1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.intercept.method.aspectj;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.AccessDeniedException;
21  import org.acegisecurity.GrantedAuthority;
22  import org.acegisecurity.GrantedAuthorityImpl;
23  import org.acegisecurity.MockAccessDecisionManager;
24  import org.acegisecurity.MockApplicationContext;
25  import org.acegisecurity.MockAuthenticationManager;
26  import org.acegisecurity.MockJoinPoint;
27  import org.acegisecurity.MockRunAsManager;
28  import org.acegisecurity.TargetObject;
29  
30  import org.acegisecurity.context.SecurityContextHolder;
31  
32  import org.acegisecurity.intercept.method.MethodDefinitionMap;
33  import org.acegisecurity.intercept.method.MethodDefinitionSourceEditor;
34  
35  import org.acegisecurity.providers.TestingAuthenticationToken;
36  
37  import java.lang.reflect.Method;
38  
39  
40  /**
41   * Tests {@link AspectJSecurityInterceptor}.
42   *
43   * @author Ben Alex
44   * @version $Id: AspectJSecurityInterceptorTests.java 1496 2006-05-23 13:38:33Z benalex $
45   */
46  public class AspectJSecurityInterceptorTests extends TestCase {
47      //~ Constructors ===================================================================================================
48  
49      public AspectJSecurityInterceptorTests() {
50          super();
51      }
52  
53      public AspectJSecurityInterceptorTests(String arg0) {
54          super(arg0);
55      }
56  
57      //~ Methods ========================================================================================================
58  
59      public static void main(String[] args) {
60          junit.textui.TestRunner.run(AspectJSecurityInterceptorTests.class);
61      }
62  
63      public final void setUp() throws Exception {
64          super.setUp();
65      }
66  
67      public void testCallbackIsInvokedWhenPermissionGranted()
68          throws Exception {
69          AspectJSecurityInterceptor si = new AspectJSecurityInterceptor();
70          si.setApplicationEventPublisher(MockApplicationContext.getContext());
71          si.setAccessDecisionManager(new MockAccessDecisionManager());
72          si.setAuthenticationManager(new MockAuthenticationManager());
73          si.setRunAsManager(new MockRunAsManager());
74  
75          MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
76          editor.setAsText("org.acegisecurity.TargetObject.countLength=MOCK_ONE,MOCK_TWO");
77  
78          MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
79          si.setObjectDefinitionSource(map);
80          assertEquals(map, si.getObjectDefinitionSource());
81  
82          si.afterPropertiesSet();
83  
84          Class clazz = TargetObject.class;
85          Method method = clazz.getMethod("countLength", new Class[] {String.class});
86          MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
87  
88          MockAspectJCallback aspectJCallback = new MockAspectJCallback();
89  
90          SecurityContextHolder.getContext()
91                               .setAuthentication(new TestingAuthenticationToken("marissa", "koala",
92                  new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_ONE")}));
93  
94          Object result = si.invoke(joinPoint, aspectJCallback);
95  
96          assertEquals("object proceeded", result);
97  
98          SecurityContextHolder.getContext().setAuthentication(null);
99      }
100 
101     public void testCallbackIsNotInvokedWhenPermissionDenied()
102         throws Exception {
103         AspectJSecurityInterceptor si = new AspectJSecurityInterceptor();
104         si.setApplicationEventPublisher(MockApplicationContext.getContext());
105         si.setAccessDecisionManager(new MockAccessDecisionManager());
106         si.setAuthenticationManager(new MockAuthenticationManager());
107         si.setRunAsManager(new MockRunAsManager());
108 
109         MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
110         editor.setAsText("org.acegisecurity.TargetObject.countLength=MOCK_ONE,MOCK_TWO");
111 
112         MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
113         si.setObjectDefinitionSource(map);
114 
115         si.afterPropertiesSet();
116 
117         Class clazz = TargetObject.class;
118         Method method = clazz.getMethod("countLength", new Class[] {String.class});
119         MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
120 
121         MockAspectJCallback aspectJCallback = new MockAspectJCallback();
122         aspectJCallback.setThrowExceptionIfInvoked(true);
123 
124         SecurityContextHolder.getContext()
125                              .setAuthentication(new TestingAuthenticationToken("marissa", "koala",
126                 new GrantedAuthority[] {}));
127 
128         try {
129             si.invoke(joinPoint, aspectJCallback);
130             fail("Should have thrown AccessDeniedException");
131         } catch (AccessDeniedException expected) {
132             assertTrue(true);
133         }
134 
135         SecurityContextHolder.getContext().setAuthentication(null);
136     }
137 
138     //~ Inner Classes ==================================================================================================
139 
140     private class MockAspectJCallback implements AspectJCallback {
141         private boolean throwExceptionIfInvoked = false;
142 
143         private MockAspectJCallback() {}
144 
145         public Object proceedWithObject() {
146             if (throwExceptionIfInvoked) {
147                 throw new IllegalStateException("AspectJCallback proceeded");
148             }
149 
150             return "object proceeded";
151         }
152 
153         public void setThrowExceptionIfInvoked(boolean throwExceptionIfInvoked) {
154             this.throwExceptionIfInvoked = throwExceptionIfInvoked;
155         }
156     }
157 }