View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.spring.security.interceptor;
20  
21  import org.apache.shiro.authz.UnauthenticatedException;
22  import org.apache.shiro.realm.Realm;
23  import org.apache.shiro.subject.PrincipalCollection;
24  import org.apache.shiro.subject.SimplePrincipalCollection;
25  import org.apache.shiro.subject.Subject;
26  import org.apache.shiro.subject.support.SubjectThreadState;
27  import org.apache.shiro.util.ThreadState;
28  import org.junit.After;
29  import org.junit.Test;
30  import org.junit.runner.RunWith;
31  import org.springframework.beans.factory.annotation.Autowired;
32  import org.springframework.test.context.ContextConfiguration;
33  import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
34  
35  /**
36   * Common method tests across implementations.  In actuality, the methods don't change across
37   * subclasses - only the mechanism that enables AOP pointcuts and applies advice.  Those differences
38   * are in spring configuration only.
39   *
40   * @since 1.1
41   */
42  @RunWith(SpringJUnit4ClassRunner.class)
43  @ContextConfiguration
44  public abstract class AbstractAuthorizationAnnotationTest {
45  
46      @Autowired
47      protected TestService testService;
48      @Autowired
49      private org.apache.shiro.mgt.SecurityManager securityManager;
50      @Autowired
51      private Realm realm;
52  
53      private ThreadState threadState;
54  
55      protected void bind(Subject subject) {
56          clearSubject();
57          this.threadState = new SubjectThreadState(subject);
58          this.threadState.bind();
59      }
60  
61      @After
62      public void clearSubject() {
63          if (threadState != null) {
64              threadState.clear();
65          }
66      }
67  
68      protected void bindGuest() {
69          bind(new Subject.Builder(securityManager).buildSubject());
70      }
71  
72      protected void bindUser() {
73          PrincipalCollection principals = new SimplePrincipalCollection("test", realm.getName());
74          bind(new Subject.Builder(securityManager).principals(principals).buildSubject());
75      }
76  
77      protected void bindAuthenticatedUser() {
78          PrincipalCollection principals = new SimplePrincipalCollection("test", realm.getName());
79          bind(new Subject.Builder(securityManager).
80                  principals(principals).authenticated(true).buildSubject());
81      }
82  
83      // GUEST OPERATIONS:
84  
85      @Test
86      public void testGuestImplementation() {
87          bindGuest();
88          testService.guestImplementation();
89      }
90  
91      @Test(expected = UnauthenticatedException.class)
92      public void testGuestImplementationFailure() {
93          bindUser();
94          testService.guestImplementation();
95      }
96  
97      @Test
98      public void testGuestInterface() {
99          bindGuest();
100         testService.guestInterface();
101     }
102     //testGuestInterfaceFailure() cannot be in this class - the SchemaAuthorizationAnnotationTest
103     //subclass does not support annotations on interfaces (Spring AspectJ pointcut expressions
104     //do not support annotations on interface methods).  It is instead in the
105     //DapcAuthorizationAnnotationTest subclass
106 
107 
108     // USER OPERATIONS
109 
110     @Test
111     public void testUserImplementation() {
112         bindUser();
113         testService.userImplementation();
114     }
115 
116     @Test(expected = UnauthenticatedException.class)
117     public void testUserImplementationFailure() {
118         bindGuest();
119         testService.userImplementation();
120     }
121 
122     @Test
123     public void testUserInterface() {
124         bindUser();
125         testService.userInterface();
126     }
127     //testUserInterfaceFailure() cannot be in this class - the SchemaAuthorizationAnnotationTest
128     //subclass does not support annotations on interfaces (Spring AspectJ pointcut expressions
129     //do not support annotations on interface methods).  It is instead in the
130     //DapcAuthorizationAnnotationTest subclass
131 
132 
133     // AUTHENTICATED USER OPERATIONS
134 
135     @Test
136     public void testAuthenticatedImplementation() {
137         bindAuthenticatedUser();
138         testService.authenticatedImplementation();
139     }
140 
141     @Test(expected = UnauthenticatedException.class)
142     public void testAuthenticatedImplementationFailure() {
143         bindUser();
144         testService.authenticatedImplementation();
145     }
146 
147     @Test
148     public void testAuthenticatedInterface() {
149         bindAuthenticatedUser();
150         testService.authenticatedInterface();
151     }
152     //testAuthenticatedInterfaceFailure() cannot be in this class - the SchemaAuthorizationAnnotationTest
153     //subclass does not support annotations on interfaces (Spring AspectJ pointcut expressions
154     //do not support annotations on interface methods).  It is instead in the
155     //DapcAuthorizationAnnotationTest subclass
156 }