AbstractSecurityInterceptorTests xref


1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.intercept;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.MockAccessDecisionManager;
21  import org.acegisecurity.MockAfterInvocationManager;
22  import org.acegisecurity.MockAuthenticationManager;
23  import org.acegisecurity.MockRunAsManager;
24  import org.acegisecurity.intercept.method.MockMethodDefinitionSource;
25  import org.acegisecurity.util.SimpleMethodInvocation;
26  
27  
28  /***
29   * Tests some {@link AbstractSecurityInterceptor} methods. Most of the  testing
30   * for this class is found in the <code>MethodSecurityInterceptorTests</code>
31   * class.
32   *
33   * @author Ben Alex
34   * @version $Id: AbstractSecurityInterceptorTests.java,v 1.3 2005/11/25 04:17:24 benalex Exp $
35   */
36  public class AbstractSecurityInterceptorTests extends TestCase {
37      //~ Constructors ===========================================================
38  
39      public AbstractSecurityInterceptorTests() {
40          super();
41      }
42  
43      public AbstractSecurityInterceptorTests(String arg0) {
44          super(arg0);
45      }
46  
47      //~ Methods ================================================================
48  
49      public static void main(String[] args) {
50          junit.textui.TestRunner.run(AbstractSecurityInterceptorTests.class);
51      }
52  
53      public void testDetectsIfInvocationPassedIncompatibleSecureObject()
54          throws Exception {
55          MockSecurityInterceptorWhichOnlySupportsStrings si = new MockSecurityInterceptorWhichOnlySupportsStrings();
56          si.setRunAsManager(new MockRunAsManager());
57          si.setAuthenticationManager(new MockAuthenticationManager());
58          si.setAfterInvocationManager(new MockAfterInvocationManager());
59          si.setAccessDecisionManager(new MockAccessDecisionManager());
60          si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
61  
62          try {
63              si.beforeInvocation(new SimpleMethodInvocation());
64              fail("Should have thrown IllegalArgumentException");
65          } catch (IllegalArgumentException expected) {
66              assertTrue(expected.getMessage().startsWith("Security invocation attempted for object"));
67          }
68      }
69  
70      public void testDetectsViolationOfGetSecureObjectClassMethod()
71          throws Exception {
72          MockSecurityInterceptorReturnsNull si = new MockSecurityInterceptorReturnsNull();
73          si.setRunAsManager(new MockRunAsManager());
74          si.setAuthenticationManager(new MockAuthenticationManager());
75          si.setAfterInvocationManager(new MockAfterInvocationManager());
76          si.setAccessDecisionManager(new MockAccessDecisionManager());
77          si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
78  
79          try {
80              si.afterPropertiesSet();
81              fail("Should have thrown IllegalArgumentException");
82          } catch (IllegalArgumentException expected) {
83              assertEquals("Subclass must provide a non-null response to getSecureObjectClass()",
84                  expected.getMessage());
85          }
86      }
87  
88      //~ Inner Classes ==========================================================
89  
90      private class MockSecurityInterceptorReturnsNull
91          extends AbstractSecurityInterceptor {
92          private ObjectDefinitionSource objectDefinitionSource;
93  
94          public void setObjectDefinitionSource(
95              ObjectDefinitionSource objectDefinitionSource) {
96              this.objectDefinitionSource = objectDefinitionSource;
97          }
98  
99          public Class getSecureObjectClass() {
100             return null;
101         }
102 
103         public ObjectDefinitionSource obtainObjectDefinitionSource() {
104             return objectDefinitionSource;
105         }
106     }
107 
108     private class MockSecurityInterceptorWhichOnlySupportsStrings
109         extends AbstractSecurityInterceptor {
110         private ObjectDefinitionSource objectDefinitionSource;
111 
112         public void setObjectDefinitionSource(
113             ObjectDefinitionSource objectDefinitionSource) {
114             this.objectDefinitionSource = objectDefinitionSource;
115         }
116 
117         public Class getSecureObjectClass() {
118             return String.class;
119         }
120 
121         public ObjectDefinitionSource obtainObjectDefinitionSource() {
122             return objectDefinitionSource;
123         }
124     }
125 }