use of javax.ws.rs.core.Configuration in project minijax by minijax.
the class SecurityTest method testApiKeyDeleted.
@Test
public void testApiKeyDeleted() {
final User user = new User();
final ApiKey apiKey = new ApiKey();
apiKey.setValue("xyz");
apiKey.setUser(user);
apiKey.setDeleted(true);
final String authorization = AuthUtils.create(apiKey.getValue(), "");
final SecurityDao dao = mock(SecurityDao.class);
when(dao.findApiKeyByValue(eq("xyz"))).thenReturn(apiKey);
final Configuration config = mock(Configuration.class);
final Security<User> security = new Security<>(dao, config, authorization, null);
assertFalse(security.isLoggedIn());
assertNull(security.getUserPrincipal());
}
use of javax.ws.rs.core.Configuration in project minijax by minijax.
the class SecurityTest method testCookieInvalidUuid.
@Test
public void testCookieInvalidUuid() {
final String cookie = "not-a-uuid";
final SecurityDao dao = mock(SecurityDao.class);
final Configuration config = mock(Configuration.class);
final Security<User> security = new Security<>(dao, config, null, cookie);
assertFalse(security.isLoggedIn());
assertNull(security.getUserPrincipal());
}
use of javax.ws.rs.core.Configuration in project minijax by minijax.
the class SecurityTest method testCookieInvalidSession.
@Test
public void testCookieInvalidSession() {
final UserSession session = new UserSession();
final String cookie = session.getId().toString();
final SecurityDao dao = mock(SecurityDao.class);
when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session);
final Configuration config = mock(Configuration.class);
final Security<User> security = new Security<>(dao, config, null, cookie);
assertFalse(security.isLoggedIn());
assertNull(security.getUserPrincipal());
}
use of javax.ws.rs.core.Configuration in project minijax by minijax.
the class SecurityTest method testCookie.
@Test
public void testCookie() {
final User user = new User();
user.setRoles("admin");
final UserSession session = new UserSession();
session.setUser(user);
final String cookie = session.getId().toString();
final SecurityDao dao = mock(SecurityDao.class);
when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session);
when(dao.read(eq(User.class), eq(user.getId()))).thenReturn(user);
final Configuration config = mock(Configuration.class);
when(config.getProperty(eq(MinijaxProperties.SECURITY_USER_CLASS))).thenReturn(User.class);
final Security<User> security = new Security<>(dao, config, null, cookie);
security.requireLogin();
security.validateSession(session.getId().toString());
assertTrue(security.isLoggedIn());
assertNotNull(security.getUserPrincipal());
assertEquals(user, security.getUserPrincipal());
assertEquals(user, security.getUserPrincipal());
assertEquals(SecurityContext.FORM_AUTH, security.getAuthenticationScheme());
assertTrue(security.isUserInRole("admin"));
assertFalse(security.isUserInRole("foo"));
}
use of javax.ws.rs.core.Configuration in project minijax by minijax.
the class SecurityTest method testApiKeyNotFound.
@Test
public void testApiKeyNotFound() {
final String authorization = AuthUtils.create("xyz", "");
final SecurityDao dao = mock(SecurityDao.class);
final Configuration config = mock(Configuration.class);
final Security<User> security = new Security<>(dao, config, authorization, null);
assertFalse(security.isLoggedIn());
assertNull(security.getUserPrincipal());
}
Aggregations