package org.springframework.security.config;

import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.annotation.BusinessService;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.util.InMemoryXmlApplicationContext;

/* loaded from: input_file:spring-security-core-tiger-2.0.8.RELEASE-tests.jar:org/springframework/security/config/GlobalMethodSecurityBeanDefinitionParserTests.class */
public class GlobalMethodSecurityBeanDefinitionParserTests {
    private AbstractXmlApplicationContext appContext;
    private BusinessService target;

    public void loadContext() {
        setContext("<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/><global-method-security>    <protect-pointcut expression='execution(* *.someUser*(..))' access='ROLE_USER'/>    <protect-pointcut expression='execution(* *.someAdmin*(..))' access='ROLE_ADMIN'/></global-method-security>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        this.target = (BusinessService) this.appContext.getBean("target");
    }

    @After
    public void closeAppContext() {
        if (this.appContext != null) {
            this.appContext.close();
            this.appContext = null;
        }
        SecurityContextHolder.clearContext();
        this.target = null;
    }

    @Test(expected = AuthenticationCredentialsNotFoundException.class)
    public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
        loadContext();
        this.target.someUserMethod1();
    }

    @Test
    public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
        loadContext();
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
        this.target.someUserMethod1();
    }

    @Test(expected = AccessDeniedException.class)
    public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
        loadContext();
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")}));
        this.target.someAdminMethod();
    }

    @Test
    public void doesntInterfereWithBeanPostProcessing() {
        setContext("<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/><global-method-security /><authentication-provider user-service-ref='myUserService'/><b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>");
        Assert.assertEquals("Hello from the post processor!", ((PostProcessedMockUserDetailsService) this.appContext.getBean("myUserService")).getPostProcessorWasHere());
    }

    @Test(expected = AccessDeniedException.class)
    public void worksWithAspectJAutoproxy() {
        setContext("<global-method-security>  <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'       access='ROLE_SOMETHING' /></global-method-security><b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/><aop:aspectj-autoproxy /><authentication-provider user-service-ref='myUserService'/>");
        UserDetailsService userDetailsService = (UserDetailsService) this.appContext.getBean("myUserService");
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")}));
        userDetailsService.loadUserByUsername("notused");
    }

    @Test
    public void supportsMethodArgumentsInPointcut() {
        setContext("<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/><global-method-security>   <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>   <protect-pointcut expression='execution(* org.springframework.security.annotation.BusinessService.*(..))' access='ROLE_USER'/></global-method-security>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
        this.target = (BusinessService) this.appContext.getBean("target");
        this.target.someOther(0);
        try {
            this.target.someOther("somestring");
            Assert.fail("Expected AccessDeniedException");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void supportsBooleanPointcutExpressions() {
        setContext("<b:bean id='target' class='org.springframework.security.annotation.BusinessServiceImpl'/><global-method-security>   <protect-pointcut expression=     'execution(* org.springframework.security.annotation.BusinessService.*(..))        and not execution(* org.springframework.security.annotation.BusinessService.someOther(String)))'                access='ROLE_USER'/></global-method-security>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        this.target = (BusinessService) this.appContext.getBean("target");
        this.target.someOther("somestring");
        try {
            this.target.someOther(0);
            Assert.fail("Expected AuthenticationCredentialsNotFoundException");
        } catch (AuthenticationCredentialsNotFoundException e) {
        }
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
        this.target.someOther(0);
    }

    @Test(expected = BeanDefinitionParsingException.class)
    public void duplicateElementCausesError() {
        setContext("<global-method-security /><global-method-security />");
    }

    @Test(expected = AccessDeniedException.class)
    public void worksWithoutTargetOrClass() {
        setContext("<global-method-security secured-annotations='enabled'/><b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>    <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>    <b:property name='serviceInterface' value='org.springframework.security.annotation.BusinessService'/></b:bean>    <authentication-provider>        <user-service id='us'>            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />            <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />            <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />            <user name='user' password='password' authorities='ROLE_USER' />        </user-service>    </authentication-provider>");
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_SOMEOTHERROLE")}));
        this.target = (BusinessService) this.appContext.getBean("businessService");
        this.target.someUserMethod1();
    }

    private void setContext(String str) {
        this.appContext = new InMemoryXmlApplicationContext(str);
    }
}
