Permalink
Browse files

GPSPRINGSECURITYCORE-106 added support for annotated controller metho…

…ds in 2.0
  • Loading branch information...
1 parent 5c04040 commit ae6e16fb573474d5618c2fd899372b56d6b0ade3 @burtbeckwith burtbeckwith committed Aug 16, 2011
@@ -17,6 +17,7 @@
import grails.plugins.springsecurity.Secured;
import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
@@ -261,6 +262,12 @@ private void findControllerAnnotations(final GrailsControllerClass controllerCla
actionRoles.put(field.getName(), asSet(annotation.value()));
}
}
+ for (Method method : clazz.getDeclaredMethods()) {
+ Secured annotation = method.getAnnotation(Secured.class);
+ if (annotation != null) {
+ actionRoles.put(method.getName(), asSet(annotation.value()));
+ }
+ }
return actionRoles;
}
@@ -1,4 +1,5 @@
import com.testapp.TestUser
+import grails.util.Metadata
class HackController {
@@ -13,10 +14,7 @@ class HackController {
session.nowdate = new Date() // to test it's working
def sb = new StringBuilder()
- session.attributeNames.each { String name ->
- sb.append name
- sb.append '<br/>\n'
- }
+ session.attributeNames.each { sb.append(it).append '<br/>\n' }
render sb.toString()
}
@@ -33,4 +31,8 @@ class HackController {
def clearAllData = {
render 'ok'
}
+
+ def grailsVersion = {
+ render Metadata.current.getGrailsVersion()
+ }
}
@@ -21,4 +21,24 @@ class SecureAnnotatedController {
def expression = {
render 'OK'
}
+
+ @Secured(['ROLE_ADMIN'])
+ def indexMethod() {
+ render 'you have ROLE_ADMIN - method'
+ }
+
+ @Secured(['ROLE_ADMIN', 'ROLE_ADMIN2'])
+ def adminEitherMethod() {
+ render 'you have ROLE_ADMIN or ROLE_ADMIN2 - method'
+ }
+
+ @Secured(['ROLE_USER'])
+ def userActionMethod() {
+ render 'you have ROLE_USER - method'
+ }
+
+ @Secured(["authentication.name == 'admin1'"])
+ def expressionMethod() {
+ render 'OK - method'
+ }
}
@@ -1,5 +1,13 @@
class AnnotationSecurityTest extends AbstractSecurityWebTest {
+ private boolean isGrails2
+
+ @Override
+ protected void setUp() {
+ super.setUp()
+ isGrails2 = !getContent('/hack/grailsVersion').startsWith('1')
+ }
+
void testAnnotationSecurity() {
createRoles()
@@ -107,10 +115,24 @@ class AnnotationSecurityTest extends AbstractSecurityWebTest {
get '/secureClassAnnotated/admin2'
assertContentContains 'Please Login'
+
+ if (!isGrails2) {
+ return
+ }
+
+ get '/secureAnnotated/indexMethod'
+ assertContentContains 'Please Login'
+
+ get '/secureAnnotated/adminEitherMethod'
+ assertContentContains 'Please Login'
}
private void loginAndCheckAllAllowed() {
- // login as admin1
+ loginAndCheckAllAllowedAdmin1()
+ loginAndCheckAllAllowedAdmin2()
+ }
+
+ private void loginAndCheckAllAllowedAdmin1() {
get '/login/auth'
assertContentContains 'Please Login'
@@ -146,7 +168,21 @@ class AnnotationSecurityTest extends AbstractSecurityWebTest {
get '/secureAnnotated/expression'
assertContentContains 'OK'
- // login as admin2
+ if (!isGrails2) {
+ return
+ }
+
+ get '/secureAnnotated/indexMethod'
+ assertContentContains 'you have ROLE_ADMIN'
+
+ get '/secureAnnotated/adminEitherMethod'
+ assertContentContains 'you have ROLE_ADMIN'
+
+ get '/secureAnnotated/expressionMethod'
+ assertContentContains 'OK'
+ }
+
+ private void loginAndCheckAllAllowedAdmin2() {
get '/logout'
assertContentContains 'Welcome to Grails'
@@ -184,5 +220,18 @@ class AnnotationSecurityTest extends AbstractSecurityWebTest {
get '/secureAnnotated/expression'
assertContentContains "Sorry, you're not authorized to view this page."
+
+ if (!isGrails2) {
+ return
+ }
+
+ get '/secureAnnotated/indexMethod'
+ assertContentContains 'you have ROLE_ADMIN'
+
+ get '/secureAnnotated/adminEitherMethod'
+ assertContentContains 'you have ROLE_ADMIN'
+
+ get '/secureAnnotated/expressionMethod'
+ assertContentContains "Sorry, you're not authorized to view this page."
}
}

0 comments on commit ae6e16f

Please sign in to comment.