Revision c56db927
Added by Katja Luther over 12 years ago
cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityTest.java | ||
---|---|---|
23 | 23 |
import org.junit.runner.RunWith; |
24 | 24 |
|
25 | 25 |
import org.springframework.beans.factory.annotation.Autowired; |
26 |
import org.springframework.security.access.vote.RoleVoter; |
|
26 | 27 |
import org.springframework.security.authentication.AuthenticationManager; |
27 | 28 |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
28 | 29 |
import org.springframework.security.authentication.dao.ReflectionSaltSource; |
... | ... | |
95 | 96 |
@SpringBeanByName |
96 | 97 |
private AuthenticationManager authenticationManager; |
97 | 98 |
|
99 |
|
|
100 |
|
|
98 | 101 |
private UsernamePasswordAuthenticationToken token; |
99 | 102 |
|
100 | 103 |
|
... | ... | |
178 | 181 |
|
179 | 182 |
|
180 | 183 |
|
181 |
@Test(expected=EvaluationFailedException.class)
|
|
184 |
@Test |
|
182 | 185 |
public void testCascadingInSpringSecurityAccesDenied(){ |
183 | 186 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4")); |
184 | 187 |
SecurityContext context = SecurityContextHolder.getContext(); |
... | ... | |
197 | 200 |
//during cascading the permissions are not evaluated, but with hibernate listener every database transaction can be interrupted, but how to manage it, |
198 | 201 |
//when someone has the rights to save descriptions, but not taxa (the editor always saves everything by saving the taxon) |
199 | 202 |
taxonService.saveOrUpdate(taxon); |
200 |
//descriptionService.saveOrUpdate(description); |
|
201 |
descriptionService.getSession().flush(); |
|
203 |
|
|
204 |
|
|
205 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("descriptionEditor", "test")); |
|
206 |
context = SecurityContextHolder.getContext(); |
|
207 |
context.setAuthentication(authentication); |
|
208 |
|
|
209 |
//taxonService.saveOrUpdate(taxon); |
|
210 |
|
|
211 |
|
|
202 | 212 |
descriptionService.saveOrUpdate(description); |
203 | 213 |
|
204 | 214 |
|
... | ... | |
214 | 224 |
TaxonDescription description = TaxonDescription.NewInstance(taxon); |
215 | 225 |
CdmPermissionEvaluator permissionEvaluator = new CdmPermissionEvaluator(); |
216 | 226 |
assertTrue(permissionEvaluator.hasPermission(authentication, description, "UPDATE")); |
217 |
//fails because of cascading...(with saveOrUpdateListener!) |
|
227 |
|
|
218 | 228 |
descriptionService.saveOrUpdate(description); |
219 |
//taxonService.getSession().flush(); |
|
229 |
|
|
220 | 230 |
taxon = (Taxon)taxonService.load(UUID.fromString("928a0167-98cd-4555-bf72-52116d067625")); |
221 | 231 |
Set<TaxonDescription> descriptions = taxon.getDescriptions(); |
222 | 232 |
assertTrue(descriptions.contains(description)); |
... | ... | |
228 | 238 |
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("partEditor", "test4")); |
229 | 239 |
SecurityContext context = SecurityContextHolder.getContext(); |
230 | 240 |
context.setAuthentication(authentication); |
241 |
|
|
231 | 242 |
Synonym syn = Synonym.NewInstance(BotanicalName.NewInstance(Rank.SPECIES()), null); |
232 | 243 |
taxonService.saveOrUpdate(syn); |
233 | 244 |
|
Also available in: Unified diff