Configuration
@ -234,23 +242,17 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
@@ -234,23 +242,17 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
@Configuration
static class PermissionEvaluatorConfig {
@Bean
static PermissionEvaluator permissionEvaluator ( ) {
return mock ( PermissionEvaluator . class ) ;
}
@Bean
@Role ( BeanDefinition . ROLE_INFRASTRUCTURE )
static DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler ( ) {
static DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler (
PermissionEvaluator permissionEvaluator ) {
DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler ( ) ;
handler . setPermissionEvaluator ( new PermissionEvaluator ( ) {
@Override
public boolean hasPermission ( Authentication authentication , Object targetDomainObject ,
Object permission ) {
return "grant" . equals ( targetDomainObject ) ;
}
@Override
public boolean hasPermission ( Authentication authentication , Serializable targetId , String targetType ,
Object permission ) {
throw new UnsupportedOperationException ( ) ;
}
} ) ;
handler . setPermissionEvaluator ( permissionEvaluator ) ;
return handler ;
}
Josh Cummings
1 year ago