/*
* Copyright 2015 herd contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.finra.herd.app.security;
import static org.junit.Assert.assertEquals;
import java.util.HashMap;
import java.util.Map;
import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.finra.herd.app.AbstractAppTest;
import org.finra.herd.model.api.xml.BusinessObjectDefinition;
import org.finra.herd.model.api.xml.BusinessObjectDefinitionCreateRequest;
import org.finra.herd.model.api.xml.BusinessObjectDefinitionKey;
import org.finra.herd.model.dto.ConfigurationValue;
import org.finra.herd.model.jpa.BusinessObjectDefinitionEntity;
/**
* This class tests the security user wrapper.
*/
public class SecurityUserWrapperTest extends AbstractAppTest
{
@Test
public void testCreateBusinessObjectDefinitionWithTrustedUser() throws Exception
{
// Create and persist database entities required for testing.
namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE);
dataProviderDaoTestHelper.createDataProviderEntity(DATA_PROVIDER_NAME);
// Override security configuration to disable the security.
Map<String, Object> overrideMap = new HashMap<>();
overrideMap.put(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION.getKey(), "false");
modifyPropertySourceInEnvironment(overrideMap);
try
{
// Invalidate user session if exists.
invalidateApplicationUser(null);
// Call the relative filter to set username to trusted user in the security context.
// This will automatically load all functions defined in the database.
trustedUserAuthenticationFilter.init(new MockFilterConfig());
trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
// Create a business object definition.
// This indirectly requires the "FN_BUSINESS_OBJECT_DEFINITIONS_POST" function point to be present in the authenticated user.
BusinessObjectDefinitionCreateRequest request =
new BusinessObjectDefinitionCreateRequest(NAMESPACE, BDEF_NAME, DATA_PROVIDER_NAME, BDEF_DESCRIPTION, BDEF_DISPLAY_NAME, NO_ATTRIBUTES);
BusinessObjectDefinition businessObjectDefinition = businessObjectDefinitionRestController.createBusinessObjectDefinition(request);
// Retrieve the newly created business object definition and validate the created by field.
BusinessObjectDefinitionEntity businessObjectDefinitionEntity =
businessObjectDefinitionDao.getBusinessObjectDefinitionByKey(new BusinessObjectDefinitionKey(NAMESPACE, BDEF_NAME));
// Validate the newly created entity.
assertEquals(Integer.valueOf(businessObjectDefinition.getId()), businessObjectDefinitionEntity.getId());
String expectedUsername = TrustedApplicationUserBuilder.TRUSTED_USER_ID;
assertEquals(expectedUsername, businessObjectDefinitionEntity.getCreatedBy());
assertEquals(expectedUsername, businessObjectDefinitionEntity.getUpdatedBy());
}
finally
{
// Restore the property sources so we don't affect other tests.
restorePropertySourceInEnvironment();
}
}
}