ShiroAuthorizingInterceptorTest.java example

Explorer
aurora-master
/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.aurora.scheduler.http.api.security;

import java.lang.reflect.Method;
import java.util.concurrent.atomic.AtomicLong;

import com.google.inject.util.Providers;

import org.aopalliance.intercept.MethodInvocation;
import org.apache.aurora.common.stats.StatsProvider;
import org.apache.aurora.common.testing.easymock.EasyMockTest;
import org.apache.aurora.gen.AuroraAdmin;
import org.apache.aurora.gen.Response;
import org.apache.aurora.gen.ResponseCode;
import org.apache.aurora.scheduler.spi.Permissions;
import org.apache.aurora.scheduler.spi.Permissions.Domain;
import org.apache.aurora.scheduler.thrift.Responses;
import org.apache.shiro.subject.Subject;
import org.easymock.IExpectationSetters;
import org.junit.Before;
import org.junit.Test;

import static org.apache.aurora.scheduler.http.api.security.ShiroAuthorizingInterceptor.SHIRO_AUTHORIZATION_FAILURES;
import static org.apache.aurora.scheduler.spi.Permissions.Domain.THRIFT_AURORA_ADMIN;
import static org.easymock.EasyMock.expect;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertSame;

public class ShiroAuthorizingInterceptorTest extends EasyMockTest {
  private static final Domain DOMAIN = THRIFT_AURORA_ADMIN;

  private Subject subject;
  private StatsProvider statsProvider;
  private MethodInvocation methodInvocation;
  private Method interceptedMethod;

  private ShiroAuthorizingInterceptor interceptor;

  @Before
  public void setUp() throws NoSuchMethodException {
    interceptor = new ShiroAuthorizingInterceptor(DOMAIN);
    subject = createMock(Subject.class);
    statsProvider = createMock(StatsProvider.class);
    methodInvocation = createMock(MethodInvocation.class);
    interceptedMethod = AuroraAdmin.Iface.class.getMethod("snapshot");
    expect(statsProvider.makeCounter(SHIRO_AUTHORIZATION_FAILURES)).andReturn(new AtomicLong());
  }

  private void replayAndInitialize() {
    control.replay();
    interceptor.initialize(Providers.of(subject), statsProvider);
  }

  private IExpectationSetters<Boolean> expectSubjectPermitted() {
    return expect(subject.isPermitted(
        Permissions.createUnscopedPermission(DOMAIN, interceptedMethod.getName())));
  }

  @Test
  public void testAuthorized() throws Throwable {
    Response response = Responses.ok();
    expect(methodInvocation.getMethod()).andReturn(interceptedMethod);
    expectSubjectPermitted().andReturn(true);
    expect(methodInvocation.proceed()).andReturn(response);

    replayAndInitialize();

    assertSame(response, interceptor.invoke(methodInvocation));
  }

  @Test
  public void testNotAuthorized() throws Throwable {
    expect(methodInvocation.getMethod()).andReturn(interceptedMethod);
    expectSubjectPermitted().andReturn(false);
    expect(subject.getPrincipal()).andReturn("ksweeney");

    replayAndInitialize();

    assertEquals(
        ResponseCode.AUTH_FAILED,
        ((Response) interceptor.invoke(methodInvocation)).getResponseCode());
  }
}