package org.springframework.security.intercept.web;

import java.io.IOException;
import java.util.Collection;
import java.util.LinkedHashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.MockAccessDecisionManager;
import org.springframework.security.MockApplicationEventPublisher;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.config.PortMappingsBeanDefinitionParser;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/web/FilterSecurityInterceptorTests.class */
public class FilterSecurityInterceptorTests extends TestCase {

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/web/FilterSecurityInterceptorTests$MockFilterChain.class */
    private class MockFilterChain implements FilterChain {
        private boolean expectToProceed;

        public MockFilterChain(boolean z) {
            this.expectToProceed = z;
        }

        private MockFilterChain() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            if (this.expectToProceed) {
                Assert.assertTrue(true);
            } else {
                Assert.fail("Did not expect filter chain to proceed");
            }
        }
    }

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/web/FilterSecurityInterceptorTests$MockFilterInvocationDefinitionMap.class */
    private class MockFilterInvocationDefinitionMap implements FilterInvocationDefinitionSource {
        private ConfigAttributeDefinition toReturn;
        private String servletPath;

        public MockFilterInvocationDefinitionMap(String str, ConfigAttributeDefinition configAttributeDefinition) {
            this.servletPath = str;
            this.toReturn = configAttributeDefinition;
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public ConfigAttributeDefinition getAttributes(Object obj) throws IllegalArgumentException {
            if (this.servletPath.equals(((FilterInvocation) obj).getHttpRequest().getServletPath())) {
                return this.toReturn;
            }
            return null;
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public Collection getConfigAttributeDefinitions() {
            return null;
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public boolean supports(Class cls) {
            return true;
        }
    }

    public FilterSecurityInterceptorTests() {
    }

    public FilterSecurityInterceptorTests(String str) {
        super(str);
    }

    public final void setUp() throws Exception {
        super.setUp();
        SecurityContextHolder.clearContext();
    }

    protected void tearDown() throws Exception {
        super.tearDown();
        SecurityContextHolder.clearContext();
    }

    public void testEnsuresAccessDecisionManagerSupportsFilterInvocationClass() throws Exception {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        filterSecurityInterceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
        filterSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        filterSecurityInterceptor.setAccessDecisionManager(new AccessDecisionManager() { // from class: org.springframework.security.intercept.web.FilterSecurityInterceptorTests.1
            @Override // org.springframework.security.AccessDecisionManager
            public boolean supports(Class cls) {
                return false;
            }

            @Override // org.springframework.security.AccessDecisionManager
            public boolean supports(ConfigAttribute configAttribute) {
                return true;
            }

            @Override // org.springframework.security.AccessDecisionManager
            public void decide(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) throws AccessDeniedException {
                throw new UnsupportedOperationException("mock method not implemented");
            }
        });
        try {
            filterSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("AccessDecisionManager does not support secure object class: class org.springframework.security.intercept.web.FilterInvocation", e.getMessage());
        }
    }

    public void testEnsuresRunAsManagerSupportsFilterInvocationClass() throws Exception {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        filterSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        filterSecurityInterceptor.setObjectDefinitionSource(new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher()));
        filterSecurityInterceptor.setRunAsManager(new RunAsManager() { // from class: org.springframework.security.intercept.web.FilterSecurityInterceptorTests.2
            @Override // org.springframework.security.RunAsManager
            public boolean supports(Class cls) {
                return false;
            }

            @Override // org.springframework.security.RunAsManager
            public boolean supports(ConfigAttribute configAttribute) {
                return true;
            }

            @Override // org.springframework.security.RunAsManager
            public Authentication buildRunAs(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
                throw new UnsupportedOperationException("mock method not implemented");
            }
        });
        try {
            filterSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("RunAsManager does not support secure object class: class org.springframework.security.intercept.web.FilterInvocation", e.getMessage());
        }
    }

    public void testHttpsInvocationReflectsPortNumber() throws Throwable {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        filterSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        filterSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        filterSecurityInterceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
        filterSecurityInterceptor.setObjectDefinitionSource(new MockFilterInvocationDefinitionMap("/secure/page.html", new ConfigAttributeDefinition("MOCK_OK")));
        MockFilterChain mockFilterChain = new MockFilterChain(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setServletPath("/secure/page.html");
        mockHttpServletRequest.setScheme(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT);
        mockHttpServletRequest.setServerPort(443);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("MOCK_OK")}));
        filterSecurityInterceptor.invoke(new FilterInvocation(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain));
    }

    public void testNormalStartupAndGetter() throws Exception {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        filterSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        DefaultFilterInvocationDefinitionSource defaultFilterInvocationDefinitionSource = new DefaultFilterInvocationDefinitionSource(new RegexUrlPathMatcher());
        filterSecurityInterceptor.setObjectDefinitionSource(defaultFilterInvocationDefinitionSource);
        filterSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        filterSecurityInterceptor.afterPropertiesSet();
        assertTrue(true);
        assertEquals(defaultFilterInvocationDefinitionSource, filterSecurityInterceptor.getObjectDefinitionSource());
    }

    public void testSuccessfulInvocation() throws Throwable {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        filterSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        filterSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        filterSecurityInterceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
        filterSecurityInterceptor.setObjectDefinitionSource(new MockFilterInvocationDefinitionMap("/secure/page.html", new ConfigAttributeDefinition("MOCK_OK")));
        MockFilterChain mockFilterChain = new MockFilterChain(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setServletPath("/secure/page.html");
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("MOCK_OK")}));
        filterSecurityInterceptor.invoke(new FilterInvocation(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain));
    }

    public void testNotLoadedFromApplicationContext() throws Exception {
        new LinkedHashMap().put(new RequestKey("/secure/**", null), new ConfigAttributeDefinition(new String[]{"ROLE_USER"}));
        DefaultFilterInvocationDefinitionSource defaultFilterInvocationDefinitionSource = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setObjectDefinitionSource(defaultFilterInvocationDefinitionSource);
        MockFilterChain mockFilterChain = new MockFilterChain();
        mockFilterChain.expectToProceed = true;
        filterSecurityInterceptor.invoke(new FilterInvocation(new MockHttpServletRequest(), new MockHttpServletResponse(), mockFilterChain));
    }
}
