1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.authz.aop;
20
21 import org.apache.shiro.authz.UnauthenticatedException;
22 import org.apache.shiro.authz.annotation.Logical;
23 import org.apache.shiro.authz.annotation.RequiresRoles;
24 import org.apache.shiro.subject.Subject;
25 import org.apache.shiro.test.SecurityManagerTestSupport;
26 import org.junit.Test;
27
28 import java.lang.annotation.Annotation;
29
30 import static org.easymock.EasyMock.*;
31
32
33
34
35 public class RoleAnnotationHandlerTest extends SecurityManagerTestSupport {
36 private Subject subject;
37
38
39
40 @Test(expected = UnauthenticatedException.class)
41 public void testGuestSingleRoleAssertion() throws Throwable {
42 RoleAnnotationHandler handler = new RoleAnnotationHandler();
43
44 Annotation requiresRolesAnnotation = new RequiresRoles() {
45 public String[] value() {
46 return new String[]{"blah"};
47 }
48
49 public Class<? extends Annotation> annotationType() {
50 return RequiresRoles.class;
51 }
52 public Logical logical() {
53 return Logical.AND;
54 }
55 };
56
57 handler.assertAuthorized(requiresRolesAnnotation);
58 }
59
60
61
62 @Test(expected = UnauthenticatedException.class)
63 public void testGuestMultipleRolesAssertion() throws Throwable {
64 RoleAnnotationHandler handler = new RoleAnnotationHandler();
65
66 Annotation requiresRolesAnnotation = new RequiresRoles() {
67 public String[] value() {
68 return new String[]{"blah", "blah2"};
69 }
70
71 public Class<? extends Annotation> annotationType() {
72 return RequiresRoles.class;
73 }
74 public Logical logical() {
75 return Logical.AND;
76 }
77 };
78
79 handler.assertAuthorized(requiresRolesAnnotation);
80 }
81
82 @Test
83 public void testOneOfTheRolesRequired() throws Throwable {
84 subject = createMock(Subject.class);
85 expect(subject.hasRole("blah")).andReturn(true);
86 expect(subject.hasRole("blah2")).andReturn(false);
87 replay(subject);
88 RoleAnnotationHandler handler = new RoleAnnotationHandler() {
89 @Override
90 protected Subject getSubject() {
91 return subject;
92 }
93 };
94
95 Annotation requiresRolesAnnotation = new RequiresRoles() {
96 public String[] value() {
97 return new String[]{"blah", "blah2"};
98 }
99
100 public Class<? extends Annotation> annotationType() {
101 return RequiresRoles.class;
102 }
103 public Logical logical() {
104 return Logical.OR;
105 }
106 };
107 handler.assertAuthorized(requiresRolesAnnotation);
108 }
109 }