X509UserDetailsServiceUnitTests.java example

Explorer
genie-master
/*
 *
 *  Copyright 2016 Netflix, Inc.
 *
 *     Licensed under the Apache License, Version 2.0 (the "License");
 *     you may not use this file except in compliance with the License.
 *     You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 *     Unless required by applicable law or agreed to in writing, software
 *     distributed under the License is distributed on an "AS IS" BASIS,
 *     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *     See the License for the specific language governing permissions and
 *     limitations under the License.
 *
 */
package com.netflix.genie.web.security.x509;

import com.netflix.genie.test.categories.UnitTest;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.mockito.Mockito;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

import java.util.HashMap;
import java.util.UUID;

/**
 * Tests for X509UserDetailsService.
 *
 * @author tgianos
 * @since 3.0.0
 */
@Category(UnitTest.class)
public class X509UserDetailsServiceUnitTests {

    private X509UserDetailsService service;
    private PreAuthenticatedAuthenticationToken token;

    /**
     * Setup for the tests.
     */
    @Before
    public void setup() {
        this.service = new X509UserDetailsService();
        this.token = Mockito.mock(PreAuthenticatedAuthenticationToken.class);
    }

    /**
     * Make sure if the principal isn't found it throws an exception.
     *
     * @throws UsernameNotFoundException on principal not found
     */
    @Test(expected = UsernameNotFoundException.class)
    public void cantAuthenticateWithoutPrincipal() throws UsernameNotFoundException {
        Mockito.when(this.token.getPrincipal()).thenReturn(null);
        this.service.loadUserDetails(this.token);
    }

    /**
     * Make sure if the principal isn't a string it throws an exception.
     *
     * @throws UsernameNotFoundException on principal not a string
     */
    @Test(expected = UsernameNotFoundException.class)
    public void cantAuthenticateWithNonStringPrincipal() throws UsernameNotFoundException {
        Mockito.when(this.token.getPrincipal()).thenReturn(new HashMap<String, String>());
        this.service.loadUserDetails(this.token);
    }

    /**
     * Make sure if the principal doesn't split properly it fails.
     *
     * @throws UsernameNotFoundException on principal not containing both username and roles
     */
    @Test(expected = UsernameNotFoundException.class)
    public void cantAuthenticateWithoutUsernameAndRoles() throws UsernameNotFoundException {
        Mockito.when(this.token.getPrincipal()).thenReturn("donthaveroles");
        this.service.loadUserDetails(this.token);
    }

    /**
     * Make sure if the roles are empty it fails.
     *
     * @throws UsernameNotFoundException on on principal roles section being empty
     */
    @Test(expected = UsernameNotFoundException.class)
    public void cantAuthenticateWithoutRoleString() throws UsernameNotFoundException {
        Mockito.when(this.token.getPrincipal()).thenReturn("donthaveroles:");
        this.service.loadUserDetails(this.token);
    }

    /**
     * Make sure if the roles are empty it fails.
     *
     * @throws UsernameNotFoundException on on principal roles section being empty
     */
    @Test(expected = UsernameNotFoundException.class)
    public void cantAuthenticateWithoutRoles() throws UsernameNotFoundException {
        Mockito.when(this.token.getPrincipal()).thenReturn("donthaveroles:,");
        this.service.loadUserDetails(this.token);
    }

    /**
     * Make sure if everything is present and proper the service returns a valid user.
     *
     * @throws UsernameNotFoundException on any error
     */
    @Test
    public void canAuthenticate() throws UsernameNotFoundException {
        final String username = UUID.randomUUID().toString();
        final String role1 = UUID.randomUUID().toString();
        final String role2 = UUID.randomUUID().toString();
        Mockito.when(this.token.getPrincipal()).thenReturn(username + ":" + role1 + "," + role2);
        final UserDetails userDetails = this.service.loadUserDetails(this.token);

        if (!(userDetails instanceof User)) {
            throw new UsernameNotFoundException("Invalid return type");
        }

        final User user = (User) userDetails;
        Assert.assertThat(user.getUsername(), Matchers.is(username));
        Assert.assertThat(user.getPassword(), Matchers.is("NA"));
        Assert.assertThat(user.getAuthorities().size(), Matchers.is(3));
        Assert.assertThat(
            user.getAuthorities(),
            Matchers.hasItems(
                new SimpleGrantedAuthority("ROLE_USER"),
                new SimpleGrantedAuthority("ROLE_" + role1.toUpperCase()),
                new SimpleGrantedAuthority("ROLE_" + role2.toUpperCase())
            )
        );
    }
}