WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
webAppInfoBuilder.build();
SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
ComponentPermissions permissions = builder.buildSpecSecurityConfig();
// test excluding longer path than allowed
Permission p = new WebResourcePermission("/Foo/Baz", "GET");
assertTrue(implies(p, permissions, "Admin"));
assertFalse(implies(p, permissions, "Peon"));
p = new WebResourcePermission("/Foo/Bar/Foo", "POST");
assertTrue(implies(p, permissions, "Admin"));
assertFalse(implies(p, permissions, "Peon"));
p = new WebResourcePermission("/Foo/Bar/Foo", "GET");
assertFalse(implies(p, permissions, "Admin"));
assertFalse(implies(p, permissions, "Peon"));
// test excluding longer path allows unchecked access to other http methods
p = new WebResourcePermission("/Bar/Baz", "GET");
assertTrue(implies(p, permissions, "Admin"));
assertFalse(implies(p, permissions, "Peon"));
p = new WebResourcePermission("/Bar/Bar/Bar", "POST");
assertTrue(implies(p, permissions, "Admin"));
//This one is false unless excluded constraint allows other https methods unchecked access
// assertFalse(implies(p, permissions, "Peon"));
assertTrue(implies(p, permissions, "Peon"));
p = new WebResourcePermission("/Bar/Bar/Bar", "GET");
assertFalse(implies(p, permissions, "Admin"));
assertFalse(implies(p, permissions, "Peon"));
}