/*
* Copyright 2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.restassured.module.mockmvc;
import io.restassured.module.mockmvc.http.SecuredController;
import io.restassured.module.mockmvc.specification.MockMvcRequestSpecBuilder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.util.NestedServletException;
import java.security.Principal;
import java.util.Collections;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hamcrest.Matchers.equalTo;
public class SecuredControllerTest {
@Rule
public ExpectedException exception = ExpectedException.none();
@Test public void
javax_principal_authentication_works() {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().principal(new Principal() {
public String getName() {
return "authorized_user";
}
}).
param("name", "Johan").
when().
get("/principalGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
}
@Test public void
spring_security_principal_authentication_works() {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList())).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
}
@Test public void
spring_security_authentication_authentication_works() {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().authentication(new TestingAuthenticationToken(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList()), "")).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
}
@Test public void
spring_context_holder_is_cleared_after_test() {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList())).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test public void
spring_context_holder_is_cleared_after_failed_test() {
exception.expect(NestedServletException.class);
exception.expectMessage("Not authorized");
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().principal(new User("authorized_user2", "password", Collections.<GrantedAuthority>emptyList())).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
} finally {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
}
@Test public void
statically_defined_authentication_works() {
// Given
RestAssuredMockMvc.authentication = RestAssuredMockMvc.principal(new Principal() {
public String getName() {
return "authorized_user";
}
});
// When
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
param("name", "Johan").
when().
get("/principalGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
} finally {
RestAssuredMockMvc.reset();
}
}
@Test public void
can_override_static_auth_config_with_none() {
exception.expectMessage("Not authorized");
// Given
RestAssuredMockMvc.authentication = RestAssuredMockMvc.principal(new Principal() {
public String getName() {
return "authorized_user";
}
});
// When
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
auth().none().
param("name", "Johan").
when().
get("/principalGreeting");
} finally {
RestAssuredMockMvc.reset();
}
}
@Test public void
spring_context_holder_is_cleared_after_failed_test_when_auth_is_statically_defined() {
RestAssuredMockMvc.authentication = RestAssuredMockMvc.principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList()));
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
} finally {
RestAssuredMockMvc.reset();
}
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test public void
statically_defined_auth_has_precedence_over_statically_defined_request_spec() {
RestAssuredMockMvc.authentication = RestAssuredMockMvc.principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList()));
RestAssuredMockMvc.requestSpecification = new MockMvcRequestSpecBuilder().setAuth(RestAssuredMockMvc.authentication(new TestingAuthenticationToken("name", "pw"))).build();
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
} finally {
RestAssuredMockMvc.reset();
}
}
@Test public void
statically_defined_defined_request_spec_may_include_auth() {
RestAssuredMockMvc.requestSpecification = new MockMvcRequestSpecBuilder().setAuth(RestAssuredMockMvc.principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList()))).build();
try {
RestAssuredMockMvc.given().
standaloneSetup(new SecuredController()).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
} finally {
RestAssuredMockMvc.reset();
}
}
@Test public void
dsl_defined_defined_request_spec_may_include_auth() {
RestAssuredMockMvc.given().
spec(new MockMvcRequestSpecBuilder().setAuth(RestAssuredMockMvc.principal(new User("authorized_user", "password", Collections.<GrantedAuthority>emptyList()))).build()).
standaloneSetup(new SecuredController()).
param("name", "Johan").
when().
get("/springSecurityGreeting").
then().
statusCode(200).
body("content", equalTo("Hello, Johan!"));
}
}