methodsecurityinterceptortests.java

acegi构造安全的java系统

            interceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("ObjectDefinitionSource does not support secure object class: interface org.aopalliance.intercept.MethodInvocation",
                expected.getMessage());
        }
    }

    public void testRejectsCallsWhenObjectIsNull() throws Throwable {
        MethodSecurityInterceptor interceptor = new MethodSecurityInterceptor();

        try {
            interceptor.invoke(null);
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("Object was null", expected.getMessage());
        }
    }

    public void testRejectsRunAsManagersThatDoNotSupportMethodInvocation()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setAuthenticationManager(new MockAuthenticationManager());
        si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        si.setRunAsManager(new MockRunAsManagerWhichOnlySupportsStrings());
        si.setAfterInvocationManager(new MockAfterInvocationManager());

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("RunAsManager does not support secure object class: interface org.aopalliance.intercept.MethodInvocation",
                expected.getMessage());
        }
    }

    public void testStartupCheckForAccessDecisionManager()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setRunAsManager(new MockRunAsManager());
        si.setAuthenticationManager(new MockAuthenticationManager());
        si.setAfterInvocationManager(new MockAfterInvocationManager());

        si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("An AccessDecisionManager is required", expected.getMessage());
        }
    }

    public void testStartupCheckForAuthenticationManager()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setRunAsManager(new MockRunAsManager());
        si.setAfterInvocationManager(new MockAfterInvocationManager());

        si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("An AuthenticationManager is required", expected.getMessage());
        }
    }

    public void testStartupCheckForMethodDefinitionSource()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setAuthenticationManager(new MockAuthenticationManager());

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("An ObjectDefinitionSource is required", expected.getMessage());
        }
    }

    public void testStartupCheckForRunAsManager() throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setAuthenticationManager(new MockAuthenticationManager());
        si.setRunAsManager(null); // Overriding the default

        si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("A RunAsManager is required", expected.getMessage());
        }
    }

    public void testStartupCheckForValidAfterInvocationManager()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setRunAsManager(new MockRunAsManager());
        si.setAuthenticationManager(new MockAuthenticationManager());
        si.setAfterInvocationManager(new MockAfterInvocationManagerWhichOnlySupportsStrings());
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertTrue(expected.getMessage().startsWith("AfterInvocationManager does not support secure object class:"));
        }
    }

    public void testValidationFailsIfInvalidAttributePresented()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setAuthenticationManager(new MockAuthenticationManager());
        si.setRunAsManager(new RunAsManagerImpl());

        assertTrue(si.isValidateConfigAttributes()); // check default
        si.setObjectDefinitionSource(new MockMethodDefinitionSource(true, true));

        try {
            si.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException expected) {
            assertEquals("Unsupported configuration attributes: [ANOTHER_INVALID, INVALID_ATTRIBUTE]",
                expected.getMessage());
        }
    }

    public void testValidationNotAttemptedIfIsValidateConfigAttributesSetToFalse()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setAuthenticationManager(new MockAuthenticationManager());

        assertTrue(si.isValidateConfigAttributes()); // check default
        si.setValidateConfigAttributes(false);
        assertTrue(!si.isValidateConfigAttributes()); // check changed

        si.setObjectDefinitionSource(new MockMethodDefinitionSource(true, true));
        si.afterPropertiesSet();
        assertTrue(true);
    }

    public void testValidationNotAttemptedIfMethodDefinitionSourceCannotReturnIterator()
        throws Exception {
        MethodSecurityInterceptor si = new MethodSecurityInterceptor();
        si.setAccessDecisionManager(new MockAccessDecisionManager());
        si.setRunAsManager(new MockRunAsManager());
        si.setAuthenticationManager(new MockAuthenticationManager());

        assertTrue(si.isValidateConfigAttributes()); // check default
        si.setObjectDefinitionSource(new MockMethodDefinitionSource(true, false));
        si.afterPropertiesSet();
        assertTrue(true);
    }

    //~ Inner Classes ==================================================================================================

    private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
        public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
            throws AccessDeniedException {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        public boolean supports(Class clazz) {
            if (String.class.isAssignableFrom(clazz)) {
                return true;
            } else {
                return false;
            }
        }

        public boolean supports(ConfigAttribute attribute) {
            return true;
        }
    }

    private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
        public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
            Object returnedObject) throws AccessDeniedException {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        public boolean supports(Class clazz) {
            if (String.class.isAssignableFrom(clazz)) {
                return true;
            } else {
                return false;
            }
        }

        public boolean supports(ConfigAttribute attribute) {
            return true;
        }
    }

    private class MockObjectDefinitionSourceWhichOnlySupportsStrings extends AbstractMethodDefinitionSource {
        public Iterator getConfigAttributeDefinitions() {
            return null;
        }

        protected ConfigAttributeDefinition lookupAttributes(Method method) {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        public boolean supports(Class clazz) {
            if (String.class.isAssignableFrom(clazz)) {
                return true;
            } else {
                return false;
            }
        }
    }

    private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
        public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        public boolean supports(Class clazz) {
            if (String.class.isAssignableFrom(clazz)) {
                return true;
            } else {
                return false;
            }
        }

        public boolean supports(ConfigAttribute attribute) {
            return true;
        }
    }
}