Search in sources :

Example 1 with FF4jSecurityContext

use of org.ff4j.web.api.security.FF4jSecurityContext in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testRoleNothing.

@Test
public void testRoleNothing() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = new ResourceInfo() {

        public Method getResourceMethod() {
            return methodNothing;
        }

        public Class<?> getResourceClass() {
            return targetResource;
        }
    };
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// OK
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 2 with FF4jSecurityContext

use of org.ff4j.web.api.security.FF4jSecurityContext in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testPermitAll.

@Test
public void testPermitAll() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = mock(ResourceInfo.class);
    when(mockResInfo.getResourceMethod()).thenReturn(methodPermit);
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 3 with FF4jSecurityContext

use of org.ff4j.web.api.security.FF4jSecurityContext in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testDenyAll.

@Test(expected = WebApplicationException.class)
public void testDenyAll() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = mock(ResourceInfo.class);
    when(mockResInfo.getResourceMethod()).thenReturn(methodDeny);
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 4 with FF4jSecurityContext

use of org.ff4j.web.api.security.FF4jSecurityContext in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testRoleAllowedInvalid.

@Test(expected = WebApplicationException.class)
public void testRoleAllowedInvalid() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = new ResourceInfo() {

        public Method getResourceMethod() {
            return methodRole;
        }

        public Class<?> getResourceClass() {
            return targetResource;
        }
    };
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("OTHER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Example 5 with FF4jSecurityContext

use of org.ff4j.web.api.security.FF4jSecurityContext in project ff4j by ff4j.

the class SecurityAuthorizationFilterTest method testRoleAllowed.

@Test
public void testRoleAllowed() throws IOException {
    // Given
    FF4jAuthorizationFilter faf = new FF4jAuthorizationFilter();
    ContainerRequestContext mockRequest = mock(ContainerRequestContext.class);
    UriInfo mockUriInfo = mock(UriInfo.class);
    ResourceInfo mockResInfo = new ResourceInfo() {

        public Method getResourceMethod() {
            return methodRole;
        }

        public Class<?> getResourceClass() {
            return targetResource;
        }
    };
    faf.setInfo(mockResInfo);
    when(mockUriInfo.getPath()).thenReturn("localhost");
    when(mockRequest.getSecurityContext()).thenReturn(new FF4jSecurityContext("user", "", Util.set("USER")));
    when(mockRequest.getUriInfo()).thenReturn(mockUriInfo);
    // When
    faf.filter(mockRequest);
// Then expecte 403
}
Also used : FF4jAuthorizationFilter(org.ff4j.web.api.security.FF4jAuthorizationFilter) ResourceInfo(javax.ws.rs.container.ResourceInfo) FF4jSecurityContext(org.ff4j.web.api.security.FF4jSecurityContext) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) UriInfo(javax.ws.rs.core.UriInfo) Test(org.junit.Test)

Aggregations

ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)5 ResourceInfo (javax.ws.rs.container.ResourceInfo)5 UriInfo (javax.ws.rs.core.UriInfo)5 FF4jAuthorizationFilter (org.ff4j.web.api.security.FF4jAuthorizationFilter)5 FF4jSecurityContext (org.ff4j.web.api.security.FF4jSecurityContext)5 Test (org.junit.Test)5