SecurityExpressionRootTests.java

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.access.expression;

import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.assertj.core.api.Assertions.*;

import java.util.Collection;

import org.junit.Before;
import org.junit.Test;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

/**
 *
 * @author Luke Taylor
 * @since 3.0
 */
public class SecurityExpressionRootTests {
	final static Authentication JOE = new TestingAuthenticationToken("joe", "pass",
			"ROLE_A", "ROLE_B");

	SecurityExpressionRoot root;

	@Before
	public void setup() {
		root = new SecurityExpressionRoot(JOE) {
		};
	}

	@Test
	public void denyAllIsFalsePermitAllTrue() throws Exception {
		assertThat(root.denyAll()).isFalse();
		assertThat(root.denyAll).isFalse();
		assertThat(root.permitAll()).isTrue();
		assertThat(root.permitAll).isTrue();
	}

	@Test
	public void rememberMeIsCorrectlyDetected() throws Exception {
		AuthenticationTrustResolver atr = mock(AuthenticationTrustResolver.class);
		root.setTrustResolver(atr);
		when(atr.isRememberMe(JOE)).thenReturn(true);
		assertThat(root.isRememberMe()).isTrue();
		assertThat(root.isFullyAuthenticated()).isFalse();
	}

	@Test
	public void roleHierarchySupportIsCorrectlyUsedInEvaluatingRoles() throws Exception {
		root.setRoleHierarchy(new RoleHierarchy() {
			public Collection<GrantedAuthority> getReachableGrantedAuthorities(
					Collection<? extends GrantedAuthority> authorities) {
				return AuthorityUtils.createAuthorityList("ROLE_C");
			}
		});

		assertThat(root.hasRole("C")).isTrue();
		assertThat(root.hasAuthority("ROLE_C")).isTrue();
		assertThat(root.hasRole("A")).isFalse();
		assertThat(root.hasRole("B")).isFalse();
		assertThat(root.hasAnyRole("C", "A", "B")).isTrue();
		assertThat(root.hasAnyAuthority("ROLE_C", "ROLE_A", "ROLE_B")).isTrue();
		assertThat(root.hasAnyRole("A", "B")).isFalse();
	}

	@Test
	public void hasRoleAddsDefaultPrefix() throws Exception {
		assertThat(root.hasRole("A")).isTrue();
		assertThat(root.hasRole("NO")).isFalse();
	}

	@Test
	public void hasRoleEmptyPrefixDoesNotAddsDefaultPrefix() throws Exception {
		root.setDefaultRolePrefix("");
		assertThat(root.hasRole("A")).isFalse();
		assertThat(root.hasRole("ROLE_A")).isTrue();
	}

	@Test
	public void hasRoleNullPrefixDoesNotAddsDefaultPrefix() throws Exception {
		root.setDefaultRolePrefix(null);
		assertThat(root.hasRole("A")).isFalse();
		assertThat(root.hasRole("ROLE_A")).isTrue();
	}

	@Test
	public void hasRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles() throws Exception {
		SecurityExpressionRoot root = new SecurityExpressionRoot(JOE) {
		};

		assertThat(root.hasRole("ROLE_A")).isTrue();
		assertThat(root.hasRole("ROLE_NO")).isFalse();
	}

	@Test
	public void hasAnyRoleAddsDefaultPrefix() throws Exception {
		assertThat(root.hasAnyRole("NO", "A")).isTrue();
		assertThat(root.hasAnyRole("NO", "NOT")).isFalse();
	}

	@Test
	public void hasAnyRoleDoesNotAddDefaultPrefixForAlreadyPrefixedRoles()
			throws Exception {
		assertThat(root.hasAnyRole("ROLE_NO", "ROLE_A")).isTrue();
		assertThat(root.hasAnyRole("ROLE_NO", "ROLE_NOT")).isFalse();
	}

	@Test
	public void hasAnyRoleEmptyPrefixDoesNotAddsDefaultPrefix() throws Exception {
		root.setDefaultRolePrefix("");
		assertThat(root.hasRole("A")).isFalse();
		assertThat(root.hasRole("ROLE_A")).isTrue();
	}

	@Test
	public void hasAnyRoleNullPrefixDoesNotAddsDefaultPrefix() throws Exception {
		root.setDefaultRolePrefix(null);
		assertThat(root.hasAnyRole("A")).isFalse();
		assertThat(root.hasAnyRole("ROLE_A")).isTrue();
	}

	@Test
	public void hasAuthorityDoesNotAddDefaultPrefix() throws Exception {
		assertThat(root.hasAuthority("A")).isFalse();
		assertThat(root.hasAnyAuthority("NO", "A")).isFalse();
		assertThat(root.hasAnyAuthority("ROLE_A", "NOT")).isTrue();
	}
}