AbstractSecurityInterceptorTests xref


1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.intercept;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.MockAccessDecisionManager;
21  import org.acegisecurity.MockAfterInvocationManager;
22  import org.acegisecurity.MockAuthenticationManager;
23  import org.acegisecurity.MockRunAsManager;
24  
25  import org.acegisecurity.intercept.method.MockMethodDefinitionSource;
26  
27  import org.acegisecurity.util.SimpleMethodInvocation;
28  
29  
30  /**
31   * Tests some {@link AbstractSecurityInterceptor} methods. Most of the  testing for this class is found in the
32   * <code>MethodSecurityInterceptorTests</code> class.
33   *
34   * @author Ben Alex
35   * @version $Id: AbstractSecurityInterceptorTests.java 1496 2006-05-23 13:38:33Z benalex $
36   */
37  public class AbstractSecurityInterceptorTests extends TestCase {
38      //~ Constructors ===================================================================================================
39  
40      public AbstractSecurityInterceptorTests() {
41          super();
42      }
43  
44      public AbstractSecurityInterceptorTests(String arg0) {
45          super(arg0);
46      }
47  
48      //~ Methods ========================================================================================================
49  
50      public static void main(String[] args) {
51          junit.textui.TestRunner.run(AbstractSecurityInterceptorTests.class);
52      }
53  
54      public void testDetectsIfInvocationPassedIncompatibleSecureObject()
55          throws Exception {
56          MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
57          si.setRunAsManager(new MockRunAsManager());
58          si.setAuthenticationManager(new MockAuthenticationManager());
59          si.setAfterInvocationManager(new MockAfterInvocationManager());
60          si.setAccessDecisionManager(new MockAccessDecisionManager());
61          si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
62  
63          try {
64              si.beforeInvocation(new SimpleMethodInvocation());
65              fail("Should have thrown IllegalArgumentException");
66          } catch (IllegalArgumentException expected) {
67              assertTrue(expected.getMessage().startsWith("Security invocation attempted for object"));
68          }
69      }
70  
71      public void testDetectsViolationOfGetSecureObjectClassMethod()
72          throws Exception {
73          MockSecurityInterceptorReturnsNull si = new MockSecurityInterceptorReturnsNull();
74          si.setRunAsManager(new MockRunAsManager());
75          si.setAuthenticationManager(new MockAuthenticationManager());
76          si.setAfterInvocationManager(new MockAfterInvocationManager());
77          si.setAccessDecisionManager(new MockAccessDecisionManager());
78          si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
79  
80          try {
81              si.afterPropertiesSet();
82              fail("Should have thrown IllegalArgumentException");
83          } catch (IllegalArgumentException expected) {
84              assertEquals("Subclass must provide a non-null response to getSecureObjectClass()", expected.getMessage());
85          }
86      }
87  
88      //~ Inner Classes ==================================================================================================
89  
90      private class MockSecurityInterceptorReturnsNull extends AbstractSecurityInterceptor {
91          private ObjectDefinitionSource objectDefinitionSource;
92  
93          public Class getSecureObjectClass() {
94              return null;
95          }
96  
97          public ObjectDefinitionSource obtainObjectDefinitionSource() {
98              return objectDefinitionSource;
99          }
100 
101         public void setObjectDefinitionSource(ObjectDefinitionSource objectDefinitionSource) {
102             this.objectDefinitionSource = objectDefinitionSource;
103         }
104     }
105 
106     private class MockSecurityInterceptorWhichOnlySupportsStrings extends AbstractSecurityInterceptor {
107         private ObjectDefinitionSource objectDefinitionSource;
108 
109         public Class getSecureObjectClass() {
110             return String.class;
111         }
112 
113         public ObjectDefinitionSource obtainObjectDefinitionSource() {
114             return objectDefinitionSource;
115         }
116 
117         public void setObjectDefinitionSource(ObjectDefinitionSource objectDefinitionSource) {
118             this.objectDefinitionSource = objectDefinitionSource;
119         }
120     }
121 }