Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
github
/
spring-security
mirror de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Validate @EnableGlobalMethodSecurity usage

Fixes: gh-5341
artsiom há 7 anos atrás
pai
d4c50a8fb8
commit
1e864ad764
2 ficheiros alterados com 30 adições e 3 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 13 3
      config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
  2. 17 0
      config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java

+ 13 - 3
config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
Ver Ficheiro 

@@ -358,13 +358,23 @@ public class GlobalMethodSecurityConfiguration
 
 		if (customMethodSecurityMetadataSource != null) {
 
 			sources.add(customMethodSecurityMetadataSource);
 
 		}
 
-		if (prePostEnabled()) {
 
+
 
+		boolean isPrePostEnabled = prePostEnabled();
 
+		boolean isSecureEnabled = securedEnabled();
 
+		boolean isJsr250Enabled = jsr250Enabled();
 
+
 
+		if (!isPrePostEnabled && !isSecureEnabled && !isJsr250Enabled) {
 
+			throw new IllegalStateException("In the composition of all global method configuration, " +
 
+					"no annotation support was actually activated");
 
+		}
 
+
 
+		if (isPrePostEnabled) {
 
 			sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
 
 		}
 
-		if (securedEnabled()) {
 
+		if (isSecureEnabled) {
 
 			sources.add(new SecuredAnnotationSecurityMetadataSource());
 
 		}
 
-		if (jsr250Enabled()) {
 
+		if (isJsr250Enabled) {
 
 			GrantedAuthorityDefaults grantedAuthorityDefaults =
 
 					getSingleBeanOrNull(GrantedAuthorityDefaults.class);
 
 			Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);

+ 17 - 0
config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
Ver Ficheiro 

@@ -17,8 +17,10 @@ package org.springframework.security.config.annotation.method.configuration;
 
 
 import org.junit.Rule;
 
 import org.junit.Test;
 
+import org.junit.rules.ExpectedException;
 
 import org.junit.runner.RunWith;
 
 import org.springframework.beans.BeansException;
 
+import org.springframework.beans.factory.UnsatisfiedDependencyException;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
 import org.springframework.beans.factory.config.BeanPostProcessor;
 
 import org.springframework.context.annotation.AdviceMode;
 
@@ -64,6 +66,7 @@ import static org.mockito.Mockito.when;
 
 /**
 
  *
 
  * @author Rob Winch
 
+ * @author Artsiom Yudovin
 
  */
 
 @RunWith(SpringJUnit4ClassRunner.class)
 
 @SecurityTestExecutionListeners
 
@@ -71,6 +74,9 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	@Rule
 
 	public final SpringTestRule spring = new SpringTestRule();
 
 
+	@Rule
 
+	public ExpectedException thrown = ExpectedException.none();
 
+
 
 	@Autowired(required = false)
 
 	private MethodSecurityService service;
 
 
@@ -84,6 +90,17 @@ public class GlobalMethodSecurityConfigurationTests {
 
 	@Autowired(required = false)
 
 	MockEventListener<AbstractAuthenticationEvent> events;
 
 
+	@Test
 
+	public void illegalStateGlobalMethodSecurity() {
 
+		this.thrown.expect(UnsatisfiedDependencyException.class);
 
+		this.spring.register(IllegalStateGlobalMethodSecurityConfig.class).autowire();
 
+	}
 
+
 
+	@EnableGlobalMethodSecurity
 
+	public static class IllegalStateGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 
+
 
+	}
 
+
 
 	@Test
 
 	public void methodSecurityAuthenticationManagerPublishesEvent() {
 
 		this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire();