use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class RoleValidatorTest method testPermitAll.
@Test
void testPermitAll() {
RoleValidator validator = RoleValidator.create();
PermitAll annot = mock(PermitAll.class);
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(rConfig, collector, request);
collector.collect().checkValid();
}
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class RoleValidatorTest method testPermitAllAndRolesAndDenyAll.
@Test
void testPermitAllAndRolesAndDenyAll() {
RoleValidator validator = RoleValidator.create();
PermitAll permitAll = mock(PermitAll.class);
DenyAll denyAll = mock(DenyAll.class);
RolesAllowed rolesAllowed = mock(RolesAllowed.class);
String[] roleArray = new String[] { "admin" };
when(rolesAllowed.value()).thenReturn(roleArray);
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(permitAll));
when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(denyAll));
when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(rConfig, collector, request);
if (collector.collect().isValid()) {
fail("DenyAll is set on this method, this should have failed");
}
}
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class RoleValidatorTest method testDenyAll.
@Test
void testDenyAll() {
RoleValidator validator = RoleValidator.create();
DenyAll annot = mock(DenyAll.class);
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(rConfig, collector, request);
if (collector.collect().isValid()) {
fail("DenyAll is set on this method, this should have failed");
}
}
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class RoleValidatorTest method testServiceRolesDeny.
@Test
void testServiceRolesDeny() {
RoleValidator validator = RoleValidator.create();
RoleValidator.Roles annot = mock(RoleValidator.Roles.class);
String[] roleArray = new String[] { "admin" };
when(annot.value()).thenReturn(roleArray);
when(annot.subjectType()).thenReturn(SubjectType.SERVICE);
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(RoleValidator.Roles.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
when(request.service()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("service")).addGrant(Role.create("user")).build()));
validator.validate(rConfig, collector, request);
if (collector.collect().isValid()) {
fail("Service is not in admin role, should have failed");
}
}
use of io.helidon.security.SecurityLevel in project helidon by oracle.
the class ScopeValidatorTest method testScopesAndDeny.
@Test
public void testScopesAndDeny() {
ScopeValidator validator = ScopeValidator.create();
ScopeValidator.Scope annot = mock(ScopeValidator.Scope.class);
when(annot.value()).thenReturn("calendar_get");
ScopeValidator.Scope annotTwo = mock(ScopeValidator.Scope.class);
when(annotTwo.value()).thenReturn("calendar_update");
ScopeValidator.Scopes scopes = mock(ScopeValidator.Scopes.class);
when(scopes.value()).thenReturn(new ScopeValidator.Scope[] { annot, annotTwo });
SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
List<SecurityLevel> securityLevels = new ArrayList<>();
securityLevels.add(appSecurityLevel);
securityLevels.add(classSecurityLevel);
EndpointConfig ep = mock(EndpointConfig.class);
when(ep.securityLevels()).thenReturn(securityLevels);
when(classSecurityLevel.filterAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(scopes));
ScopeValidator.ScopesConfig sConfig = validator.fromAnnotations(ep);
Errors.Collector collector = Errors.collector();
ProviderRequest request = mock(ProviderRequest.class);
when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Grant.builder().type("scope").name("calendar_get").build()).build()));
when(request.service()).thenReturn(Optional.empty());
validator.validate(sConfig, collector, request);
if (collector.collect().isValid()) {
fail("User does not have calendar_update scope, so this should have failed");
}
}
Aggregations