SEC-1034: Fix broken tests.

core/src/test/java/org/springframework/security/intercept/web/WebInvocationPrivilegeEvaluatorTests.java

@@ -15,11 +15,31 @@
 
 package org.springframework.security.intercept.web;
 
+import static org.junit.Assert.*;
+import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsername;
+
+import java.util.List;
+
 import junit.framework.TestCase;
 
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.jmock.integration.junit4.JUnit4Mockery;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.AccessDecisionManager;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.MockApplicationEventPublisher;
+import org.springframework.security.RunAsManager;
+import org.springframework.security.ConfigAttribute;
 
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.TestingAuthenticationToken;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 
 import org.springframework.security.util.FilterInvocationUtils;
@@ -34,62 +54,70 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
  * @author Ben Alex
  * @version $Id$
  */
-public class WebInvocationPrivilegeEvaluatorTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public WebInvocationPrivilegeEvaluatorTests() {
-        super();
-    }
-
-    public WebInvocationPrivilegeEvaluatorTests(String arg0) {
-        super(arg0);
-    }
+public class WebInvocationPrivilegeEvaluatorTests {
+    private Mockery jmock = new JUnit4Mockery();
+    private AuthenticationManager am;
+    private AccessDecisionManager adm;
+    private FilterInvocationDefinitionSource ods;
+    private RunAsManager ram;
+    private FilterSecurityInterceptor interceptor;
 
     //~ Methods ========================================================================================================
 
-    private FilterSecurityInterceptor makeFilterSecurityInterceptor() {
-        ApplicationContext context = new ClassPathXmlApplicationContext(
-                "org/springframework/security/intercept/web/applicationContext.xml");
+    @Before
+    public final void setUp() throws Exception {
+        interceptor = new FilterSecurityInterceptor();
+        am = jmock.mock(AuthenticationManager.class);
+        ods = jmock.mock(FilterInvocationDefinitionSource.class);
+        adm = jmock.mock(AccessDecisionManager.class);
+        ram = jmock.mock(RunAsManager.class);
+        interceptor.setAuthenticationManager(am);
+        interceptor.setObjectDefinitionSource(ods);
+        interceptor.setAccessDecisionManager(adm);
+        interceptor.setRunAsManager(ram);
+        interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
+        SecurityContextHolder.clearContext();
+    }
 
-        return (FilterSecurityInterceptor) context.getBean("securityInterceptor");
+    @After
+    public void tearDown() throws Exception {
+        SecurityContextHolder.clearContext();
     }
 
-    public void testAllowsAccess1() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_INDEX")});
+    @Test
+    public void allowsAccessIfAccessDecisionMangerDoes() throws Exception {
+        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
         FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
 
         WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
         wipe.setSecurityInterceptor(interceptor);
         wipe.afterPropertiesSet();
 
-        assertTrue(wipe.isAllowed(fi, token));
-    }
-
-    public void testAllowsAccess2() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_USER")});
-        FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
-
-        WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
-        wipe.setSecurityInterceptor(interceptor);
-        wipe.afterPropertiesSet();
+        jmock.checking(new Expectations() {{
+            ignoring(ram); ignoring(ods);
+            oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
+        }});
 
         assertTrue(wipe.isAllowed(fi, token));
+        jmock.assertIsSatisfied();
     }
 
-    public void testDeniesAccess1() throws Exception {
-        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
-                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_NOTHING_USEFUL")});
-        FilterInvocation fi = FilterInvocationUtils.create("/anything.jsp");
-        FilterSecurityInterceptor interceptor = makeFilterSecurityInterceptor();
+    @Test
+    public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
+        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
+        FilterInvocation fi = FilterInvocationUtils.create("/foo/index.jsp");
 
         WebInvocationPrivilegeEvaluator wipe = new WebInvocationPrivilegeEvaluator();
         wipe.setSecurityInterceptor(interceptor);
         wipe.afterPropertiesSet();
 
+        jmock.checking(new Expectations() {{
+            ignoring(ram); ignoring(ods);
+            oneOf(adm).decide(with(anAuthenticationWithUsername("test")), with(anything()), with(aNonNull(List.class)));
+                will(throwException(new AccessDeniedException("")));
+        }});
+
         assertFalse(wipe.isAllowed(fi, token));
+        jmock.assertIsSatisfied();
     }
 }

core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java

@@ -85,13 +85,9 @@ public class FilterChainProxyTests {
         assertFalse(filter.isWasDestroyed());
     }
 
-    @Test
+    @Test(expected=BeanCreationException.class)
     public void misplacedUniversalPathShouldBeDetected() throws Exception {
-        try {
-            appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
-            fail("Expected BeanCreationException");
-        } catch (BeanCreationException expected) {
-        }
+        appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
     }
 
     @Test
@@ -100,12 +96,6 @@ public class FilterChainProxyTests {
         doNormalOperation(filterChainProxy);
     }
 
-    @Test
-    public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception {
-        FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class);
-        assertNull(filterChainProxy.getFilters("/some/other/path/blah"));
-    }
-
     @Test
     public void normalOperationWithNewConfig() throws Exception {
         FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class);

core/src/test/resources/org/springframework/security/intercept/web/applicationContext.xml

@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- * Copyright 2004, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * $Id$
--->
-
-<beans>
-	<bean id="authentication" class="org.springframework.security.MockAuthenticationManager"/>
-	<bean id="accessDecision" class="org.springframework.security.MockAccessDecisionManager"/>
-	<bean id="runAs" class="org.springframework.security.MockRunAsManager"/>
-
-	<bean id="securityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
-		<property name="authenticationManager"><ref local="authentication"/></property>
-		<property name="accessDecisionManager"><ref local="accessDecision"/></property>
-		<property name="runAsManager"><ref local="runAs"/></property>
-		<property name="objectDefinitionSource">
-        	<value>
-			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-			    PATTERN_TYPE_APACHE_ANT
-			    /foo/index.jsp=MOCK_INDEX
-			    /hello.htm=MOCK_HELLO
-				/**=MOCK_USER
-        	</value>
-		</property>
-	</bean>
-
-</beans>

core/src/test/resources/org/springframework/security/util/filtertest-valid.xml

@@ -42,28 +42,14 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
     <bean id="mockNotAFilter" class="org.springframework.security.util.MockNotAFilter"/>
 
     <bean id="filterChain" class="org.springframework.security.util.FilterChainProxy">
-      <property name="filterInvocationDefinitionSource">
-         <value>
-            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-            PATTERN_TYPE_APACHE_ANT
-            /foo/**=mockFilter
-            /some/other/path/**=mockFilter
-            /do/not/filter=#NONE#
-         </value>
-      </property>
-    </bean>
-
-    <bean id="filterChainNonLowerCase" class="org.springframework.security.util.FilterChainProxy">
-      <property name="filterInvocationDefinitionSource">
-         <value>
-            PATTERN_TYPE_APACHE_ANT
-            /foo/**=mockFilter
-            /SOME/other/path/**=sif,mockFilter,mockFilter2
-            /do/not/filter=#NONE#
-         </value>
-      </property>
+        <sec:filter-chain-map path-type="ant">
+            <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
+            <sec:filter-chain pattern="/some/other/path/**" filters="mockFilter"/>
+            <sec:filter-chain pattern="/do/not/filter" filters="none"/>
+        </sec:filter-chain-map>
     </bean>
 
+<!-- TODO: Refactor to replace the above (SEC-1034: 'new' is now the only valid syntax) -->
     <bean id="newFilterChainProxy" class="org.springframework.security.util.FilterChainProxy">
         <sec:filter-chain-map path-type="ant">
             <sec:filter-chain pattern="/foo/**" filters="mockFilter"/>