Search in sources :

Example 6 with DenyAll

use of jakarta.annotation.security.DenyAll in project helidon by oracle.

the class RoleValidatorTest method testAllAccessAnnotationsOnTheSameLevel.

@Test
void testAllAccessAnnotationsOnTheSameLevel() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    RolesAllowed rolesAllowed = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(rolesAllowed.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(permitAll));
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("DenyAll is set on this method, this should have failed");
    }
}
Also used : ArrayList(java.util.ArrayList) ProviderRequest(io.helidon.security.ProviderRequest) Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) Test(org.junit.jupiter.api.Test)

Example 7 with DenyAll

use of jakarta.annotation.security.DenyAll in project helidon by oracle.

the class RoleValidatorTest method testPermitAllAndRolesAndDenyAll.

@Test
void testPermitAllAndRolesAndDenyAll() {
    RoleValidator validator = RoleValidator.create();
    PermitAll permitAll = mock(PermitAll.class);
    DenyAll denyAll = mock(DenyAll.class);
    RolesAllowed rolesAllowed = mock(RolesAllowed.class);
    String[] roleArray = new String[] { "admin" };
    when(rolesAllowed.value()).thenReturn(roleArray);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(PermitAll.class, EndpointConfig.AnnotationScope.CLASS)).thenReturn(List.of(permitAll));
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(denyAll));
    when(classSecurityLevel.filterAnnotations(RolesAllowed.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(rolesAllowed));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("admin")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("DenyAll is set on this method, this should have failed");
    }
}
Also used : ArrayList(java.util.ArrayList) ProviderRequest(io.helidon.security.ProviderRequest) Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) RolesAllowed(jakarta.annotation.security.RolesAllowed) SecurityLevel(io.helidon.security.SecurityLevel) PermitAll(jakarta.annotation.security.PermitAll) EndpointConfig(io.helidon.security.EndpointConfig) Test(org.junit.jupiter.api.Test)

Example 8 with DenyAll

use of jakarta.annotation.security.DenyAll in project helidon by oracle.

the class RoleValidatorTest method testDenyAll.

@Test
void testDenyAll() {
    RoleValidator validator = RoleValidator.create();
    DenyAll annot = mock(DenyAll.class);
    SecurityLevel appSecurityLevel = mock(SecurityLevel.class);
    SecurityLevel classSecurityLevel = mock(SecurityLevel.class);
    List<SecurityLevel> securityLevels = new ArrayList<>();
    securityLevels.add(appSecurityLevel);
    securityLevels.add(classSecurityLevel);
    EndpointConfig ep = mock(EndpointConfig.class);
    when(ep.securityLevels()).thenReturn(securityLevels);
    when(classSecurityLevel.filterAnnotations(DenyAll.class, EndpointConfig.AnnotationScope.METHOD)).thenReturn(List.of(annot));
    RoleValidator.RoleConfig rConfig = validator.fromAnnotations(ep);
    Errors.Collector collector = Errors.collector();
    ProviderRequest request = mock(ProviderRequest.class);
    when(request.subject()).thenReturn(Optional.of(Subject.builder().principal(Principal.create("myAdmin")).addGrant(Role.create("user")).build()));
    when(request.service()).thenReturn(Optional.empty());
    validator.validate(rConfig, collector, request);
    if (collector.collect().isValid()) {
        fail("DenyAll is set on this method, this should have failed");
    }
}
Also used : Errors(io.helidon.common.Errors) DenyAll(jakarta.annotation.security.DenyAll) SecurityLevel(io.helidon.security.SecurityLevel) ArrayList(java.util.ArrayList) EndpointConfig(io.helidon.security.EndpointConfig) ProviderRequest(io.helidon.security.ProviderRequest) Test(org.junit.jupiter.api.Test)

Aggregations

DenyAll (jakarta.annotation.security.DenyAll)8 ArrayList (java.util.ArrayList)7 EndpointConfig (io.helidon.security.EndpointConfig)6 SecurityLevel (io.helidon.security.SecurityLevel)6 PermitAll (jakarta.annotation.security.PermitAll)6 RolesAllowed (jakarta.annotation.security.RolesAllowed)6 Errors (io.helidon.common.Errors)5 ProviderRequest (io.helidon.security.ProviderRequest)5 Test (org.junit.jupiter.api.Test)5 Annotation (java.lang.annotation.Annotation)2 AbacAnnotation (io.helidon.security.providers.abac.AbacAnnotation)1 Method (java.lang.reflect.Method)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1