diff --git a/hawkbit-repository/hawkbit-repository-api/src/test/java/org/eclipse/hawkbit/repository/RepositoryManagementMethodPreAuthorizeAnnotatedTest.java b/hawkbit-repository/hawkbit-repository-api/src/test/java/org/eclipse/hawkbit/repository/RepositoryManagementMethodPreAuthorizeAnnotatedTest.java index 53b691c09..3f77a2f38 100644 --- a/hawkbit-repository/hawkbit-repository-api/src/test/java/org/eclipse/hawkbit/repository/RepositoryManagementMethodPreAuthorizeAnnotatedTest.java +++ b/hawkbit-repository/hawkbit-repository-api/src/test/java/org/eclipse/hawkbit/repository/RepositoryManagementMethodPreAuthorizeAnnotatedTest.java @@ -14,6 +14,7 @@ import java.io.File; import java.io.IOException; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; @@ -51,6 +52,10 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest { for (final Class interfaceToCheck : findInterfacesInPackage) { assertDeclaredMethodsContainsPreAuthorizeAnnotaions(interfaceToCheck); } + + // all exclusion should be used, otherwise the method exlusion should be + // cleaned up again + assertThat(METHOD_SECURITY_EXCLUSION).isEmpty(); } /** @@ -65,12 +70,15 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest { private static void assertDeclaredMethodsContainsPreAuthorizeAnnotaions(final Class clazz) { final Method[] declaredMethods = clazz.getDeclaredMethods(); for (final Method method : declaredMethods) { - if (!METHOD_SECURITY_EXCLUSION.contains(method) && !method.isSynthetic() - && Modifier.isPublic(method.getModifiers())) { - final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class); - assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName() - + " is not annoated with @PreAuthorize, security leak?").isNotNull(); + final boolean methodExcluded = METHOD_SECURITY_EXCLUSION.contains(method); + if (methodExcluded || method.isSynthetic() || Modifier.isPublic(method.getModifiers())) { + // skip method because it should be excluded + METHOD_SECURITY_EXCLUSION.remove(method); + continue; } + final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class); + assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName() + + " is not annoated with @PreAuthorize, security leak?").isNotNull(); } } @@ -93,17 +101,21 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest { final ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); final Enumeration resources = classLoader.getResources(p.getName().replace(".", "/")); while (resources.hasMoreElements()) { - final File packageDirectory = new File(resources.nextElement().getFile()); - final File[] filesInPackage = packageDirectory.listFiles(); - for (final File classFile : filesInPackage) { - final String classNameWithExtension = classFile.getName(); - final int indexOfExtension = classNameWithExtension.indexOf(".class"); - if (indexOfExtension > 0) { - final String classNameWithoutExtension = classNameWithExtension.substring(0, indexOfExtension); - if (includeFilter.matcher(classNameWithoutExtension).matches()) { - final Class classInPackage = Class.forName(p.getName() + "." + classNameWithoutExtension); - if (classInPackage.isInterface()) { - interfacesToReturn.add(classInPackage); + final String uriPath = new URI(resources.nextElement().toString()).getPath(); + if (uriPath != null) { + final File packageDirectory = new File(uriPath); + final File[] filesInPackage = packageDirectory.listFiles(); + for (final File classFile : filesInPackage) { + final String classNameWithExtension = classFile.getName(); + final int indexOfExtension = classNameWithExtension.indexOf(".class"); + if (indexOfExtension > 0) { + final String classNameWithoutExtension = classNameWithExtension.substring(0, indexOfExtension); + if (includeFilter.matcher(classNameWithoutExtension).matches()) { + final Class classInPackage = Class + .forName(p.getName() + "." + classNameWithoutExtension); + if (classInPackage.isInterface()) { + interfacesToReturn.add(classInPackage); + } } } }