|
|
@@ -15,6 +15,7 @@ package org.springframework.security.config.http;
|
|
|
import static org.mockito.Matchers.any;
|
|
|
import static org.mockito.Matchers.anyObject;
|
|
|
import static org.mockito.Mockito.doThrow;
|
|
|
+import static org.mockito.Mockito.mock;
|
|
|
import static org.mockito.Mockito.verify;
|
|
|
|
|
|
import java.util.Collection;
|
|
|
@@ -33,6 +34,7 @@ import org.springframework.security.web.DefaultSecurityFilterChain;
|
|
|
import org.springframework.security.web.FilterChainProxy;
|
|
|
import org.springframework.security.web.access.ExceptionTranslationFilter;
|
|
|
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
|
|
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
|
|
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
|
|
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
|
|
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
|
|
@@ -53,15 +55,17 @@ public class DefaultFilterChainValidatorTests {
|
|
|
@Mock
|
|
|
private AccessDecisionManager accessDecisionManager;
|
|
|
|
|
|
+ private FilterSecurityInterceptor fsi;
|
|
|
+
|
|
|
@Before
|
|
|
public void setUp() throws Exception {
|
|
|
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
|
|
|
- FilterSecurityInterceptor fsi = new FilterSecurityInterceptor();
|
|
|
+ fsi = new FilterSecurityInterceptor();
|
|
|
fsi.setAccessDecisionManager(accessDecisionManager);
|
|
|
fsi.setSecurityMetadataSource(metadataSource);
|
|
|
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
|
|
|
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
|
|
|
- DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(new AnyRequestMatcher(),aaf,etf,fsi);
|
|
|
+ DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(new AnyRequestMatcher(), aaf, etf, fsi);
|
|
|
fcp = new FilterChainProxy(securityChain);
|
|
|
validator = new DefaultFilterChainValidator();
|
|
|
Whitebox.setInternalState(validator, "logger", logger);
|
|
|
@@ -77,4 +81,14 @@ public class DefaultFilterChainValidatorTests {
|
|
|
verify(logger).info("Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", toBeThrown);
|
|
|
}
|
|
|
|
|
|
+ // SEC-1957
|
|
|
+ @Test
|
|
|
+ public void validateCustomMetadataSource() {
|
|
|
+ FilterInvocationSecurityMetadataSource customMetaDataSource = mock(FilterInvocationSecurityMetadataSource.class);
|
|
|
+ fsi.setSecurityMetadataSource(customMetaDataSource);
|
|
|
+
|
|
|
+ validator.validate(fcp);
|
|
|
+
|
|
|
+ verify(customMetaDataSource).getAttributes(any());
|
|
|
+ }
|
|
|
}
|
Rob Winch