RoleAccessAssertionTest.java

package org.mapfish.print.config.access;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.json.JSONObject;
import org.junit.After;
import org.junit.Test;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.context.SecurityContextHolder;

import java.util.List;

import static org.junit.Assert.assertEquals;
import static org.mapfish.print.config.access.AccessAssertionTestUtil.setCreds;

public class RoleAccessAssertionTest {

    @After
    public void tearDown() throws Exception {
        SecurityContextHolder.clearContext();
    }

    @Test(expected = AssertionError.class)
    public void testSetRequiredRoles() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
    }

    @Test (expected = AuthenticationCredentialsNotFoundException.class)
    public void testAssertAccessNoCredentials() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));

        assertion.assertAccess("", this);
    }

    @Test (expected = AccessDeniedException.class)
    public void testAssertAccessWrongCreds() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));

        setCreds("ROLE_USER2");
        assertion.assertAccess("", this);
    }

    @Test
    public void testAssertAccessAllowed() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));

        setCreds("ROLE_USER");
        assertion.assertAccess("", this);

        setCreds("ROLE_USER", "ROLE_OTHER");
        assertion.assertAccess("", this);
    }
    @Test
    public void testAssertAccessOneOf() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER", "ROLE_USER2"));

        setCreds("ROLE_USER");
        assertion.assertAccess("", this);

        setCreds("ROLE_USER2");
        assertion.assertAccess("", this);

        setCreds("ROLE_OTHER", "ROLE_USER2");
        assertion.assertAccess("", this);

    }

    @Test (expected = AccessDeniedException.class)
    public void testAssertAccessOneOfFailed() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER", "ROLE_USER2"));

        setCreds("ROLE_OTHER");
        assertion.assertAccess("", this);

    }

    @Test (expected = AuthenticationCredentialsNotFoundException.class)
    public void testAssertNoRolesNoCreds() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.<String>newHashSet());

        assertion.assertAccess("", this);
        setCreds("ROLE_OTHER", "ROLE_USER2");
        assertion.assertAccess("", this);
    }

    @Test
    public void testAssertNoRolesSomeCreds() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.<String>newHashSet());

        setCreds("ROLE_OTHER");
        assertion.assertAccess("", this);

        setCreds("ROLE_USER");
        assertion.assertAccess("", this);
    }

    @Test (expected = AuthenticationCredentialsNotFoundException.class)
    public void testMarshalUnmarshalNoAuth() throws Exception {
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
        final JSONObject marshalData = assertion.marshal();

        RoleAccessAssertion newAssertion = new RoleAccessAssertion();
        newAssertion.unmarshal(marshalData);
        newAssertion.assertAccess("", this);
    }

    @Test (expected = AccessDeniedException.class)
    public void testMarshalUnmarshalNotPermitted() throws Exception {
        setCreds("ROLE_OTHER");
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
        final JSONObject marshalData = assertion.marshal();

        RoleAccessAssertion newAssertion = new RoleAccessAssertion();
        newAssertion.unmarshal(marshalData);
        newAssertion.assertAccess("", this);
    }


    @Test
    public void testMarshalUnmarshalAllowed() throws Exception {
        setCreds("ROLE_USER");
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
        final JSONObject marshalData = assertion.marshal();

        RoleAccessAssertion newAssertion = new RoleAccessAssertion();
        newAssertion.unmarshal(marshalData);
        newAssertion.assertAccess("", this);
    }


    @Test
    public void testValidate() throws Exception {
        List<Throwable> errors = Lists.newArrayList();
        final RoleAccessAssertion assertion = new RoleAccessAssertion();
        assertion.validate(errors, null);
        assertEquals(1, errors.size());
        errors.clear();
        assertion.setRequiredRoles(Sets.newHashSet("ROLE_USER"));
        assertion.validate(errors, null);
        assertEquals(0, errors.size());
    }
}