@Test(expected = AccessDeniedException.class) public void accessIsDeniedIfPermissionIsNotGranted() { AclService service = mock(AclService.class); Acl acl = mock(Acl.class); when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(false); // Try a second time with no permissions found when(acl.isGranted(any(List.class), any(List.class), anyBoolean())) .thenThrow(new NotFoundException("")); when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); provider.setProcessConfigAttribute("MY_ATTRIBUTE"); provider.setMessageSource(new SpringSecurityMessageSource()); provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class)); provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); try { provider.decide( mock(Authentication.class), new Object(), SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()); fail("Expected Exception"); } catch (AccessDeniedException expected) { } // Second scenario with no acls found provider.decide( mock(Authentication.class), new Object(), SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()); }
@Test public void accessIsGrantedIfNoAttributesDefined() throws Exception { AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider( mock(AclService.class), Arrays.asList(mock(Permission.class))); Object returned = new Object(); assertThat(returned) .isSameAs( provider.decide( mock(Authentication.class), new Object(), Collections.<ConfigAttribute>emptyList(), returned)); }
@Test public void nullReturnObjectIsIgnored() throws Exception { AclService service = mock(AclService.class); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); assertThat( provider.decide( mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)) .isNull(); ; verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class)); }
@Test public void accessIsGrantedIfObjectTypeNotSupported() throws Exception { AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider( mock(AclService.class), Arrays.asList(mock(Permission.class))); provider.setProcessDomainObjectClass(String.class); // Not a String Object returned = new Object(); assertThat(returned) .isSameAs( provider.decide( mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); }
@Test public void accessIsAllowedIfPermissionIsGranted() { AclService service = mock(AclService.class); Acl acl = mock(Acl.class); when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(true); when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl); AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class))); provider.setMessageSource(new SpringSecurityMessageSource()); provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class)); provider.setProcessDomainObjectClass(Object.class); provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class)); Object returned = new Object(); assertThat(returned) .isSameAs( provider.decide( mock(Authentication.class), new Object(), SecurityConfig.createList("AFTER_ACL_READ"), returned)); }