Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security
oglindă de https://github.com/spring-projects/spring-security
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

SEC-163: Fix ClassCastException bug in MethodInvocationUtils, and add test to prove correct functionality.

Ben Alex 19 ani în urmă
părinte
b3cb329ede
comite
823f93fe3b
2 a modificat fișierele cu 52 adăugiri și 11 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 1 1
      core/src/main/java/org/acegisecurity/util/MethodInvocationUtils.java
  2. 51 10
      core/src/test/java/org/acegisecurity/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java

+ 1 - 1
core/src/main/java/org/acegisecurity/util/MethodInvocationUtils.java
Vizualizați fișierul 

@@ -81,7 +81,7 @@ public class MethodInvocationUtils {
 
                 list.add(args[i].getClass());
 
             }
 
 
-            classArgs = (Class[]) list.toArray();
 
+            classArgs = (Class[]) list.toArray(new Class[] {});
 
         }
 
 
         return createFromClass(object.getClass(), methodName, classArgs);

+ 51 - 10
core/src/test/java/org/acegisecurity/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java
Vizualizați fișierul 

@@ -1,4 +1,4 @@
 
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
 
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -53,11 +53,43 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
 
 
     //~ Methods ================================================================
 
 
+    private Object lookupTargetObject() {
 
+        ApplicationContext context = new ClassPathXmlApplicationContext(
 
+                "org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
 
+
 
+        return context.getBean("target");
 
+    }
 
+
 
     public static void main(String[] args) {
 
         junit.textui.TestRunner.run(MethodInvocationPrivilegeEvaluatorTests.class);
 
     }
 
 
-    public void testAllowsAccess() throws Exception {
 
+    private MethodSecurityInterceptor makeSecurityInterceptor() {
 
+        ApplicationContext context = new ClassPathXmlApplicationContext(
 
+                "org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
 
+
 
+        return (MethodSecurityInterceptor) context.getBean(
 
+            "securityInterceptor");
 
+    }
 
+
 
+    public void testAllowsAccessUsingCreate() throws Exception {
 
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
 
+                "Password",
 
+                new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")});
 
+        Object object = lookupTargetObject();
 
+        MethodInvocation mi = MethodInvocationUtils.create(object,
 
+                "makeLowerCase", new Object[] {"foobar"});
 
+        MethodSecurityInterceptor interceptor = makeSecurityInterceptor();
 
+
 
+        MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 
+        mipe.setSecurityInterceptor(interceptor);
 
+        mipe.afterPropertiesSet();
 
+
 
+        assertTrue(mipe.isAllowed(mi, token));
 
+    }
 
+
 
+    public void testAllowsAccessUsingCreateFromClass()
 
+        throws Exception {
 
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
 
                 "Password",
 
                 new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_LOWER")});
 
@@ -72,12 +104,13 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
 
         assertTrue(mipe.isAllowed(mi, token));
 
     }
 
 
-    public void testDeclinesAccess() throws Exception {
 
+    public void testDeclinesAccessUsingCreate() throws Exception {
 
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
 
                 "Password",
 
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_NOT_HELD")});
 
-        MethodInvocation mi = MethodInvocationUtils.createFromClass(ITargetObject.class,
 
-                "makeLowerCase", new Class[] {String.class});
 
+        Object object = lookupTargetObject();
 
+        MethodInvocation mi = MethodInvocationUtils.create(object,
 
+                "makeLowerCase", new Object[] {"foobar"});
 
         MethodSecurityInterceptor interceptor = makeSecurityInterceptor();
 
 
         MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 
@@ -87,11 +120,19 @@ public class MethodInvocationPrivilegeEvaluatorTests extends TestCase {
 
         assertFalse(mipe.isAllowed(mi, token));
 
     }
 
 
-    private MethodSecurityInterceptor makeSecurityInterceptor() {
 
-        ApplicationContext context = new ClassPathXmlApplicationContext(
 
-                "org/acegisecurity/intercept/method/aopalliance/applicationContext.xml");
 
+    public void testDeclinesAccessUsingCreateFromClass()
 
+        throws Exception {
 
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test",
 
+                "Password",
 
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_NOT_HELD")});
 
+        MethodInvocation mi = MethodInvocationUtils.createFromClass(ITargetObject.class,
 
+                "makeLowerCase", new Class[] {String.class});
 
+        MethodSecurityInterceptor interceptor = makeSecurityInterceptor();
 
 
-        return (MethodSecurityInterceptor) context.getBean(
 
-            "securityInterceptor");
 
+        MethodInvocationPrivilegeEvaluator mipe = new MethodInvocationPrivilegeEvaluator();
 
+        mipe.setSecurityInterceptor(interceptor);
 
+        mipe.afterPropertiesSet();
 
+
 
+        assertFalse(mipe.isAllowed(mi, token));
 
     }
 
 }