Examples of org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor

• org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor

        }
    }

    @Test
    public void testUserInRoleAndClaims() throws Exception {
        SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
        in.setAnnotationClassName(SecureRole.class.getName());
        in.setSecuredObject(new TestService2());

        Message m = prepareMessage(TestService2.class, "test",
                createDefaultClaim("admin"),
                createClaim("a", "b", "c"));

        in.handleMessage(m);

        ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
        org.apache.cxf.rs.security.saml.assertion.Claim claim =
            new org.apache.cxf.rs.security.saml.assertion.Claim("a", "b", "c");
        in2.setClaims(Collections.singletonMap("test",
                Collections.singletonList(
                   new ClaimBean(claim))));
        in2.handleMessage(m);

        try {
            in.handleMessage(prepareMessage(TestService2.class, "test",
                    createDefaultClaim("user")));
            fail("AccessDeniedException expected");
        } catch (AccessDeniedException ex) {
            // expected
        }

        }
    }

    @Test
    public void testUserInRoleAndClaims() throws Exception {
        SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
        in.setAnnotationClassName(SecureRole.class.getName());
        in.setSecuredObject(new TestService2());

        Message m = prepareMessage(TestService2.class, "test",
                createDefaultClaim("admin"),
                createClaim("a", "b", "c"));

        in.handleMessage(m);

        ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
        org.apache.cxf.rs.security.saml.assertion.Claim claim =
            new org.apache.cxf.rs.security.saml.assertion.Claim("a", "b", "c");
        in2.setClaims(Collections.singletonMap("test",
                Collections.singletonList(
                   new ClaimBean(claim))));
        in2.handleMessage(m);

        try {
            in.handleMessage(prepareMessage(TestService2.class, "test",
                    createDefaultClaim("user")));
            fail("AccessDeniedException expected");
        } catch (AccessDeniedException ex) {
            // expected
        }

        interceptor = simple;
    }

    public void setSecuredObject(Object securedObject) {
        checkInterceptor();
        SecureAnnotationsInterceptor simple = new SecureAnnotationsInterceptor();
        simple.setSecuredObject(securedObject);
        interceptor = simple;
    }

        }
    }

    @Test
    public void testUserInRoleAndClaims() throws Exception {
        SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
        in.setAnnotationClassName(SecureRole.class.getName());
        in.setSecuredObject(new TestService2());

        Message m = prepareMessage(TestService2.class, "test",
                createDefaultClaim("admin"),
                createClaim("a", "b", "c"));

        in.handleMessage(m);

        ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
        org.apache.cxf.rt.security.claims.SAMLClaim claim =
            new org.apache.cxf.rt.security.claims.SAMLClaim();
        claim.setNameFormat("a");
        claim.setName("b");
        claim.addValue("c");
        in2.setClaims(Collections.singletonMap("test",
                Collections.singletonList(
                   new ClaimBean(claim))));
        in2.handleMessage(m);

        try {
            in.handleMessage(prepareMessage(TestService2.class, "test",
                    createDefaultClaim("user")));
            fail("AccessDeniedException expected");
        } catch (AccessDeniedException ex) {
            // expected
        }

        }
    }

    @Test
    public void testUserInRoleAndClaims() throws Exception {
        SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
        in.setAnnotationClassName(SecureRole.class.getName());
        in.setSecuredObject(new TestService2());

        Message m = prepareMessage(TestService2.class, "test",
                createDefaultClaim("admin"),
                createClaim("a", "b", "c"));

        in.handleMessage(m);

        ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
        org.apache.cxf.rs.security.saml.assertion.Claim claim =
            new org.apache.cxf.rs.security.saml.assertion.Claim("a", "b", "c");
        in2.setClaims(Collections.singletonMap("test",
                Collections.singletonList(
                   new ClaimBean(claim))));
        in2.handleMessage(m);

        try {
            in.handleMessage(prepareMessage(TestService2.class, "test",
                    createDefaultClaim("user")));
            fail("AccessDeniedException expected");
        } catch (AccessDeniedException ex) {
            // expected
        }