use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class RoleValidatorTest method testRolesAndPermitAllFromConfig.
@Test
void testRolesAndPermitAllFromConfig() {
RoleValidator roleValidator = RoleValidator.create();
RoleValidator.RoleConfig roleConfig = roleValidator.fromConfig(config.get("test2"));
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("test")).build()));
roleValidator.validate(roleConfig, collector, request);
collector.collect().checkValid();
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class RoleValidatorTest method testUserRolesDeny.
@Test
void testUserRolesDeny() {
RoleValidator validator = RoleValidator.create();
RoleValidator.Roles annot = mock(RoleValidator.Roles.class);
String[] roleArray = new String[] { "admin" };
when(annot.subjectType()).thenReturn(SubjectType.USER);
when(annot.value()).thenReturn(roleArray);
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(RoleValidator.Roles.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(rConfig, collector, request);
if (collector.collect().isValid()) {
fail("User is not in admin role, should have failed");
}
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class ScopeValidatorTest method testScopesOrPermit.
@Test
public void testScopesOrPermit() {
ScopeValidator validator = ScopeValidator.builder().useOrOperator(true).build();
ScopeValidator.Scope annot = mock(ScopeValidator.Scope.class);
when(annot.value()).thenReturn("calendar_get");
ScopeValidator.Scope annotTwo = mock(ScopeValidator.Scope.class);
when(annotTwo.value()).thenReturn("calendar_update");
ScopeValidator.Scopes scopes = mock(ScopeValidator.Scopes.class);
when(scopes.value()).thenReturn(new ScopeValidator.Scope[] { annot, annotTwo });
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(scopes));
ScopeValidator.ScopesConfig sConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Grant.builder().type("scope").name("calendar_get").build()).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(sConfig, collector, request);
collector.collect().checkValid();
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class ScopeValidatorTest method testScopesAndPermit.
@Test
public void testScopesAndPermit() {
ScopeValidator validator = ScopeValidator.create();
ScopeValidator.Scope annot = mock(ScopeValidator.Scope.class);
when(annot.value()).thenReturn("calendar_get");
ScopeValidator.Scope annotTwo = mock(ScopeValidator.Scope.class);
when(annotTwo.value()).thenReturn("calendar_update");
ScopeValidator.Scopes scopes = mock(ScopeValidator.Scopes.class);
when(scopes.value()).thenReturn(new ScopeValidator.Scope[] { annot, annotTwo });
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(scopes));
ScopeValidator.ScopesConfig sConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Grant.builder().type("scope").name("calendar_get").build()).addGrant(Grant.builder().type("scope").name("calendar_update").build()).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(sConfig, collector, request);
collector.collect().checkValid();
}
use of io.helidon.security.ProviderRequest in project helidon by oracle.
the class ScopeValidatorTest method testScopesOrDeny.
@Test
public void testScopesOrDeny() {
ScopeValidator validator = ScopeValidator.builder().useOrOperator(true).build();
ScopeValidator.Scope annot = mock(ScopeValidator.Scope.class);
when(annot.value()).thenReturn("calendar_get");
ScopeValidator.Scope annotTwo = mock(ScopeValidator.Scope.class);
when(annotTwo.value()).thenReturn("calendar_update");
ScopeValidator.Scopes scopes = mock(ScopeValidator.Scopes.class);
when(scopes.value()).thenReturn(new ScopeValidator.Scope[] { annot, annotTwo });
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(scopes));
ScopeValidator.ScopesConfig sConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Grant.builder().type("scope").name("calendar_other").build()).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(sConfig, collector, request);
if (collector.collect().isValid()) {
fail("User does not have any of the required scopes, should have failed");
}
}
Aggregations