use of oap.http.Session in project oap by oaplatform.
the class SecurityInterceptor2Test method testShouldVerifyAndSetUserInSessionIfAuthorizationHeaderIsPresent.
@Test
public void testShouldVerifyAndSetUserInSessionIfAuthorizationHeaderIsPresent() throws UnknownHostException {
val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
val context = new Context("/", InetAddress.getLocalHost(), Protocol.HTTP.name());
val tokenId = UUID.randomUUID().toString();
val httpRequest = new HttpGet();
httpRequest.setHeader("Authorization", tokenId);
httpRequest.setHeader("Host", "localhost");
val request = new Request(httpRequest, context);
val userId = "testUser";
val token = new Token2(tokenId, userId, DateTimeUtils.currentTimeMillis());
when(mockTokenService.getToken(tokenId)).thenReturn(Optional.of(token));
val session = new Session();
when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(true);
val httpResponse = securityInterceptor.intercept(request, session, methodWithAnnotation, p -> "obj");
assertThat(httpResponse).isEmpty();
assertThat(session.get(USER_ID)).contains(userId);
}
use of oap.http.Session in project oap by oaplatform.
the class SecurityInterceptor2Test method testShouldVerifyUserIfPresentInSession.
@Test
public void testShouldVerifyUserIfPresentInSession() {
val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
val userId = "testUser";
final Session session = new Session();
session.set(USER_ID, userId);
when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(true);
final MockRequest request = new MockRequest();
request.headers.put("authorization", "token1");
val httpResponse = securityInterceptor.intercept(request, session, methodWithAnnotation, p -> "obj");
assertThat(httpResponse).isEmpty();
}
use of oap.http.Session in project oap by oaplatform.
the class SecurityInterceptor2Test method testAccessDenied.
@Test
public void testAccessDenied() {
val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
val userId = "testUser";
final Session session = new Session();
session.set(USER_ID, userId);
when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(false);
val httpResponse = securityInterceptor.intercept(new MockRequest(), session, methodWithAnnotation, p -> "obj");
assertThat(httpResponse).isPresent();
}
use of oap.http.Session in project oap by oaplatform.
the class SecurityInterceptor2Test method testPostProcessingIncludeRootPermissions.
@Test
public void testPostProcessingIncludeRootPermissions() {
when(mockAclService.checkAll("1", "testUser")).thenReturn(asList("test1.read"));
when(mockAclService.checkAll(AclService.ROOT, "testUser")).thenReturn(asList("gl.create"));
final Session session = new Session();
session.set(USER_ID, "testUser");
val methodWithAnnotation2 = REFLECTION.method(method -> method.name().equals("methodWithAnnotation2")).get();
val op = (ObjectWithPermissions) securityInterceptor.postProcessing(new TestAPI.Res("1"), session, methodWithAnnotation2);
assertThat(op.permissions).containsExactlyInAnyOrder("test1.read", "gl.create");
}
use of oap.http.Session in project oap by oaplatform.
the class SecurityInterceptor2Test method testPostProcessingList.
@Test
public void testPostProcessingList() {
when(mockAclService.checkAll("1", "testUser")).thenReturn(asList("test1.read"));
when(mockAclService.checkAll(AclService.ROOT, "testUser")).thenReturn(asList("gl.create"));
final Session session = new Session();
session.set(USER_ID, "testUser");
val methodList = REFLECTION.method(method -> method.name().equals("methodList")).get();
val op = ((List<ObjectWithPermissions>) securityInterceptor.postProcessing(singletonList(new TestAPI.Res("1")), session, methodList)).get(0);
assertThat(op.permissions).containsExactlyInAnyOrder("test1.read");
}
Aggregations