@Test
  public void givenInValidAPIKey_WhenCallingSecureAPI_ThenShouldNotBeAllowed() throws Exception {

    request.setRequestURI("/api/v1/fortress/");
    request.addHeader("api-key", "someKey");
    TestCase.assertFalse(
        "didn't fail pre-flight", apiKeyInterceptor.preHandle(request, response, null));
  }
 @Test
 public void givenNoAPIKey_WhenCallingSecureAPI_ThenShouldNotBeAllowed() throws Exception {
   setSecurity(sally_admin); // Sally is Authorised and has not API Key
   request.setRequestURI("/api/v1/fortress/");
   // exception.expect(SecurityException.class);
   // ToDo: Move to MVC tests
   TestCase.assertFalse(apiKeyInterceptor.preHandle(request, response, null));
   TestCase.assertNotNull(response.getErrorMessage());
   TestCase.assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatus());
 }
  @Test
  public void givenValidAPIKey_WhenCallingSecureAPI_ThenShouldBeAllowed() throws Exception {
    String companyName = "SecAPI";
    String apiKey = registerSystemUser(companyName, "abc123").getApiKey();

    request.setRequestURI("/fortress/");
    request.addHeader("api-key", apiKey);
    boolean status = apiKeyInterceptor.preHandle(request, response, null);

    assertEquals(true, status);
    Company company = (Company) request.getAttribute("company");
    assertNotNull(company);

    assertEquals(companyName, company.getName());
  }