@Test public void taglibsDocumentationHasPermissionOr() throws Exception { Object domain = new Object(); request.setAttribute("domain", domain); authorizeTag.setAccess("hasPermission(#domain,'read') or hasPermission(#domain,'write')"); when(permissionEvaluator.hasPermission(eq(currentUser), eq(domain), anyString())) .thenReturn(true); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void skipsBodyIfNoAuthenticationPresent() throws Exception { SecurityContextHolder.clearContext(); authorizeTag.setAccess("permitAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }
@Test public void skipsBodyIfMethodIsNotAllowed() throws Exception { authorizeTag.setUrl("/allowed"); authorizeTag.setMethod("POST"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }
@Test public void evaluatesBodyIfUrlIsAllowed() throws Exception { authorizeTag.setUrl("/allowed"); authorizeTag.setMethod("GET"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
// url attribute tests @Test public void skipsBodyWithUrlSetIfNoAuthenticationPresent() throws Exception { SecurityContextHolder.clearContext(); authorizeTag.setUrl("/something"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }
@Test public void requestAttributeIsResolvedAsElVariable() throws JspException { request.setAttribute("blah", "blah"); authorizeTag.setAccess("#blah == 'blah'"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void showsBodyIfAccessExpressionAllowsAccess() throws Exception { authorizeTag.setAccess("permitAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.EVAL_BODY_INCLUDE); }
@Test public void skipsBodyIfAccessExpressionDeniesAccess() throws Exception { authorizeTag.setAccess("denyAll"); assertThat(authorizeTag.doStartTag()).isEqualTo(Tag.SKIP_BODY); }