MethodInvocation mi = createFromClass(null, clazz, methodName, null, null);
MethodInvocation mi = createFromClass(null, clazz, methodName, null, null);
@Test(expected = IllegalArgumentException.class) public void exceptionIsRaisedIfArgInfoOmittedAndMethodNameIsNotUnique() { MethodInvocationUtils.createFromClass(BusinessServiceImpl.class, "methodReturningAList"); }
@Test public void createFromClassReturnsMethodIfArgInfoOmittedAndMethodNameIsUnique() { MethodInvocation mi = MethodInvocationUtils.createFromClass( BusinessServiceImpl.class, "methodReturningAnArray"); assertThat(mi).isNotNull(); }
@Test public void createFromClassReturnsMethodIfGivenArgInfoForMethodWithArgs() { MethodInvocation mi = MethodInvocationUtils.createFromClass(null, String.class, "compareTo", new Class<?>[] { String.class }, new Object[] { "" }); assertThat(mi).isNotNull(); }
return createFromClass(object, target, methodName, classArgs, args);
@Test public void createFromClassReturnsMethodWithNoArgInfoForMethodWithNoArgs() { new MethodInvocationUtils(); MethodInvocation mi = MethodInvocationUtils.createFromClass(String.class, "length"); assertThat(mi).isNotNull(); }
return createFromClass(object, target, methodName, classArgs, args);
@Test public void allowsAccessUsingCreateFromClass() throws Exception { final MethodInvocation mi = MethodInvocationUtils.createFromClass( new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "Hello world" }); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(interceptor); when(mds.getAttributes(mi)).thenReturn(role); assertThat(mipe.isAllowed(mi, token)).isTrue(); }
@Test public void declinesAccessUsingCreateFromClass() throws Exception { final MethodInvocation mi = MethodInvocationUtils.createFromClass( new OtherTargetObject(), ITargetObject.class, "makeLowerCase", new Class[] { String.class }, new Object[] { "helloWorld" }); MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator(); mipe.setSecurityInterceptor(interceptor); when(mds.getAttributes(mi)).thenReturn(role); doThrow(new AccessDeniedException("rejected")).when(adm).decide(token, mi, role); assertThat(mipe.isAllowed(mi, token)).isFalse(); } }
/** * Generates a <code>MethodInvocation</code> for the specified <code>methodName</code> on the passed class. * * If a method with this name, taking no arguments does not exist, it will check through the declared * methods on the class, until one is found matching the supplied name. If more than one method name matches, * an <tt>IllegalArgumentException</tt> will be raised. * * @param clazz the class of object that will be used to find the relevant <code>Method</code> * @param methodName the name of the method to find * * @return a <code>MethodInvocation</code>, or <code>null</code> if there was a problem */ public static MethodInvocation createFromClass(Class<?> clazz, String methodName) { MethodInvocation mi = createFromClass(null, clazz, methodName, null, null); if (mi == null) { for (Method m : clazz.getDeclaredMethods()) { if (m.getName().equals(methodName)) { if (mi != null) { throw new IllegalArgumentException("The class " + clazz + " has more than one method named" + " '" + methodName + "'"); } mi = new SimpleMethodInvocation(null, m); } } } return mi; }
MethodInvocation mi = createFromClass(null, clazz, methodName, null, null);
return createFromClass(object, target, methodName, classArgs, args);
return createFromClass(object, target, methodName, classArgs, args);
final Class<?> targetClass = AopUtils.getTargetClass(view); final Method method = ClassUtils.getMethod(targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName());
final Class<?> targetClass = AopUtils.getTargetClass(view); final Method method = ClassUtils.getMethod(targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName());
@Override public boolean isAccessGranted(String beanName, UI ui) { PreAuthorize viewSecured = applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class); if ( viewSecured == null ) { return true; } else if ( security.hasAccessDecisionManager() ) { final Class<?> targetClass = AopUtils.getTargetClass(applicationContext.getBean(beanName)); final Method method = ClassUtils.getMethod(AopUtils.getTargetClass(applicationContext.getBean(beanName)), "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName()); final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager(); final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler()); Collection<ConfigAttribute> atributi = new ArrayList<ConfigAttribute>(); atributi.add(attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value())); try { accessDecisionManager.decide(authentication, methodInvocation, atributi); return true; } catch (InsufficientAuthenticationException e) { return false; } catch (AccessDeniedException e) { return false; } } else { return true; // Access decision manager required for @PreAuthorize() } }