fix unit test
Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>
This commit is contained in:
@@ -14,6 +14,7 @@ import java.io.File;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
import java.lang.reflect.Modifier;
|
import java.lang.reflect.Modifier;
|
||||||
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@@ -51,6 +52,10 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
|
|||||||
for (final Class<?> interfaceToCheck : findInterfacesInPackage) {
|
for (final Class<?> interfaceToCheck : findInterfacesInPackage) {
|
||||||
assertDeclaredMethodsContainsPreAuthorizeAnnotaions(interfaceToCheck);
|
assertDeclaredMethodsContainsPreAuthorizeAnnotaions(interfaceToCheck);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// all exclusion should be used, otherwise the method exlusion should be
|
||||||
|
// cleaned up again
|
||||||
|
assertThat(METHOD_SECURITY_EXCLUSION).isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -65,12 +70,15 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
|
|||||||
private static void assertDeclaredMethodsContainsPreAuthorizeAnnotaions(final Class<?> clazz) {
|
private static void assertDeclaredMethodsContainsPreAuthorizeAnnotaions(final Class<?> clazz) {
|
||||||
final Method[] declaredMethods = clazz.getDeclaredMethods();
|
final Method[] declaredMethods = clazz.getDeclaredMethods();
|
||||||
for (final Method method : declaredMethods) {
|
for (final Method method : declaredMethods) {
|
||||||
if (!METHOD_SECURITY_EXCLUSION.contains(method) && !method.isSynthetic()
|
final boolean methodExcluded = METHOD_SECURITY_EXCLUSION.contains(method);
|
||||||
&& Modifier.isPublic(method.getModifiers())) {
|
if (methodExcluded || method.isSynthetic() || Modifier.isPublic(method.getModifiers())) {
|
||||||
final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class);
|
// skip method because it should be excluded
|
||||||
assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName()
|
METHOD_SECURITY_EXCLUSION.remove(method);
|
||||||
+ " is not annoated with @PreAuthorize, security leak?").isNotNull();
|
continue;
|
||||||
}
|
}
|
||||||
|
final PreAuthorize annotation = method.getAnnotation(PreAuthorize.class);
|
||||||
|
assertThat(annotation).as("The public method " + method.getName() + " in class " + clazz.getName()
|
||||||
|
+ " is not annoated with @PreAuthorize, security leak?").isNotNull();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -93,17 +101,21 @@ public class RepositoryManagementMethodPreAuthorizeAnnotatedTest {
|
|||||||
final ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
|
final ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
|
||||||
final Enumeration<URL> resources = classLoader.getResources(p.getName().replace(".", "/"));
|
final Enumeration<URL> resources = classLoader.getResources(p.getName().replace(".", "/"));
|
||||||
while (resources.hasMoreElements()) {
|
while (resources.hasMoreElements()) {
|
||||||
final File packageDirectory = new File(resources.nextElement().getFile());
|
final String uriPath = new URI(resources.nextElement().toString()).getPath();
|
||||||
final File[] filesInPackage = packageDirectory.listFiles();
|
if (uriPath != null) {
|
||||||
for (final File classFile : filesInPackage) {
|
final File packageDirectory = new File(uriPath);
|
||||||
final String classNameWithExtension = classFile.getName();
|
final File[] filesInPackage = packageDirectory.listFiles();
|
||||||
final int indexOfExtension = classNameWithExtension.indexOf(".class");
|
for (final File classFile : filesInPackage) {
|
||||||
if (indexOfExtension > 0) {
|
final String classNameWithExtension = classFile.getName();
|
||||||
final String classNameWithoutExtension = classNameWithExtension.substring(0, indexOfExtension);
|
final int indexOfExtension = classNameWithExtension.indexOf(".class");
|
||||||
if (includeFilter.matcher(classNameWithoutExtension).matches()) {
|
if (indexOfExtension > 0) {
|
||||||
final Class<?> classInPackage = Class.forName(p.getName() + "." + classNameWithoutExtension);
|
final String classNameWithoutExtension = classNameWithExtension.substring(0, indexOfExtension);
|
||||||
if (classInPackage.isInterface()) {
|
if (includeFilter.matcher(classNameWithoutExtension).matches()) {
|
||||||
interfacesToReturn.add(classInPackage);
|
final Class<?> classInPackage = Class
|
||||||
|
.forName(p.getName() + "." + classNameWithoutExtension);
|
||||||
|
if (classInPackage.isInterface()) {
|
||||||
|
interfacesToReturn.add(classInPackage);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user