private UserManager makeInterceptedTarget() { ctx = new ClassPathXmlApplicationContext("/applicationContext-test.xml"); UserManager userManager = (UserManager) ctx.getBean("target"); userManager.setUserDao(userDao); return userManager; }
@Test public void testUpdateUserProfile() throws Exception { UserManager userManager = makeInterceptedTarget(); final User user = new User("user"); user.setId(1L); user.getRoles().add(new Role(Constants.USER_ROLE)); given(userDao.saveUser(user)).willReturn(user); userManager.saveUser(user); }
// Test fix to http://issues.appfuse.org/browse/APF-96 @Test public void testChangeToAdminRoleFromUserRole() throws Exception { UserManager userManager = makeInterceptedTarget(); User user = new User("user"); user.setId(1L); user.getRoles().add(new Role(Constants.ADMIN_ROLE)); try { userManager.saveUser(user); fail("AccessDeniedException not thrown"); } catch (AccessDeniedException expected) { assertNotNull(expected); assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); } }
@Test public void testAddUserWithoutAdminRole() throws Exception { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); assertTrue(auth.isAuthenticated()); UserManager userManager = makeInterceptedTarget(); User user = new User("admin"); user.setId(2L); try { userManager.saveUser(user); fail("AccessDeniedException not thrown"); } catch (AccessDeniedException expected) { assertNotNull(expected); Assert.assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED); } }
@Test public void testAddUserAsAdmin() throws Exception { SecurityContext securityContext = new SecurityContextImpl(); User user = new User("admin"); user.setId(2L); user.setPassword("password"); user.addRole(new Role(Constants.ADMIN_ROLE)); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword(), user.getAuthorities()); token.setDetails(user); securityContext.setAuthentication(token); SecurityContextHolder.setContext(securityContext); UserManager userManager = makeInterceptedTarget(); final User adminUser = new User("admin"); adminUser.setId(2L); given(userDao.saveUser(adminUser)).willReturn(adminUser); userManager.saveUser(adminUser); }