package org.springframework.security.taglibs.authz;

import javax.servlet.jsp.JspException;
import junit.framework.TestCase;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;

/* loaded from: input_file:spring-security-taglibs-2.0.8.RELEASE-tests.jar:org/springframework/security/taglibs/authz/AuthorizeTagTests.class */
public class AuthorizeTagTests extends TestCase {
    private final AuthorizeTag authorizeTag = new AuthorizeTag();
    private TestingAuthenticationToken currentUser;

    protected void setUp() throws Exception {
        super.setUp();
        this.currentUser = new TestingAuthenticationToken("abc", "123", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE SUPERVISOR"), new GrantedAuthorityImpl("ROLE_TELLER")});
        SecurityContextHolder.getContext().setAuthentication(this.currentUser);
    }

    protected void tearDown() throws Exception {
        SecurityContextHolder.clearContext();
    }

    public void testAlwaysReturnsUnauthorizedIfNoUserFound() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(null);
        this.authorizeTag.setIfAllGranted("ROLE_TELLER");
        assertEquals("prevents request - no principal in Context", 0, this.authorizeTag.doStartTag());
    }

    public void testDefaultsToNotOutputtingBodyWhenNoRequiredAuthorities() throws JspException {
        assertEquals("", this.authorizeTag.getIfAllGranted());
        assertEquals("", this.authorizeTag.getIfAnyGranted());
        assertEquals("", this.authorizeTag.getIfNotGranted());
        assertEquals("prevents body output - no authorities granted", 0, this.authorizeTag.doStartTag());
    }

    public void testOutputsBodyIfOneRolePresent() throws JspException {
        this.authorizeTag.setIfAnyGranted("ROLE_TELLER");
        assertEquals("authorized - ROLE_TELLER in both sets", 1, this.authorizeTag.doStartTag());
    }

    public void testOutputsBodyWhenAllGranted() throws JspException {
        this.authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER");
        assertEquals("allows request - all required roles granted on principal", 1, this.authorizeTag.doStartTag());
    }

    public void testOutputsBodyWhenNotGrantedSatisfied() throws JspException {
        this.authorizeTag.setIfNotGranted("ROLE_BANKER");
        assertEquals("allows request - principal doesn't have ROLE_BANKER", 1, this.authorizeTag.doStartTag());
    }

    public void testPreventsBodyOutputIfNoSecurityContext() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(null);
        this.authorizeTag.setIfAnyGranted("ROLE_BANKER");
        assertEquals("prevents output - no context defined", 0, this.authorizeTag.doStartTag());
    }

    public void testSkipsBodyIfNoAnyRolePresent() throws JspException {
        this.authorizeTag.setIfAnyGranted("ROLE_BANKER");
        assertEquals("unauthorized - ROLE_BANKER not in granted authorities", 0, this.authorizeTag.doStartTag());
    }

    public void testSkipsBodyWhenMissingAnAllGranted() throws JspException {
        this.authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER,ROLE_BANKER");
        assertEquals("prevents request - missing ROLE_BANKER on principal", 0, this.authorizeTag.doStartTag());
    }

    public void testSkipsBodyWhenNotGrantedUnsatisfied() throws JspException {
        this.authorizeTag.setIfNotGranted("ROLE_TELLER");
        assertEquals("prevents request - principal has ROLE_TELLER", 0, this.authorizeTag.doStartTag());
    }
}
