Search in sources :

Example 6 with SumTotal

use of com.hw.helper.SumTotal in project mt-auth by publicdevop2019.

the class EndpointTest method modify_existing_profile_to_prevent_access.

@Test
@Ignore
public void modify_existing_profile_to_prevent_access() {
    String url2 = UrlUtility.getAccessUrl("/users/admin");
    // before modify, admin is able to access resourceOwner apis
    HttpHeaders headers1 = new HttpHeaders();
    headers1.setBearerAuth(UserUtility.getJwtAdmin());
    HttpEntity<Object> hashMapHttpEntity1 = new HttpEntity<>(headers1);
    ResponseEntity<String> exchange1 = TestContext.getRestTemplate().exchange(url2, HttpMethod.GET, hashMapHttpEntity1, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange1.getStatusCode());
    // modify profile to prevent admin access
    ResponseEntity<SumTotal<EndpointInfo>> listResponseEntity = readEndpoints();
    EndpointInfo endpointInfo = listResponseEntity.getBody().getData().get(6);
    endpointInfo.getUserRoles().remove("ROLE_ADMIN");
    endpointInfo.getUserRoles().add("ROLE_ROOT");
    ResponseEntity<String> stringResponseEntity = updateProfile(endpointInfo, endpointInfo.getId());
    Assert.assertEquals(HttpStatus.OK, stringResponseEntity.getStatusCode());
    // after modify, admin is not able to access resourceOwner apis
    try {
        // wait for cache update
        Thread.sleep(15 * 1000);
    } catch (InterruptedException e) {
        e.printStackTrace();
    }
    ResponseEntity<String> exchange = TestContext.getRestTemplate().exchange(url2, HttpMethod.GET, hashMapHttpEntity1, String.class);
    Assert.assertEquals(HttpStatus.FORBIDDEN, exchange.getStatusCode());
    // modify profile to allow access
    endpointInfo.getUserRoles().remove("ROLE_ROOT");
    endpointInfo.getUserRoles().add("ROLE_ADMIN");
    endpointInfo.setVersion(endpointInfo.getVersion() + 1);
    ResponseEntity<String> stringResponseEntity1 = updateProfile(endpointInfo, endpointInfo.getId());
    Assert.assertEquals(HttpStatus.OK, stringResponseEntity1.getStatusCode());
    try {
        // wait for cache update
        Thread.sleep(15 * 1000);
    } catch (InterruptedException e) {
        e.printStackTrace();
    }
    ResponseEntity<String> exchange2 = TestContext.getRestTemplate().exchange(url2, HttpMethod.GET, hashMapHttpEntity1, String.class);
    Assert.assertEquals(HttpStatus.OK, exchange2.getStatusCode());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) EndpointInfo(com.hw.helper.EndpointInfo) HttpEntity(org.springframework.http.HttpEntity) SumTotal(com.hw.helper.SumTotal) Ignore(org.junit.Ignore) Test(org.junit.Test)

Aggregations

SumTotal (com.hw.helper.SumTotal)6 Test (org.junit.Test)6 HttpEntity (org.springframework.http.HttpEntity)6 HttpHeaders (org.springframework.http.HttpHeaders)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)5 Client (com.hw.helper.Client)3 GrantTypeEnum (com.hw.helper.GrantTypeEnum)3 HashSet (java.util.HashSet)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 MultiValueMap (org.springframework.util.MultiValueMap)3 EndpointInfo (com.hw.helper.EndpointInfo)1 Ignore (org.junit.Ignore)1