package org.mapfish.print.config.access;
import com.google.common.collect.Sets;
import org.junit.After;
import org.junit.Test;
import org.mapfish.print.AbstractMapfishSpringTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
import static org.junit.Assert.fail;
public class AndAccessAssertionTest extends AbstractMapfishSpringTest {
@Autowired
ApplicationContext applicationContext;
@After
public void tearDown() throws Exception {
SecurityContextHolder.clearContext();
}
@Test(expected = AssertionError.class)
public void testSetPredicates() throws Exception {
final AndAccessAssertion andAssertion = applicationContext.getBean(AndAccessAssertion.class);
andAssertion.setPredicates(AlwaysAllowAssertion.INSTANCE, AlwaysAllowAssertion.INSTANCE);
andAssertion.setPredicates(AlwaysAllowAssertion.INSTANCE);
}
@Test(expected = AccessDeniedException.class)
public void testAssertAccessNotAllowed() throws Exception {
final AndAccessAssertion andAssertion = applicationContext.getBean(AndAccessAssertion.class);
AccessAssertion pred1 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_USER"));
AccessAssertion pred2 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_OTHER"));
andAssertion.setPredicates(pred1, pred2);
AccessAssertionTestUtil.setCreds("ROLE_USER");
andAssertion.assertAccess("", this);
}
@Test
public void testAssertAccessAllowed() throws Exception {
final AndAccessAssertion andAssertion = applicationContext.getBean(AndAccessAssertion.class);
AccessAssertion pred1 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_USER"));
AccessAssertion pred2 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_OTHER"));
andAssertion.setPredicates(pred1, pred2);
AccessAssertionTestUtil.setCreds("ROLE_USER", "ROLE_OTHER");
andAssertion.assertAccess("", this);
}
@Test
public void testMarshalUnmarshal() throws Exception {
final AndAccessAssertion andAssertion = applicationContext.getBean(AndAccessAssertion.class);
AccessAssertion pred1 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_USER"));
AccessAssertion pred2 = new RoleAccessAssertion().setRequiredRoles(Sets.newHashSet("ROLE_OTHER"));
andAssertion.setPredicates(pred1, pred2);
AccessAssertionTestUtil.setCreds("ROLE_USER", "ROLE_OTHER");
andAssertion.assertAccess("", this);
try {
AccessAssertionTestUtil.setCreds("ROLE_USER");
andAssertion.assertAccess("", this);
fail("Expected an AccessDeniedException exception");
} catch (AccessDeniedException e) {
// good
}
}
}