SEC-1882: Velocity AuthzImpl now works with Spring 3.0.6+

taglibs/src/main/java/org/springframework/security/taglibs/velocity/AuthzImpl.java

@@ -15,12 +15,30 @@
 
 package org.springframework.security.taglibs.velocity;
 
+import java.io.IOException;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.util.Enumeration;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpSession;
 import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.JspWriter;
+import javax.servlet.jsp.PageContext;
+import javax.servlet.jsp.el.ExpressionEvaluator;
+import javax.servlet.jsp.el.VariableResolver;
 import javax.servlet.jsp.tagext.Tag;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.taglibs.authz.AuthenticationTag;
 import org.springframework.security.taglibs.authz.LegacyAuthorizeTag;
+import org.springframework.util.Assert;
 
 
 /**
@@ -31,6 +49,9 @@ import org.springframework.security.taglibs.authz.LegacyAuthorizeTag;
 public class AuthzImpl implements Authz {
     //~ Static fields/initializers =====================================================================================
 
+    private static final ServletContext SPEL_DISABLED_SERVLET_CONTEXT = (ServletContext) Proxy.newProxyInstance(AuthzImpl.class.getClassLoader(), new Class[] {ServletContext.class}, new DisabledSpringJspExpressionSupportActiveServletContext());
+    private static final PageContext SPEL_DISABLED_PAGE_CONTEXT = new PageContextAdapter(SPEL_DISABLED_SERVLET_CONTEXT);
+
     static final int ALL_GRANTED = 1;
     static final int ANY_GRANTED = 2;
     static final int NONE_GRANTED = 3;
@@ -76,6 +97,7 @@ public class AuthzImpl implements Authz {
      */
     private boolean ifGranted(String roles, int grantType) {
         LegacyAuthorizeTag authorizeTag = new LegacyAuthorizeTag();
+        authorizeTag.setPageContext(getPageContext());
 
         int result = -1;
 
@@ -123,6 +145,10 @@ public class AuthzImpl implements Authz {
         this.appCtx = appCtx;
     }
 
+    private PageContext getPageContext() {
+        return SPEL_DISABLED_PAGE_CONTEXT;
+    }
+
     //~ Inner Classes ==================================================================================================
 
     /**
@@ -141,4 +167,129 @@ public class AuthzImpl implements Authz {
             lastMessage = msg;
         }
     }
+
+    private static final class DisabledSpringJspExpressionSupportActiveServletContext implements InvocationHandler {
+        public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+            if("getInitParameter".equals(method.getName())) {
+                return Boolean.FALSE.toString();
+            }
+            return null;
+        }
+    }
+
+    private static final class PageContextAdapter extends PageContext {
+
+        private final ServletContext servletContext;
+
+        public PageContextAdapter(ServletContext servletContext) {
+            Assert.notNull(servletContext, "servletContext cannot be null");
+            this.servletContext = servletContext;
+        }
+
+        public void setAttribute(String arg0, Object arg1, int arg2) {
+            throw new UnsupportedOperationException();
+        }
+
+        public void setAttribute(String arg0, Object arg1) {
+            throw new UnsupportedOperationException();
+        }
+
+        public void removeAttribute(String arg0, int arg1) {
+            throw new UnsupportedOperationException();
+        }
+
+        public void removeAttribute(String arg0) {
+            throw new UnsupportedOperationException();
+        }
+
+        public VariableResolver getVariableResolver() {
+            throw new UnsupportedOperationException();
+        }
+
+        public JspWriter getOut() {
+            throw new UnsupportedOperationException();
+        }
+
+        public ExpressionEvaluator getExpressionEvaluator() {
+            throw new UnsupportedOperationException();
+        }
+
+        public int getAttributesScope(String arg0) {
+            throw new UnsupportedOperationException();
+        }
+
+        @SuppressWarnings("rawtypes")
+        public Enumeration getAttributeNamesInScope(int arg0) {
+            throw new UnsupportedOperationException();
+        }
+
+        public Object getAttribute(String arg0, int arg1) {
+            throw new UnsupportedOperationException();
+        }
+
+        public Object getAttribute(String arg0) {
+            throw new UnsupportedOperationException();
+        }
+
+        public Object findAttribute(String arg0) {
+            throw new UnsupportedOperationException();
+        }
+
+        public void release() {
+            throw new UnsupportedOperationException();
+        }
+
+        public void initialize(Servlet arg0, ServletRequest arg1, ServletResponse arg2, String arg3, boolean arg4,
+                int arg5, boolean arg6) throws IOException, IllegalStateException, IllegalArgumentException {
+            throw new UnsupportedOperationException();
+        }
+
+        public void include(String arg0, boolean arg1) throws ServletException, IOException {
+            throw new UnsupportedOperationException();
+        }
+
+        public void include(String arg0) throws ServletException, IOException {
+            throw new UnsupportedOperationException();
+        }
+
+        public void handlePageException(Throwable arg0) throws ServletException, IOException {
+            throw new UnsupportedOperationException();
+        }
+
+        public void handlePageException(Exception arg0) throws ServletException, IOException {
+            throw new UnsupportedOperationException();
+        }
+
+        public HttpSession getSession() {
+            throw new UnsupportedOperationException();
+        }
+
+        public ServletContext getServletContext() {
+            return servletContext;
+        }
+
+        public ServletConfig getServletConfig() {
+            throw new UnsupportedOperationException();
+        }
+
+        public ServletResponse getResponse() {
+            throw new UnsupportedOperationException();
+        }
+
+        public ServletRequest getRequest() {
+            throw new UnsupportedOperationException();
+        }
+
+        public Object getPage() {
+            throw new UnsupportedOperationException();
+        }
+
+        public Exception getException() {
+            throw new UnsupportedOperationException();
+        }
+
+        public void forward(String arg0) throws ServletException, IOException {
+            throw new UnsupportedOperationException();
+        }
+    }
 }

taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAttributeTests.java

@@ -31,7 +31,6 @@ import javax.servlet.jsp.JspException;
  * Ignoring these tests so that we can rename the file, but still get tests to pass till SEC-1882 can be
  * addressed.
  */
-@Ignore
 public class AuthzImplAttributeTests extends TestCase {
     //~ Instance fields ================================================================================================
 

taglibs/src/test/java/org/springframework/security/taglibs/velocity/AuthzImplAuthorizeTagTests.java

@@ -51,7 +51,7 @@ public class AuthzImplAuthorizeTagTests extends TestCase {
         SecurityContextHolder.clearContext();
     }
 
-    public void IGNOREtestAlwaysReturnsUnauthorizedIfNoUserFound() {
+    public void testAlwaysReturnsUnauthorizedIfNoUserFound() {
         SecurityContextHolder.getContext().setAuthentication(null);
 
         //prevents request - no principal in Context
@@ -65,39 +65,39 @@ public class AuthzImplAuthorizeTagTests extends TestCase {
         assertFalse(authz.noneGranted(""));
     }
 
-    public void IGNOREtestOutputsBodyIfOneRolePresent() {
+    public void testOutputsBodyIfOneRolePresent() {
         //authorized - ROLE_TELLER in both sets
         assertTrue(authz.anyGranted("ROLE_TELLER"));
     }
 
-    public void IGNOREtestOutputsBodyWhenAllGranted() {
+    public void testOutputsBodyWhenAllGranted() {
         // allows request - all required roles granted on principal
         assertTrue(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER"));
     }
 
-    public void IGNOREtestOutputsBodyWhenNotGrantedSatisfied() {
+    public void testOutputsBodyWhenNotGrantedSatisfied() {
         // allows request - principal doesn't have ROLE_BANKER
         assertTrue(authz.noneGranted("ROLE_BANKER"));
     }
 
-    public void IGNOREtestPreventsBodyOutputIfNoSecureContext() {
+    public void testPreventsBodyOutputIfNoSecureContext() {
         SecurityContextHolder.getContext().setAuthentication(null);
 
         // prevents output - no context defined
         assertFalse(authz.anyGranted("ROLE_BANKER"));
     }
 
-    public void IGNOREtestSkipsBodyIfNoAnyRolePresent() {
+    public void testSkipsBodyIfNoAnyRolePresent() {
         // unauthorized - ROLE_BANKER not in granted authorities
         assertFalse(authz.anyGranted("ROLE_BANKER"));
     }
 
-    public void IGNOREtestSkipsBodyWhenMissingAnAllGranted() {
+    public void testSkipsBodyWhenMissingAnAllGranted() {
         //  prevents request - missing ROLE_BANKER on principal
         assertFalse(authz.allGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER"));
     }
 
-    public void IGNOREtestSkipsBodyWhenNotGrantedUnsatisfied() {
+    public void testSkipsBodyWhenNotGrantedUnsatisfied() {
         //  prevents request - principal has ROLE_TELLER
         assertFalse(authz.noneGranted("ROLE_TELLER"));
     }