@Test(expected = AccessDeniedException.class)
 public void accessIsDeniedIfPermissionIsNotGranted() {
   AclService service = mock(AclService.class);
   Acl acl = mock(Acl.class);
   when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(false);
   // Try a second time with no permissions found
   when(acl.isGranted(any(List.class), any(List.class), anyBoolean()))
       .thenThrow(new NotFoundException(""));
   when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl);
   AclEntryAfterInvocationProvider provider =
       new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class)));
   provider.setProcessConfigAttribute("MY_ATTRIBUTE");
   provider.setMessageSource(new SpringSecurityMessageSource());
   provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
   provider.setProcessDomainObjectClass(Object.class);
   provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
   try {
     provider.decide(
         mock(Authentication.class),
         new Object(),
         SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
         new Object());
     fail("Expected Exception");
   } catch (AccessDeniedException expected) {
   }
   // Second scenario with no acls found
   provider.decide(
       mock(Authentication.class),
       new Object(),
       SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"),
       new Object());
 }
  @Test
  public void accessIsGrantedIfNoAttributesDefined() throws Exception {
    AclEntryAfterInvocationProvider provider =
        new AclEntryAfterInvocationProvider(
            mock(AclService.class), Arrays.asList(mock(Permission.class)));
    Object returned = new Object();

    assertThat(returned)
        .isSameAs(
            provider.decide(
                mock(Authentication.class),
                new Object(),
                Collections.<ConfigAttribute>emptyList(),
                returned));
  }
  @Test
  public void nullReturnObjectIsIgnored() throws Exception {
    AclService service = mock(AclService.class);
    AclEntryAfterInvocationProvider provider =
        new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class)));

    assertThat(
            provider.decide(
                mock(Authentication.class),
                new Object(),
                SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"),
                null))
        .isNull();
    ;
    verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
  }
  @Test
  public void accessIsGrantedIfObjectTypeNotSupported() throws Exception {
    AclEntryAfterInvocationProvider provider =
        new AclEntryAfterInvocationProvider(
            mock(AclService.class), Arrays.asList(mock(Permission.class)));
    provider.setProcessDomainObjectClass(String.class);
    // Not a String
    Object returned = new Object();

    assertThat(returned)
        .isSameAs(
            provider.decide(
                mock(Authentication.class),
                new Object(),
                SecurityConfig.createList("AFTER_ACL_READ"),
                returned));
  }
  @Test
  public void accessIsAllowedIfPermissionIsGranted() {
    AclService service = mock(AclService.class);
    Acl acl = mock(Acl.class);
    when(acl.isGranted(any(List.class), any(List.class), anyBoolean())).thenReturn(true);
    when(service.readAclById(any(ObjectIdentity.class), any(List.class))).thenReturn(acl);
    AclEntryAfterInvocationProvider provider =
        new AclEntryAfterInvocationProvider(service, Arrays.asList(mock(Permission.class)));
    provider.setMessageSource(new SpringSecurityMessageSource());
    provider.setObjectIdentityRetrievalStrategy(mock(ObjectIdentityRetrievalStrategy.class));
    provider.setProcessDomainObjectClass(Object.class);
    provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
    Object returned = new Object();

    assertThat(returned)
        .isSameAs(
            provider.decide(
                mock(Authentication.class),
                new Object(),
                SecurityConfig.createList("AFTER_ACL_READ"),
                returned));
  }