-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathAuthorizationTest.java
90 lines (74 loc) · 3.33 KB
/
AuthorizationTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package io.es.web;
import io.es.entity.User;
import io.es.repository.RepositoriesInitializer;
import lombok.val;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@RunWith(SpringRunner.class)
@SpringBootTest
@AutoConfigureMockMvc
public class AuthorizationTest {
@Autowired
private MockMvc mvc;
@Autowired
private RepositoriesInitializer initializer;
private final User guest = User.builder().username("guest-1-1").password("q").build();
private final User admin = User.builder().username("admin-1-1").password("q").build();
@Before
public void initialize() {
initializer.initialize();
}
@Test
public void accessProtectedResourcesHasPermission() throws Exception {
mvc.perform(get("/api/resources/p/r").session(getSession(guest))).
andExpect(status().isOk());
}
@Test
public void accessProtectedResourcesHasNoPermission() throws Exception {
mvc.perform(get("/api/resources/p/w").session(getSession(guest))).
andExpect(status().isForbidden());
}
@Test
public void accessResourcesWithinDistrict() throws Exception {
val request = get("/api/resources/" + initializer.getResources().get("resource-1-1").getId());
mvc.perform(request.session(getSession(guest))).
andExpect(status().isOk());
}
@Test
public void accessResourcesNotWithinDistrict() throws Exception {
val request = get("/api/resources/" + initializer.getResources().get("resource-1-2").getId());
mvc.perform(request.session(getSession(guest))).
andExpect(status().isForbidden());
}
@Test
public void modifyResourcesWithinDistrict() throws Exception {
val request = delete("/api/resources/" + initializer.getResources().get("resource-1-1").getId());
mvc.perform(request.with(csrf()).session(getSession(admin))).
andExpect(status().isNoContent());
}
@Test
public void modifyResourcesNotWithinDistrict() throws Exception {
val request = delete("/api/resources/" + initializer.getResources().get("resource-1-2").getId());
mvc.perform(request.with(csrf()).session(getSession(admin))).
andExpect(status().isForbidden());
}
private MockHttpSession getSession(User user) throws Exception {
return (MockHttpSession)
mvc.perform(formLogin().user(user.getUsername()).password(user.getPassword())).
andExpect(authenticated()).
andReturn().getRequest().getSession(false);
}
}