Package samplest.security

Source Code of samplest.security.SecuredResourceTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package samplest.security;

import com.github.kevinsawicki.http.HttpRequest;
import com.google.common.base.Charsets;
import com.google.common.hash.Hashing;
import org.junit.After;
import org.junit.ClassRule;
import org.junit.Test;
import restx.security.HttpAuthenticationFilter;
import restx.security.RestxSessionBareFilter;
import restx.security.RestxSessionCookieFilter;
import restx.tests.HttpTestClient;
import restx.tests.RestxServerRule;

import static org.assertj.core.api.Assertions.assertThat;
import static restx.factory.Factory.LocalMachines.threadLocal;
import static restx.factory.Factory.activationKey;

/**
* Date: 12/12/13
* Time: 19:12
*/
public class SecuredResourceTest {
    @ClassRule
    public static RestxServerRule server = new RestxServerRule();

    @After
    public void teardown() {
        threadLocal().clear();
    }

    @Test
    public void should_access_secured_resource() throws Exception {
        HttpRequest httpRequest = server.client().authenticatedAs("admin").GET("/api/security/user");
        assertThat(httpRequest.code()).isEqualTo(200);
        assertThat(httpRequest.body().trim()).isEqualTo("admin");
    }

    @Test
    public void should_access_secured_resource_with_su() throws Exception {
        HttpRequest httpRequest = server.client().authenticatedAs("admin").GET("/api/security/user")
                .header("RestxSu", "{ \"principal\": \"user1\" }");
        assertThat(httpRequest.code()).isEqualTo(200);
        assertThat(httpRequest.body().trim()).isEqualTo("user1");
    }

    @Test
    public void should_access_secured_resource_with_http_basic() throws Exception {
        HttpTestClient client = server.client();
        HttpRequest httpRequest = client.GET("/api/security/user")
                .basic("admin", Hashing.md5().hashString("juma", Charsets.UTF_8).toString());
        assertThat(httpRequest.code()).isEqualTo(200);
        assertThat(httpRequest.headers("Set-Cookie")[1]).contains("\"principal\":\"admin\"");
        assertThat(httpRequest.body().trim()).isEqualTo("admin");
    }

    @Test
    public void should_not_access_secured_resource_with_http_basic_when_deactivated() throws Exception {
        threadLocal().set(activationKey(HttpAuthenticationFilter.class, "HttpAuthenticationFilter"), "false");
        HttpRequest httpRequest = server.client().GET("/api/security/user")
                .basic("admin", Hashing.md5().hashString("juma", Charsets.UTF_8).toString());
        assertThat(httpRequest.code()).isEqualTo(401);
    }

    @Test
    public void should_access_secured_resource_with_http_basic_no_session() throws Exception {
        threadLocal()
                .set(activationKey(RestxSessionCookieFilter.class, "RestxSessionCookieFilter"), "false")
                .set(activationKey(RestxSessionBareFilter.class, "RestxSessionBareFilter"), "true");
        HttpTestClient client = server.client();
        HttpRequest httpRequest = client.GET("/api/security/user")
                .basic("admin", Hashing.md5().hashString("juma", Charsets.UTF_8).toString());
        assertThat(httpRequest.code()).isEqualTo(200);
        assertThat(httpRequest.header("Set-Cookie")).isNull();
        assertThat(httpRequest.body().trim()).isEqualTo("admin");

        httpRequest = client.GET("/api/security/user");
        assertThat(httpRequest.code()).isEqualTo(401);
    }
}
TOP

Related Classes of samplest.security.SecuredResourceTest

  • com.github.kevinsawicki.http.HttpRequest
  • restx.tests.HttpTestClient
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.