GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use AuthoritiesAuthorizationManager in Jsr250AuthorizationManager 

Closes gh-12782
pull/13418/head
kandaguru17 3 years ago committed by Josh Cummings
parent
208fb62db9
commit
fa2bc745f7
2 changed files with 82 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java
  2. 56
      core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java

34
core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -18,6 +18,7 @@ package org.springframework.security.authorization.method; @@ -18,6 +18,7 @@ package org.springframework.security.authorization.method;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.function.Supplier;
@ -30,7 +31,7 @@ import org.aopalliance.intercept.MethodInvocation; @@ -30,7 +31,7 @@ import org.aopalliance.intercept.MethodInvocation;
import org.springframework.aop.support.AopUtils;
import org.springframework.core.annotation.AnnotationConfigurationException;
import org.springframework.lang.NonNull;
import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthoritiesAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
@ -57,8 +58,23 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me @@ -57,8 +58,23 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me
private final Jsr250AuthorizationManagerRegistry registry = new Jsr250AuthorizationManagerRegistry();
private AuthorizationManager<Collection<String>> authoritiesAuthorizationManager = new AuthoritiesAuthorizationManager();
private String rolePrefix = "ROLE_";
/**
* Sets an {@link AuthorizationManager} that accepts a collection of authority
* strings.
* @param authoritiesAuthorizationManager the {@link AuthorizationManager} that
* accepts a collection of authority strings to use
* @since 6.1
*/
public void setAuthoritiesAuthorizationManager(
AuthorizationManager<Collection<String>> authoritiesAuthorizationManager) {
Assert.notNull(authoritiesAuthorizationManager, "authoritiesAuthorizationManager cannot be null");
this.authoritiesAuthorizationManager = authoritiesAuthorizationManager;
}
/**
* Sets the role prefix. Defaults to "ROLE_".
* @param rolePrefix the role prefix to use
@ -95,10 +111,8 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me @@ -95,10 +111,8 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me
if (annotation instanceof PermitAll) {
return (a, o) -> new AuthorizationDecision(true);
}
if (annotation instanceof RolesAllowed) {
RolesAllowed rolesAllowed = (RolesAllowed) annotation;
return AuthorityAuthorizationManager.hasAnyRole(Jsr250AuthorizationManager.this.rolePrefix,
rolesAllowed.value());
if (annotation instanceof RolesAllowed rolesAllowed) {
return (a, o) -> Jsr250AuthorizationManager.this.authoritiesAuthorizationManager.check(a, getAllowedRolesWithPrefix(rolesAllowed));
}
return NULL_MANAGER;
}
@ -145,6 +159,14 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me @@ -145,6 +159,14 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager<Me
return annotations.iterator().next();
}
private Set<String> getAllowedRolesWithPrefix(RolesAllowed rolesAllowed) {
Set<String> roles = new HashSet<>();
for (int i = 0; i < rolesAllowed.value().length; i++) {
roles.add(Jsr250AuthorizationManager.this.rolePrefix + rolesAllowed.value()[i]);
}
return roles;
}
}
}

56
core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -18,6 +18,8 @@ package org.springframework.security.authorization.method; @@ -18,6 +18,8 @@ package org.springframework.security.authorization.method;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.util.Collection;
import java.util.Set;
import java.util.function.Supplier;
import jakarta.annotation.security.DenyAll;
@ -30,11 +32,14 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation @@ -30,11 +32,14 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
/**
* Tests for {@link Jsr250AuthorizationManager}.
@ -63,6 +68,27 @@ public class Jsr250AuthorizationManagerTests { @@ -63,6 +68,27 @@ public class Jsr250AuthorizationManagerTests {
assertThat(manager).extracting("rolePrefix").isEqualTo("CUSTOM_");
}
@Test
public void setAuthoritiesAuthorizationManagerWhenNullThenException() {
Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
assertThatIllegalArgumentException().isThrownBy(() -> manager.setAuthoritiesAuthorizationManager(null))
.withMessage("authoritiesAuthorizationManager cannot be null");
}
@Test
public void setAuthoritiesAuthorizationManagerWhenNotNullThenVerifyUsage() throws Exception {
AuthorizationManager<Collection<String>> authoritiesAuthorizationManager = mock(AuthorizationManager.class);
Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
manager.setAuthoritiesAuthorizationManager(authoritiesAuthorizationManager);
MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(),
ClassLevelAnnotations.class, "rolesAllowedAdmin");
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
"ROLE_ADMIN");
AuthorizationDecision decision = manager.check(authentication, methodInvocation);
assertThat(decision).isNull();
verify(authoritiesAuthorizationManager).check(authentication, Set.of("ROLE_ADMIN"));
}
@Test
public void checkDoSomethingWhenNoJsr250AnnotationsThenNullDecision() throws Exception {
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
@ -123,7 +149,7 @@ public class Jsr250AuthorizationManagerTests { @@ -123,7 +149,7 @@ public class Jsr250AuthorizationManagerTests {
}
@Test
public void checkMultipleAnnotationsWhenInvokedThenAnnotationConfigurationException() throws Exception {
public void checkMultipleMethodAnnotationsWhenInvokedThenAnnotationConfigurationException() throws Exception {
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password",
"ROLE_ANONYMOUS");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class,
@ -133,6 +159,16 @@ public class Jsr250AuthorizationManagerTests { @@ -133,6 +159,16 @@ public class Jsr250AuthorizationManagerTests {
.isThrownBy(() -> manager.check(authentication, methodInvocation));
}
@Test
public void checkMultipleClassAnnotationsWhenInvokedThenAnnotationConfigurationException() throws Exception {
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelIllegalAnnotations(),
ClassLevelIllegalAnnotations.class, "inheritedAnnotations");
Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager();
assertThatExceptionOfType(AnnotationConfigurationException.class)
.isThrownBy(() -> manager.check(authentication, methodInvocation));
}
@Test
public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() throws Exception {
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
@ -247,6 +283,15 @@ public class Jsr250AuthorizationManagerTests { @@ -247,6 +283,15 @@ public class Jsr250AuthorizationManagerTests {
}
@MyIllegalRolesAllowed
public static class ClassLevelIllegalAnnotations {
public void inheritedAnnotations() {
}
}
public interface InterfaceAnnotationsOne {
@RolesAllowed("ADMIN")
@ -274,4 +319,11 @@ public class Jsr250AuthorizationManagerTests { @@ -274,4 +319,11 @@ public class Jsr250AuthorizationManagerTests {
}
@DenyAll
@RolesAllowed("USER")
@Retention(RetentionPolicy.RUNTIME)
public @interface MyIllegalRolesAllowed {
}
}

Write Preview
Loading…
Cancel
Save