AuthorizeTagAttributeTests xref


1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.taglibs.authz;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.GrantedAuthority;
21  import org.acegisecurity.GrantedAuthorityImpl;
22  
23  import org.acegisecurity.context.SecurityContextHolder;
24  
25  import org.acegisecurity.providers.TestingAuthenticationToken;
26  
27  import javax.servlet.jsp.JspException;
28  import javax.servlet.jsp.tagext.Tag;
29  
30  
31  /**
32   * DOCUMENT ME!
33   *
34   * @author Francois Beausoleil
35   * @version $Id: AuthorizeTagAttributeTests.java 1496 2006-05-23 13:38:33Z benalex $
36   */
37  public class AuthorizeTagAttributeTests extends TestCase {
38      //~ Instance fields ================================================================================================
39  
40      private final AuthorizeTag authorizeTag = new AuthorizeTag();
41      private TestingAuthenticationToken currentUser;
42  
43      //~ Methods ========================================================================================================
44  
45      protected void setUp() throws Exception {
46          super.setUp();
47  
48          currentUser = new TestingAuthenticationToken("abc", "123",
49                  new GrantedAuthority[] {
50                      new GrantedAuthorityImpl("ROLE_SUPERVISOR"), new GrantedAuthorityImpl("ROLE_RESTRICTED"),
51                  });
52  
53          SecurityContextHolder.getContext().setAuthentication(currentUser);
54      }
55  
56      protected void tearDown() throws Exception {
57          SecurityContextHolder.clearContext();
58      }
59  
60      public void testAssertsIfAllGrantedSecond() throws JspException {
61          authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_SUPERTELLER");
62          authorizeTag.setIfAnyGranted("ROLE_RESTRICTED");
63          assertEquals("prevents request - principal is missing ROLE_SUPERTELLER", Tag.SKIP_BODY,
64              authorizeTag.doStartTag());
65      }
66  
67      public void testAssertsIfAnyGrantedLast() throws JspException {
68          authorizeTag.setIfAnyGranted("ROLE_BANKER");
69          assertEquals("prevents request - principal is missing ROLE_BANKER", Tag.SKIP_BODY, authorizeTag.doStartTag());
70      }
71  
72      public void testAssertsIfNotGrantedFirst() throws JspException {
73          authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
74          authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_RESTRICTED");
75          authorizeTag.setIfAnyGranted("ROLE_SUPERVISOR");
76          assertEquals("prevents request - principal has ROLE_RESTRICTED", Tag.SKIP_BODY, authorizeTag.doStartTag());
77      }
78  
79      public void testAssertsIfNotGrantedIgnoresWhitespaceInAttribute()
80          throws JspException {
81          authorizeTag.setIfAnyGranted("\tROLE_SUPERVISOR  \t, \r\n\t ROLE_TELLER ");
82          assertEquals("allows request - principal has ROLE_SUPERVISOR", Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
83      }
84  
85      public void testIfAllGrantedIgnoresWhitespaceInAttribute()
86          throws JspException {
87          authorizeTag.setIfAllGranted("\nROLE_SUPERVISOR\t,ROLE_RESTRICTED\t\n\r ");
88          assertEquals("allows request - principal has ROLE_RESTRICTED " + "and ROLE_SUPERVISOR", Tag.EVAL_BODY_INCLUDE,
89              authorizeTag.doStartTag());
90      }
91  
92      public void testIfNotGrantedIgnoresWhitespaceInAttribute()
93          throws JspException {
94          authorizeTag.setIfNotGranted(" \t  ROLE_TELLER \r");
95          assertEquals("allows request - principal does not have ROLE_TELLER", Tag.EVAL_BODY_INCLUDE,
96              authorizeTag.doStartTag());
97      }
98  }