|
@@ -83,6 +83,31 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
|
|
|
return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.NO_AUTHORITIES);
|
|
|
}
|
|
|
|
|
|
+ @Test
|
|
|
+ public void requestWhenCustomAccessDeniedPageInLambdaThenForwardedToCustomPage() throws Exception {
|
|
|
+ this.spring.register(AccessDeniedPageInLambdaConfig.class).autowire();
|
|
|
+
|
|
|
+ this.mvc.perform(get("/")
|
|
|
+ .with(authentication(user())))
|
|
|
+ .andExpect(status().isForbidden())
|
|
|
+ .andExpect(forwardedUrl("/AccessDeniedPageConfig"));
|
|
|
+ }
|
|
|
+
|
|
|
+ @EnableWebSecurity
|
|
|
+ static class AccessDeniedPageInLambdaConfig extends WebSecurityConfigurerAdapter {
|
|
|
+ protected void configure(HttpSecurity http) throws Exception {
|
|
|
+ // @formatter:off
|
|
|
+ http
|
|
|
+ .authorizeRequests()
|
|
|
+ .anyRequest().denyAll()
|
|
|
+ .and()
|
|
|
+ .exceptionHandling(exceptionHandling ->
|
|
|
+ exceptionHandling.accessDeniedPage("/AccessDeniedPageConfig")
|
|
|
+ );
|
|
|
+ // @formatter:on
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
@Test
|
|
|
public void requestWhenCustomAccessDeniedHandlerThenBehaviorMatchesNamespace() throws Exception {
|
|
|
this.spring.register(AccessDeniedHandlerRefConfig.class).autowire();
|
|
@@ -109,6 +134,39 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ @Test
|
|
|
+ public void requestWhenCustomAccessDeniedHandlerInLambdaThenBehaviorMatchesNamespace() throws Exception {
|
|
|
+ this.spring.register(AccessDeniedHandlerRefInLambdaConfig.class).autowire();
|
|
|
+
|
|
|
+ this.mvc.perform(get("/")
|
|
|
+ .with(authentication(user())));
|
|
|
+
|
|
|
+ verify(AccessDeniedHandlerRefInLambdaConfig.accessDeniedHandler)
|
|
|
+ .handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
|
|
|
+ }
|
|
|
+
|
|
|
+ @EnableWebSecurity
|
|
|
+ static class AccessDeniedHandlerRefInLambdaConfig extends WebSecurityConfigurerAdapter {
|
|
|
+ static AccessDeniedHandler accessDeniedHandler = mock(AccessDeniedHandler.class);
|
|
|
+
|
|
|
+ protected void configure(HttpSecurity http) throws Exception {
|
|
|
+ // @formatter:off
|
|
|
+ http
|
|
|
+ .authorizeRequests()
|
|
|
+ .anyRequest().denyAll()
|
|
|
+ .and()
|
|
|
+ .exceptionHandling(exceptionHandling ->
|
|
|
+ exceptionHandling.accessDeniedHandler(accessDeniedHandler())
|
|
|
+ );
|
|
|
+ // @formatter:on
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ AccessDeniedHandler accessDeniedHandler() {
|
|
|
+ return accessDeniedHandler;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
private <T> T verifyBean(Class<T> beanClass) {
|
|
|
return verify(this.spring.getContext().getBean(beanClass));
|
|
|
}
|