AuthorizeTagAttributeTests xref


1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.taglibs.authz;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.GrantedAuthority;
21  import org.acegisecurity.GrantedAuthorityImpl;
22  import org.acegisecurity.context.SecurityContextHolder;
23  import org.acegisecurity.context.SecurityContextImpl;
24  import org.acegisecurity.providers.TestingAuthenticationToken;
25  
26  import javax.servlet.jsp.JspException;
27  import javax.servlet.jsp.tagext.Tag;
28  
29  
30  /***
31   * DOCUMENT ME!
32   *
33   * @author Francois Beausoleil
34   * @version $Id: AuthorizeTagAttributeTests.java,v 1.8 2005/11/17 00:55:51 benalex Exp $
35   */
36  public class AuthorizeTagAttributeTests extends TestCase {
37      //~ Instance fields ========================================================
38  
39      private final AuthorizeTag authorizeTag = new AuthorizeTag();
40      private TestingAuthenticationToken currentUser;
41  
42      //~ Methods ================================================================
43  
44      public void testAssertsIfAllGrantedSecond() throws JspException {
45          authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_SUPERTELLER");
46          authorizeTag.setIfAnyGranted("ROLE_RESTRICTED");
47          assertEquals("prevents request - principal is missing ROLE_SUPERTELLER",
48              Tag.SKIP_BODY, authorizeTag.doStartTag());
49      }
50  
51      public void testAssertsIfAnyGrantedLast() throws JspException {
52          authorizeTag.setIfAnyGranted("ROLE_BANKER");
53          assertEquals("prevents request - principal is missing ROLE_BANKER",
54              Tag.SKIP_BODY, authorizeTag.doStartTag());
55      }
56  
57      public void testAssertsIfNotGrantedFirst() throws JspException {
58          authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
59          authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_RESTRICTED");
60          authorizeTag.setIfAnyGranted("ROLE_SUPERVISOR");
61          assertEquals("prevents request - principal has ROLE_RESTRICTED",
62              Tag.SKIP_BODY, authorizeTag.doStartTag());
63      }
64  
65      public void testAssertsIfNotGrantedIgnoresWhitespaceInAttribute()
66          throws JspException {
67          authorizeTag.setIfAnyGranted(
68              "\tROLE_SUPERVISOR  \t, \r\n\t ROLE_TELLER ");
69          assertEquals("allows request - principal has ROLE_SUPERVISOR",
70              Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
71      }
72  
73      public void testIfAllGrantedIgnoresWhitespaceInAttribute()
74          throws JspException {
75          authorizeTag.setIfAllGranted(
76              "\nROLE_SUPERVISOR\t,ROLE_RESTRICTED\t\n\r ");
77          assertEquals("allows request - principal has ROLE_RESTRICTED "
78              + "and ROLE_SUPERVISOR", Tag.EVAL_BODY_INCLUDE,
79              authorizeTag.doStartTag());
80      }
81  
82      public void testIfNotGrantedIgnoresWhitespaceInAttribute()
83          throws JspException {
84          authorizeTag.setIfNotGranted(" \t  ROLE_TELLER \r");
85          assertEquals("allows request - principal does not have ROLE_TELLER",
86              Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
87      }
88  
89      protected void setUp() throws Exception {
90          super.setUp();
91  
92          currentUser = new TestingAuthenticationToken("abc", "123",
93                  new GrantedAuthority[] {new GrantedAuthorityImpl(
94                          "ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
95                          "ROLE_RESTRICTED"),});
96  
97          SecurityContextHolder.getContext().setAuthentication(currentUser);
98      }
99  
100     protected void tearDown() throws Exception {
101         SecurityContextHolder.setContext(new SecurityContextImpl());
102     }
103 }