4

这就是我的弹簧安全方法:

@Override
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission)
    {
        logger.trace(String.format("hasPermission() - \nAuthentication - %s\nObject - %s\nPermission Reqd - %s",
                authentication.toString(), targetDomainObject.toString(), permission.toString()));

        UserDetails principal = (UserDetails) authentication.getPrincipal();

        for (GrantedAuthority authority : principal.getAuthorities()) {
            if(authority.getAuthority().equalsIgnoreCase((String)permission)) {
                logger.debug("Allowing user to perform operation");
                logger.debug("Setting userId {} in the RO", principal.getUsername());
                if(targetDomainObject.getClass().isArray()) {
                    AbstractRO[] domainObjectArray = (AbstractRO[]) targetDomainObject;
                    for (AbstractRO abstractRO : domainObjectArray) {
                        abstractRO.setUserId(principal.getUsername());
                    }
                }
                return true;
            }
        }
        logger.debug("Dis-allowing user to perform operation. User does not have '{}' granted authority.", permission);
        return false;
    }

我称这个函数如下:

@PreAuthorize("isAuthenticated() and hasPermission(#request, 'CREATE_REQUISITION')")
    @RequestMapping(method = RequestMethod.POST, value = "/trade/createrequisition")
    public
    @ResponseBody
    void createRequisition(@RequestBody CreateRequisitionRO[] request);

这就是我的 testNG 类:

package in.hexgen.api.facade;

import javax.annotation.Resource;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.testng.annotations.Test;

import com.hexgen.api.facade.security.HexGenPermissionEvaluator;

public class HexGenPermissionEvaluatorTest {
     private static final Logger logger = LoggerFactory.getLogger(HexGenPermissionEvaluatorTest.class);

  Object name="akash";
  Object permission="CREATE_REQUISITION";
  Authentication authentication;

  @Resource(name = "permissionEval")
  private HexGenPermissionEvaluator permissionEval;

  @Test
  public void hasPermission() {
      //authentication.setAuthenticated(true);

      logger.debug("HexGenPermissionEvaluator Generate - starting ...");
         permissionEval.hasPermission(authentication,name, permission);
      logger.debug("HexGenPermissionEvaluator Generate - completed ...");
  }

}

但是当我运行测试时我得到了这个异常

FAILED: hasPermission
java.lang.NullPointerException
    at in.hexgen.api.facade.HexGenPermissionEvaluatorTest.hasPermission(HexGenPermissionEvaluatorTest.java:30)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80)
    at org.testng.internal.Invoker.invokeMethod(Invoker.java:714)
    at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901)
    at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231)
    at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:128)
    at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
    at org.testng.TestRunner.privateRun(TestRunner.java:767)
    at org.testng.TestRunner.run(TestRunner.java:617)
    at org.testng.SuiteRunner.runTest(SuiteRunner.java:334)
    at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329)
    at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291)
    at org.testng.SuiteRunner.run(SuiteRunner.java:240)
    at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
    at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
    at org.testng.TestNG.runSuitesSequentially(TestNG.java:1203)
    at org.testng.TestNG.runSuitesLocally(TestNG.java:1128)
    at org.testng.TestNG.run(TestNG.java:1036)
    at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:111)
    at org.testng.remote.RemoteTestNG.initAndRun(RemoteTestNG.java:204)
    at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:175)

我犯了什么错误,请帮助我找到并解雇罪魁祸首。

此致

4

1 回答 1

2

您需要手动设置一个Authentication对象并将其设置在全局SecurityContextHolder中。您可以在类的测试方法之前、每个方法之前或作为每个测试方法的一部分移动初始化。

@Before
public void setupAuth(){
    //password actually doesn't matter, meanwhile GrantedAuthorities should be necessary,
    //if you are using built-in checking functions such as "hasAnyRole" etc.
    List<GrantedAuthority> grantedAuthorities = Collections.emptyList();
    authentication = new UsernamePasswordAuthenticationToken(name, null, grantedAuthorities);

    //set authentication into static security context for proper handling by annotations
    SecurityContextHolder.getContext().setAuthentication(authentication);   
}

编辑:OP 提供了有趣的资源,上面描述的方法与IInvokedMethodListener一起工作,它允许对Authentication对象进行基于注释的控制。

于 2013-03-22T09:27:47.413 回答