001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.intercept.web;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.GrantedAuthority;
021: import org.acegisecurity.GrantedAuthorityImpl;
022:
023: import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
024:
025: import org.acegisecurity.util.FilterInvocationUtils;
026:
027: import org.springframework.context.ApplicationContext;
028: import org.springframework.context.support.ClassPathXmlApplicationContext;
029:
030: /**
031: * Tests {@link org.acegisecurity.intercept.web.WebInvocationPrivilegeEvaluator}.
032: *
033: * @author Ben Alex
034: * @version $Id: WebInvocationPrivilegeEvaluatorTests.java 1496 2006-05-23 13:38:33Z benalex $
035: */
036: public class WebInvocationPrivilegeEvaluatorTests extends TestCase {
037: //~ Constructors ===================================================================================================
038:
039: public WebInvocationPrivilegeEvaluatorTests() {
040: super ();
041: }
042:
043: public WebInvocationPrivilegeEvaluatorTests(String arg0) {
044: super (arg0);
045: }
046:
047: //~ Methods ========================================================================================================
048:
049: public static void main(String[] args) {
050: junit.textui.TestRunner
051: .run(WebInvocationPrivilegeEvaluatorTests.class);
052: }
053:
054: private FilterSecurityInterceptor makeFilterSecurityInterceptor() {
055: ApplicationContext context = new ClassPathXmlApplicationContext(
056: "org/acegisecurity/intercept/web/applicationContext.xml");
057:
058: return (FilterSecurityInterceptor) context
059: .getBean("securityInterceptor");
060: }
061:
062: public void testAllowsAccess1() throws Exception {
063: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
064: "Test", "Password",
065: new GrantedAuthority[] { new GrantedAuthorityImpl(
066: "MOCK_INDEX") });
067: FilterInvocation fi = FilterInvocationUtils
068: .create("/foo/index.jsp");
069: FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
070:
071: WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
072: wipe.setSecurityInterceptor(interceptor);
073: wipe.afterPropertiesSet();
074:
075: assertTrue(wipe.isAllowed(fi, token));
076: }
077:
078: public void testAllowsAccess2() throws Exception {
079: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
080: "Test", "Password",
081: new GrantedAuthority[] { new GrantedAuthorityImpl(
082: "MOCK_USER") });
083: FilterInvocation fi = FilterInvocationUtils
084: .create("/anything.jsp");
085: FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
086:
087: WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
088: wipe.setSecurityInterceptor(interceptor);
089: wipe.afterPropertiesSet();
090:
091: assertTrue(wipe.isAllowed(fi, token));
092: }
093:
094: public void testDeniesAccess1() throws Exception {
095: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
096: "Test", "Password",
097: new GrantedAuthority[] { new GrantedAuthorityImpl(
098: "MOCK_NOTHING_USEFUL") });
099: FilterInvocation fi = FilterInvocationUtils
100: .create("/anything.jsp");
101: FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
102:
103: WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
104: wipe.setSecurityInterceptor(interceptor);
105: wipe.afterPropertiesSet();
106:
107: assertFalse(wipe.isAllowed(fi, token));
108: }
109: }
|