Revision c56db927
Added by Katja Luther over 12 years ago
| cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityTest.java | ||
|---|---|---|
| 23 | 23 |
import org.junit.runner.RunWith; |
| 24 | 24 |
|
| 25 | 25 |
import org.springframework.beans.factory.annotation.Autowired; |
| 26 |
import org.springframework.security.access.vote.RoleVoter; |
|
| 26 | 27 |
import org.springframework.security.authentication.AuthenticationManager; |
| 27 | 28 |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
| 28 | 29 |
import org.springframework.security.authentication.dao.ReflectionSaltSource; |
| ... | ... | |
| 95 | 96 |
@SpringBeanByName |
| 96 | 97 |
private AuthenticationManager authenticationManager; |
| 97 | 98 |
|
| 99 |
|
|
| 100 |
|
|
| 98 | 101 |
private UsernamePasswordAuthenticationToken token; |
| 99 | 102 |
|
| 100 | 103 |
|
| ... | ... | |
| 178 | 181 |
|
| 179 | 182 |
|
| 180 | 183 |
|
| 181 |
@Test(expected=EvaluationFailedException.class)
|
|
| 184 |
@Test |
|
| 182 | 185 |
public void testCascadingInSpringSecurityAccesDenied(){
|
| 183 | 186 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));
|
| 184 | 187 |
SecurityContext context = SecurityContextHolder.getContext(); |
| ... | ... | |
| 197 | 200 |
//during cascading the permissions are not evaluated, but with hibernate listener every database transaction can be interrupted, but how to manage it, |
| 198 | 201 |
//when someone has the rights to save descriptions, but not taxa (the editor always saves everything by saving the taxon) |
| 199 | 202 |
taxonService.saveOrUpdate(taxon); |
| 200 |
//descriptionService.saveOrUpdate(description); |
|
| 201 |
descriptionService.getSession().flush(); |
|
| 203 |
|
|
| 204 |
|
|
| 205 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test"));
|
|
| 206 |
context = SecurityContextHolder.getContext(); |
|
| 207 |
context.setAuthentication(authentication); |
|
| 208 |
|
|
| 209 |
//taxonService.saveOrUpdate(taxon); |
|
| 210 |
|
|
| 211 |
|
|
| 202 | 212 |
descriptionService.saveOrUpdate(description); |
| 203 | 213 |
|
| 204 | 214 |
|
| ... | ... | |
| 214 | 224 |
TaxonDescription description = TaxonDescription.NewInstance(taxon); |
| 215 | 225 |
CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator(); |
| 216 | 226 |
assertTrue(permissionEvaluator.hasPermission(authentication, description, "UPDATE")); |
| 217 |
//fails because of cascading...(with saveOrUpdateListener!) |
|
| 227 |
|
|
| 218 | 228 |
descriptionService.saveOrUpdate(description); |
| 219 |
//taxonService.getSession().flush(); |
|
| 229 |
|
|
| 220 | 230 |
taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625"));
|
| 221 | 231 |
Set<TaxonDescription> descriptions = taxon.getDescriptions(); |
| 222 | 232 |
assertTrue(descriptions.contains(description)); |
| ... | ... | |
| 228 | 238 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4"));
|
| 229 | 239 |
SecurityContext context = SecurityContextHolder.getContext(); |
| 230 | 240 |
context.setAuthentication(authentication); |
| 241 |
|
|
| 231 | 242 |
Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null); |
| 232 | 243 |
taxonService.saveOrUpdate(syn); |
| 233 | 244 |
|
Also available in: Unified diff