/** * Testet den Fall, dass der Benutzer in der Rolle der geschützten Web-Ressource ist. Ergebnis * Zugriff erlaubt. * * @throws Exception */ @Test public void testEvaluateHasAuthorityConfigAttributeUserIsInRole() throws Exception { // Testfix erstellen List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_JUNIT_TEST")); Authentication authenticationToken = new UsernamePasswordAuthenticationToken("JUnit", "JUnit", grantedAuthorities); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); Authority authority = new Authority(); authority.setSystemName("ROLE_JUNIT_TEST"); WebResourceAccessRule rule = new WebResourceAccessRule(); rule.setAuthority(authority); HasAuthorityConfigAttribute configAttribute = new HasAuthorityConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertTrue( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); }
@Test public void testEvaluateFlagConfigAttributeIsDenyAll() throws Exception { // Fall 1: Nutzer ist Anonym ////////////////////////////////////////// // Testfix erstellen Authentication authenticationToken = newAnonymousAuthenticationToken(); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); WebResourceAccessRule rule = new WebResourceAccessRule(); rule.setDenyAll(true); FlagConfigAttribute configAttribute = new FlagConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertFalse( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); // Fall 2: Nutzer ist angemeldet ////////////////////////////////////// // Testfix erstellen List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_JUNIT_TEST")); authenticationToken = new UsernamePasswordAuthenticationToken("JUnit", "JUnit", grantedAuthorities); rule = new WebResourceAccessRule(); rule.setDenyAll(true); configAttribute = new FlagConfigAttribute(rule); // Das Testobjekt erstellen webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertFalse( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); }
@Test(expected = IllegalArgumentException.class) public void testEvaluateFlagConfigAttributeAllFlagsAreFalseException() { // Testfix erstellen Authentication authenticationToken = newAnonymousAuthenticationToken(); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); WebResourceAccessRule rule = new WebResourceAccessRule(); /// Alle Flags sind per Default FALSE FlagConfigAttribute configAttribute = new FlagConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung webResourceAccessEvaluator.evaluate(authenticationToken, filterInvocation, configAttribute); }
@Test public void testEvaluateFlagConfigAttributeIsFullyAuthenticatedGrantedAsUser() throws Exception { // Testfix erstellen Authentication authenticationToken = newUserAuthenticationToken(); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); WebResourceAccessRule rule = new WebResourceAccessRule(); rule.setFullyAuthenticated(true); FlagConfigAttribute configAttribute = new FlagConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertTrue( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); }
@Test public void testEvaluateFlagConfigAttributeIsRememberMeDeniedAsAnonymous() throws Exception { // Testfix erstellen Authentication authenticationToken = newAnonymousAuthenticationToken(); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); WebResourceAccessRule rule = new WebResourceAccessRule(); rule.setRememberMe(true); FlagConfigAttribute configAttribute = new FlagConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertFalse( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); }
/** * Test den Fall, dass der Benutzer nicht in der Rolle der geschützten Web-Ressource ist. Ergebnis * Zugriff verweigert. * * @throws Exception */ @Test public void testEvaluateHasAuthorityConfigAttributeUserIsNotInRole() throws Exception { // Testfix erstellen Authentication authenticationToken = newUserAuthenticationToken(); FilterInvocation filterInvocation = new FilterInvocation("/junit", "GET"); Authority authority = new Authority(); authority.setSystemName("ROLE_JUNIT_TEST"); WebResourceAccessRule rule = new WebResourceAccessRule(); rule.setAuthority(authority); HasAuthorityConfigAttribute configAttribute = new HasAuthorityConfigAttribute(rule); // Das Testobjekt erstellen WebResourceAccessEvaluator webResourceAccessEvaluator = new WebResourceAccessEvaluator(); // Test und Auswertung assertFalse( webResourceAccessEvaluator.evaluate( authenticationToken, filterInvocation, configAttribute)); }