Example 1 with SecureAnnotationsInterceptor
use of org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor in project cxf by apache.
the class ClaimsAuthorizingInterceptorTest method testUserInRoleAndClaims.
@Test
public void testUserInRoleAndClaims() throws Exception {
SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
in.setAnnotationClassName(SecureRole.class.getName());
in.setSecuredObject(new TestService2());
Message m = prepareMessage(TestService2.class, "test", createDefaultClaim("admin"), createClaim("a", "b", "c"));
in.handleMessage(m);
ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
org.apache.cxf.rt.security.saml.claims.SAMLClaim claim = new org.apache.cxf.rt.security.saml.claims.SAMLClaim();
claim.setNameFormat("a");
claim.setName("b");
claim.addValue("c");
in2.setClaims(Collections.singletonMap("test", Collections.singletonList(new ClaimBean(claim))));
in2.handleMessage(m);
try {
in.handleMessage(prepareMessage(TestService2.class, "test", createDefaultClaim("user")));
fail("AccessDeniedException expected");
} catch (AccessDeniedException ex) {
// expected
}
}
Also used :
SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim)
Assert(org.junit.Assert)
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
Message(org.apache.cxf.message.Message)
SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim)
ClaimBean(org.apache.cxf.rt.security.saml.claims.ClaimBean)
SecureAnnotationsInterceptor(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor)
Test(org.junit.Test)
Aggregations
AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1
SecureAnnotationsInterceptor (org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor)1
Message (org.apache.cxf.message.Message)1
ClaimBean (org.apache.cxf.rt.security.saml.claims.ClaimBean)1
SAMLClaim (org.apache.cxf.rt.security.saml.claims.SAMLClaim)1
Assert (org.junit.Assert)1
Test (org.junit.Test)1
