Java 类javax.portlet.PortletSecurityException 实例源码

@Test
public void portletModeMappingViewRenderRequestWithUnauthorizedUserRole() throws Exception {
    MockRenderRequest request = new MockRenderRequest();
    MockRenderResponse response = new MockRenderResponse();
    request.setPortletMode(PortletMode.VIEW);
    request.addUserRole("role3");
    request.setParameter("action", "not mapped");
    request.setParameter("myParam", "not mapped");
    complexDispatcherPortlet.doDispatch(request, response);
    Map<?, ?> model = (Map<?, ?>) request.getAttribute(ViewRendererServlet.MODEL_ATTRIBUTE);
    Exception exception = (Exception) model.get("exception");
    assertNotNull(exception);
    assertTrue(exception.getClass().equals(PortletSecurityException.class));
    InternalResourceView view = (InternalResourceView) request.getAttribute(ViewRendererServlet.VIEW_ATTRIBUTE);
    assertEquals("failed-default-1", view.getBeanName());
}

public void testUnauthorizedUser() throws Exception {
    UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor();
    String validRole = "allowed";
    interceptor.setAuthorizedRoles(new String[] {validRole});
    MockRenderRequest request = new MockRenderRequest();
    MockRenderResponse response = new MockRenderResponse();
    Object handler = new Object();
    request.addUserRole("someOtherRole");
    assertFalse(request.isUserInRole(validRole));
    try {
        interceptor.preHandle(request, response, handler);
        fail("should have thrown PortletSecurityException");
    }
    catch (PortletSecurityException ex) {
        // expected
    }
}

public void testRequestWithNoUserRoles() throws Exception {
    UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor();
    String validRole = "allowed";
    interceptor.setAuthorizedRoles(new String[] {validRole});
    MockRenderRequest request = new MockRenderRequest();
    MockRenderResponse response = new MockRenderResponse();
    Object handler = new Object();
    assertFalse(request.isUserInRole(validRole));
    try {
        interceptor.preHandle(request, response, handler);
        fail("should have thrown PortletSecurityException");
    }
    catch (PortletSecurityException ex) {
        // expected
    }
}

@Test(expected = PortletSecurityException.class)
public void unauthorizedUser() throws Exception {
    String validRole = "allowed";
    interceptor.setAuthorizedRoles(new String[] {validRole});
    request.addUserRole("someOtherRole");
    assertFalse(request.isUserInRole(validRole));

    interceptor.preHandle(request, response, new Object());
}

@Test(expected = PortletSecurityException.class)
public void requestWithNoUserRoles() throws Exception {
    String validRole = "allowed";
    interceptor.setAuthorizedRoles(new String[] {validRole});
    assertFalse(request.isUserInRole(validRole));

    interceptor.preHandle(request, response, new Object());
}

@Test
public void portletModeMappingEditActionRequestWithUnauthorizedUserRole() throws Exception {
    MockActionRequest request = new MockActionRequest();
    MockActionResponse response = new MockActionResponse();
    request.setPortletMode(PortletMode.EDIT);
    request.addUserRole("role3");
    request.setParameter("action", "not mapped");
    request.setParameter("myParam", "not mapped");
    complexDispatcherPortlet.processAction(request, response);
    String exception = response.getRenderParameter(DispatcherPortlet.ACTION_EXCEPTION_RENDER_PARAMETER);
    assertNotNull(exception);
    String name = PortletSecurityException.class.getName();
    assertTrue(exception.startsWith(name));
}

@Override
public void processAction(ActionRequest req, ActionResponse res) throws PortletException, PortletSecurityException, IOException
{
    Application.setInPortalServer(true);
    try
    {
        super.processAction(req, res);
    }
    finally
    {
        Application.setInPortalServer(false);
    }
}

@Override
public void render(RenderRequest req, RenderResponse res) throws PortletException, PortletSecurityException, IOException
{
    Application.setInPortalServer(true);
    try
    {
        super.render(req, res);
    }
    finally
    {
        Application.setInPortalServer(false);
    }
}

public void testInterceptorWithNoAuthorizedRoles() throws Exception {
    UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor();
    MockRenderRequest request = new MockRenderRequest();
    MockRenderResponse response = new MockRenderResponse();
    Object handler = new Object();
    request.addUserRole("someRole");
    try {
        interceptor.preHandle(request, response, handler);
        fail("should have thrown PortletSecurityException");
    }
    catch (PortletSecurityException ex) {
        // expected
    }
}

public void testPortletModeMappingEditActionRequestWithUnauthorizedUserRole() throws Exception {
    MockActionRequest request = new MockActionRequest();
    MockActionResponse response = new MockActionResponse();
    request.setPortletMode(PortletMode.EDIT);
    request.addUserRole("role3");
    request.setParameter("action", "not mapped");
    request.setParameter("myParam", "not mapped");
    complexDispatcherPortlet.processAction(request, response);
    String exception = response.getRenderParameter(DispatcherPortlet.ACTION_EXCEPTION_RENDER_PARAMETER);
    assertNotNull(exception);
    String name = PortletSecurityException.class.getName();
    assertTrue(exception.startsWith(name));
}

public void testPortletModeMappingViewRenderRequestWithUnauthorizedUserRole() throws Exception {
    MockRenderRequest request = new MockRenderRequest();
    MockRenderResponse response = new MockRenderResponse();
    request.setPortletMode(PortletMode.VIEW);
    request.addUserRole("role3");
    request.setParameter("action", "not mapped");
    request.setParameter("myParam", "not mapped");
    complexDispatcherPortlet.doDispatch(request, response);
    Map model = (Map) request.getAttribute(ViewRendererServlet.MODEL_ATTRIBUTE);
    Exception exception = (Exception) model.get("exception");
    assertNotNull(exception);
    assertTrue(exception.getClass().equals(PortletSecurityException.class));
    InternalResourceView view = (InternalResourceView) request.getAttribute(ViewRendererServlet.VIEW_ATTRIBUTE);
    assertEquals("failed-default-1", view.getBeanName());
}

/**
 * Sets the secure flag on the URl as required
 * 
 * @throws JspException
 */
protected void handleSecureFlag() throws JspException {

     BaseURL url = getUrl();

     if (secure != null && !secure.equalsIgnoreCase("true") && !secure.equalsIgnoreCase("false")) {
        StringBuilder txt = new StringBuilder(128);
        txt.append("Invalid secure option: ").append(secure);
        txt.append(", valid options: true, false");
        throw new JspException(txt.toString());
     }

     if(url == null){
        throw new IllegalStateException("internal error: url not set");
     }

     if (var != null) {
           pageContext.removeAttribute(var, PageContext.PAGE_SCOPE);
       }

     if (secure != null) {
           try {                   
               url.setSecure(isSecure());                    
           } catch (PortletSecurityException e) {
               // ignore exception as Pluto doesn't support setSecure
               // throw new JspException(e);                    
           }
       }
}

@Test(expected = PortletSecurityException.class)
public void interceptorWithNoAuthorizedRoles() throws Exception {
    request.addUserRole("someRole");
    interceptor.preHandle(request, response, new Object());
}

@Override
public void setSecure(boolean secure) throws PortletSecurityException {
    this.secure = secure;
}

@Override
public void setSecure(boolean secure) throws PortletSecurityException {
    this.secure = secure;
}

@Override
public void setSecure(boolean secure) throws PortletSecurityException {
    this.secure = secure;
}

public void setSecure(boolean secure) throws PortletSecurityException {
    this.secure = secure;
}

@Override
public void setSecure(boolean secure) throws PortletSecurityException {
   ((BaseURL)wrapped).setSecure(secure);
}

public void setSecure(boolean secure) throws PortletSecurityException {
   urlProvider.setSecure(secure);
}

public void setSecure(boolean secure) throws PortletSecurityException {
   throw new PortletSecurityException("setSecure is not supported.");
}

/**
 * Handle a request that is not authorized according to this interceptor.
 * Default implementation throws a new PortletSecurityException.
 * <p>This method can be overridden to write a custom message, forward or
 * redirect to some error page or login page, or throw a PortletException.
 * @param request current portlet request
 * @param response current portlet response
 * @param handler chosen handler to execute, for type and/or instance evaluation
 * @throws javax.portlet.PortletException if there is an internal error
 * @throws java.io.IOException in case of an I/O error when writing the response
 */
protected void handleNotAuthorized(PortletRequest request, PortletResponse response, Object handler)
        throws PortletException, IOException {

    throw new PortletSecurityException("Request not authorized");
}

/**
 * Handle a request that is not authorized according to this interceptor.
 * Default implementation throws a new PortletSecurityException.
 * <p>This method can be overridden to write a custom message, forward or
 * redirect to some error page or login page, or throw a PortletException.
 * @param request current portlet request
 * @param response current portlet response
 * @param handler chosen handler to execute, for type and/or instance evaluation
 * @throws javax.portlet.PortletException if there is an internal error
 * @throws java.io.IOException in case of an I/O error when writing the response
 */
protected void handleNotAuthorized(PortletRequest request, PortletResponse response, Object handler)
        throws PortletException, IOException {

    throw new PortletSecurityException("Request not authorized");
}

void setSecure(boolean secure) throws PortletSecurityException;