Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #6944 from eleftherias/gh-4939-channel-security-groovy-to-java

Migrate ChannelSecurityConfigurerTests groovy->java
Eleftheria Stein-Kousathana 6 years ago
parent
c43e632a6d 4f042a4ff1
commit
c4dd800653
2 changed files with 138 additions and 78 deletions
Split View Show Diff Stats
  1. 0 78
      config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.groovy
  2. 138 0
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java

+ 0 - 78
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.groovy
View File 

@@ -1,78 +0,0 @@
 
-/*
 
- * Copyright 2002-2013 the original author or authors.
 
- *
 
- * Licensed under the Apache License, Version 2.0 (the "License");
 
- * you may not use this file except in compliance with the License.
 
- * You may obtain a copy of the License at
 
- *
 
- *      https://www.apache.org/licenses/LICENSE-2.0
 
- *
 
- * Unless required by applicable law or agreed to in writing, software
 
- * distributed under the License is distributed on an "AS IS" BASIS,
 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
- * See the License for the specific language governing permissions and
 
- * limitations under the License.
 
- */
 
-package org.springframework.security.config.annotation.web.configurers
 
-
 
-import org.springframework.context.annotation.Configuration
 
-import org.springframework.security.config.annotation.AnyObjectPostProcessor
 
-import org.springframework.security.config.annotation.BaseSpringSpec
 
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 
-import org.springframework.security.config.annotation.web.builders.HttpSecurity
 
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 
-import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
-import org.springframework.security.web.access.channel.ChannelProcessingFilter
 
-import org.springframework.security.web.access.channel.InsecureChannelProcessor
 
-import org.springframework.security.web.access.channel.SecureChannelProcessor
 
-
 
-/**
 
- *
 
- * @author Rob Winch
 
- */
 
-class ChannelSecurityConfigurerTests extends BaseSpringSpec {
 
-
 
-	def "requiresChannel ObjectPostProcessor"() {
 
-		setup: "initialize the AUTH_FILTER as a mock"
 
-			AnyObjectPostProcessor objectPostProcessor = Mock()
 
-		when:
 
-			HttpSecurity http = new HttpSecurity(objectPostProcessor, authenticationBldr, [:])
 
-			http
 
-				.requiresChannel()
 
-					.anyRequest().requiresSecure()
 
-					.and()
 
-				.build()
 
-
 
-		then: "InsecureChannelProcessor is registered with LifecycleManager"
 
-			1 * objectPostProcessor.postProcess(_ as InsecureChannelProcessor) >> {InsecureChannelProcessor o -> o}
 
-		and: "SecureChannelProcessor is registered with LifecycleManager"
 
-			1 * objectPostProcessor.postProcess(_ as SecureChannelProcessor) >> {SecureChannelProcessor o -> o}
 
-		and: "ChannelDecisionManagerImpl is registered with LifecycleManager"
 
-			1 * objectPostProcessor.postProcess(_ as ChannelDecisionManagerImpl) >> {ChannelDecisionManagerImpl o -> o}
 
-		and: "ChannelProcessingFilter is registered with LifecycleManager"
 
-			1 * objectPostProcessor.postProcess(_ as ChannelProcessingFilter) >> {ChannelProcessingFilter o -> o}
 
-	}
 
-
 
-	def "invoke requiresChannel twice does not override"() {
 
-		setup:
 
-			loadConfig(DuplicateInvocationsDoesNotOverrideConfig)
 
-		when:
 
-			springSecurityFilterChain.doFilter(request,response,chain)
 
-		then:
 
-			response.redirectedUrl == "https://localhost"
 
-	}
 
-
 
-	@EnableWebSecurity
 
-	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
-
 
-		@Override
 
-		protected void configure(HttpSecurity http) throws Exception {
 
-			http
 
-				.requiresChannel()
 
-					.anyRequest().requiresSecure()
 
-					.and()
 
-				.requiresChannel()
 
-		}
 
-	}
 
-}

+ 138 - 0
config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java
View File 

@@ -0,0 +1,138 @@
 
+/*
 
+ * Copyright 2002-2019 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      https://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+
 
+package org.springframework.security.config.annotation.web.configurers;
 
+
 
+import org.junit.Rule;
 
+import org.junit.Test;
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.context.annotation.Bean;
 
+import org.springframework.security.config.annotation.ObjectPostProcessor;
 
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import org.springframework.security.config.test.SpringTestRule;
 
+import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
 
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 
+import org.springframework.security.web.access.channel.InsecureChannelProcessor;
 
+import org.springframework.security.web.access.channel.SecureChannelProcessor;
 
+import org.springframework.test.web.servlet.MockMvc;
 
+
 
+import static org.mockito.ArgumentMatchers.any;
 
+import static org.mockito.Mockito.spy;
 
+import static org.mockito.Mockito.verify;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
+
 
+/**
 
+ * Tests for {@link ChannelSecurityConfigurer}
 
+ *
 
+ * @author Rob Winch
 
+ * @author Eleftheria Stein
 
+ */
 
+public class ChannelSecurityConfigurerTests {
 
+
 
+	@Rule
 
+	public final SpringTestRule spring = new SpringTestRule();
 
+
 
+	@Autowired
 
+	MockMvc mvc;
 
+
 
+	@Test
 
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnInsecureChannelProcessor() {
 
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
+
 
+		verify(ObjectPostProcessorConfig.objectPostProcessor)
 
+				.postProcess(any(InsecureChannelProcessor.class));
 
+	}
 
+
 
+	@Test
 
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnSecureChannelProcessor() {
 
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
+
 
+		verify(ObjectPostProcessorConfig.objectPostProcessor)
 
+				.postProcess(any(SecureChannelProcessor.class));
 
+	}
 
+
 
+	@Test
 
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelDecisionManagerImpl() {
 
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
+
 
+		verify(ObjectPostProcessorConfig.objectPostProcessor)
 
+				.postProcess(any(ChannelDecisionManagerImpl.class));
 
+	}
 
+
 
+	@Test
 
+	public void configureWhenRegisteringObjectPostProcessorThenInvokedOnChannelProcessingFilter() {
 
+		ObjectPostProcessorConfig.objectPostProcessor = spy(ReflectingObjectPostProcessor.class);
 
+		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 
+
 
+		verify(ObjectPostProcessorConfig.objectPostProcessor)
 
+				.postProcess(any(ChannelProcessingFilter.class));
 
+	}
 
+
 
+	@EnableWebSecurity
 
+	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
+		static ObjectPostProcessor<Object> objectPostProcessor;
 
+
 
+		@Override
 
+		protected void configure(HttpSecurity http) throws Exception {
 
+			// @formatter:off
 
+			http
 
+				.requiresChannel()
 
+					.anyRequest().requiresSecure();
 
+			// @formatter:on
 
+		}
 
+
 
+		@Bean
 
+		static ObjectPostProcessor<Object> objectPostProcessor() {
 
+			return objectPostProcessor;
 
+		}
 
+	}
 
+
 
+	static class ReflectingObjectPostProcessor implements ObjectPostProcessor<Object> {
 
+		@Override
 
+		public <O> O postProcess(O object) {
 
+			return object;
 
+		}
 
+	}
 
+
 
+	@Test
 
+	public void requiresChannelWhenInvokesTwiceThenUsesOriginalRequiresSecure() throws Exception {
 
+		this.spring.register(DuplicateInvocationsDoesNotOverrideConfig.class).autowire();
 
+
 
+		mvc.perform(get("/"))
 
+				.andExpect(redirectedUrl("https://localhost/"));
 
+	}
 
+
 
+	@EnableWebSecurity
 
+	static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
+
 
+		@Override
 
+		protected void configure(HttpSecurity http) throws Exception {
 
+			// @formatter:off
 
+			http
 
+				.requiresChannel()
 
+					.anyRequest().requiresSecure()
 
+					.and()
 
+				.requiresChannel();
 
+			// @formatter:on
 
+		}
 
+	}
 
+}