// Test fix to http://issues.appfuse.org/browse/APF-96 public void testUpdateUserWithUserRole() throws Exception { UserManager userManager = makeInterceptedTarget(); User user = new User("user"); user.setId(1L); user.getRoles().add(new Role(Constants.USER_ROLE)); userDao.expects(once()).method("saveUser"); userManager.saveUser(user); }
// Test fix to http://issues.appfuse.org/browse/APF-96 public void testChangeToAdminRoleFromUserRole() throws Exception { UserManager userManager = makeInterceptedTarget(); User user = new User("user"); user.setId(1L); user.getRoles().add(new Role(Constants.ADMIN_ROLE)); try { userManager.saveUser(user); fail("AccessDeniedException not thrown"); } catch (AccessDeniedException expected) { assertNotNull(expected); assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); } }
public void testAddUserWithoutAdminRole() throws Exception { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); assertTrue(auth.isAuthenticated()); UserManager userManager = makeInterceptedTarget(); User user = new User("admin"); user.setId(2L); try { userManager.saveUser(user); fail("AccessDeniedException not thrown"); } catch (AccessDeniedException expected) { assertNotNull(expected); assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); } }
// Test fix to http://issues.appfuse.org/browse/APF-96 public void testAddUserRoleWhenHasAdminRole() throws Exception { SecurityContext context = new SecurityContextImpl(); User user1 = new User("user"); user1.setId(1L); user1.setPassword("password"); user1.addRole(new Role(Constants.ADMIN_ROLE)); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user1.getUsername(), user1.getPassword(), user1.getAuthorities()); token.setDetails(user1); context.setAuthentication(token); SecurityContextHolder.setContext(context); UserManager userManager = makeInterceptedTarget(); User user = new User("user"); user.setId(1L); user.getRoles().add(new Role(Constants.ADMIN_ROLE)); user.getRoles().add(new Role(Constants.USER_ROLE)); userDao.expects(once()).method("saveUser"); userManager.saveUser(user); }
@Override protected void setUp() throws Exception { super.setUp(); // store initial security context for later restoration initialSecurityContext = SecurityContextHolder.getContext(); SecurityContext context = new SecurityContextImpl(); User user = new User("user"); user.setId(1L); user.setPassword("password"); user.addRole(new Role(Constants.USER_ROLE)); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword(), user.getAuthorities()); token.setDetails(user); context.setAuthentication(token); SecurityContextHolder.setContext(context); }