@SuppressWarnings("unchecked") @Test public void preSendPostSendRunAs() throws Exception { when(source.getAttributes(message)).thenReturn(attrs); when( runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs); Message<?> preSend = interceptor.preSend(message, channel); assertThat(SecurityContextHolder.getContext().getAuthentication()) .isSameAs(runAs); interceptor.postSend(preSend, channel, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs( originalAuth); }
@Test public void testSupports() throws Exception { RunAsManager runAs = new RunAsManagerImpl(); assertThat(runAs.supports(new SecurityConfig("RUN_AS_SOMETHING"))).isTrue(); assertThat(!runAs.supports(new SecurityConfig("ROLE_WHICH_IS_IGNORED"))).isTrue(); assertThat(!runAs.supports(new SecurityConfig("role_LOWER_CASE_FAILS"))).isTrue(); } }
@SuppressWarnings("unchecked") @Test public void preSendFinallySendRunAs() throws Exception { when(source.getAttributes(message)).thenReturn(attrs); when( runAsManager.buildRunAs(any(Authentication.class), any(), any(Collection.class))).thenReturn(runAs); Message<?> preSend = interceptor.preSend(message, channel); assertThat(SecurityContextHolder.getContext().getAuthentication()) .isSameAs(runAs); interceptor.afterSendCompletion(preSend, channel, true, new RuntimeException()); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs( originalAuth); }
@Test(expected = IllegalArgumentException.class) public void intitalizationRejectsRunAsManagerThatDoesNotSupportMethodInvocation() throws Exception { final RunAsManager ram = mock(RunAsManager.class); when(ram.supports(MethodInvocation.class)).thenReturn(false); interceptor.setRunAsManager(ram); interceptor.afterPropertiesSet(); }
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
() -> "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass()); Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), () -> "RunAsManager does not support secure object class: " + getSecureObjectClass()); if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager
@Test public void runAsReplacementIsCorrectlySet() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); String result = advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
() -> "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass()); Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), () -> "RunAsManager does not support secure object class: " + getSecureObjectClass()); if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager
@Test @SuppressWarnings("unchecked") public void invokeRunAsReplacementCleansAfterException() throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(joinPoint.proceed()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); } }
Assert.isTrue(this.obtainSecurityMetadataSource().supports(getSecureObjectClass()), "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass()); Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), "RunAsManager does not support secure object class: " + getSecureObjectClass()); Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()), if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) { unsupportedAttrs.add(attr);
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
() -> "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass()); Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), () -> "RunAsManager does not support secure object class: " + getSecureObjectClass()); if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager
@Test @SuppressWarnings("unchecked") public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint, aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test public void runAsReplacementCleansAfterException() throws Exception { createTarget(true); when(realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException()); SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); try { advisedTarget.makeUpperCase("hello"); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);