@Test public void testUserInRoleAndClaims() throws Exception { SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor(); in.setAnnotationClassName(SecureRole.class.getName()); in.setSecuredObject(new TestService2()); Message m = prepareMessage( TestService2.class, "test", createDefaultClaim("admin"), createClaim("a", "b", "c")); in.handleMessage(m); ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor(); org.apache.cxf.rt.security.claims.SAMLClaim claim = new org.apache.cxf.rt.security.claims.SAMLClaim(); claim.setNameFormat("a"); claim.setName("b"); claim.addValue("c"); in2.setClaims( Collections.singletonMap("test", Collections.singletonList(new ClaimBean(claim)))); in2.handleMessage(m); try { in.handleMessage(prepareMessage(TestService2.class, "test", createDefaultClaim("user"))); fail("AccessDeniedException expected"); } catch (AccessDeniedException ex) { // expected } }
private void doTestClaims(String methodName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception { Message m = prepareMessage(TestService.class, methodName, claim); interceptor.handleMessage(m); }