@Test
public void dontAllowSecurityElementsInUnsecured() throws Exception {
assertOneRequestViolationThat(
test(
local,
get("/unsec").param("access_token", "bla").header("Authorization2", "blu"),
response(200, "", null)),
equalTo("Header 'Authorization2' on action(GET /unsec) is not defined"));
}
@Test
public void undefinedResourceSecuritySchema() throws Exception {
assertOneRequestViolationThat(
test(undef, get("/sec"), response(200, "", null)),
equalTo("Security Scheme 'c' on resource(/sec) is not defined"));
}
@Test
public void undefinedGlobalSecuritySchema() throws Exception {
assertOneRequestViolationThat(
test(undef, get("/unsec"), response(200, "", null)),
equalTo("Security Scheme 'b' on Root definition is not defined"));
}
@Test
public void undefinedActionSecuritySchema() throws Exception {
assertOneRequestViolationThat(
test(undef, post("/sec"), response(200, "", null)),
equalTo("Security Scheme 'd' on action(POST /sec) is not defined"));
}
