@Test public void allowsAccessUsingCreate() throws Exception { Object object = new TargetObject(); final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar"); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); when(mds.getAttributes(mi)).thenReturn(role); mipe.setSecurityInterceptor(interceptor); mipe.afterPropertiesSet(); assertThat(mipe.isAllowed(mi, token)).isTrue(); }
@Test public void allowsAccessUsingCreateFromClass() throws Exception { final MethodInvocation mi = MethodInvocationUtils.createFromClass( new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" }); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(interceptor); when(mds.getAttributes(mi)).thenReturn(role); assertThat(mipe.isAllowed(mi, token)).isTrue(); }
@Test public void declinesAccessUsingCreate() throws Exception { Object object = new TargetObject(); final MethodInvocation mi = MethodInvocationUtils.create(object, "makeLowerCase", "foobar"); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(interceptor); when(mds.getAttributes(mi)).thenReturn(role); doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role); assertThat(mipe.isAllowed(mi, token)).isFalse(); }
@Test public void declinesAccessUsingCreateFromClass() throws Exception { final MethodInvocation mi = MethodInvocationUtils.createFromClass( new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" }); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(interceptor); when(mds.getAttributes(mi)).thenReturn(role); doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role); assertThat(mipe.isAllowed(mi, token)).isFalse(); } }