RunAsSystemProxyTest.java

package org.molgenis.security.core.runas;

import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;

import static org.testng.Assert.*;

public class RunAsSystemProxyTest
{
	private static Authentication AUTHENTICATION_PREVIOUS;

	@BeforeClass
	public void setUpBeforeClass()
	{
		AUTHENTICATION_PREVIOUS = SecurityContextHolder.getContext().getAuthentication();
	}

	@AfterClass
	public static void tearDownAfterClass()
	{
		SecurityContextHolder.getContext().setAuthentication(AUTHENTICATION_PREVIOUS);
	}

	@Test
	public void invoke() throws NoSuchMethodException, SecurityException, Throwable
	{
		assertNull(SecurityContextHolder.getContext().getAuthentication());

		final TestProxy t = new TestProxy();
		RunAsSystemProxy proxy = new RunAsSystemProxy(t);
		proxy.invoke(new MethodInvocation()
		{
			@Override
			public Object[] getArguments()
			{
				return new Object[] {};
			}

			@Override
			public Object proceed() throws Throwable
			{
				t.run();
				return null;
			}

			@Override
			public Object getThis()
			{
				return t;
			}

			@Override
			public AccessibleObject getStaticPart()
			{
				return null;
			}

			@Override
			public Method getMethod()
			{
				try
				{
					return Runnable.class.getMethod("run");
				}
				catch (NoSuchMethodException e)
				{
					throw new RuntimeException(e);
				}
			}

		});

		// Check if run method of the TestProxy object has been called
		assertTrue(t.runCalled);

		// The SystemSecurityToken should have been removed after invocation of the run method and replaced with the
		// original ctx wich did not contain any athentication objects
		assertNull(SecurityContextHolder.getContext().getAuthentication());
	}

	private static class TestProxy implements Runnable
	{
		private boolean runCalled = false;

		@Override
		@RunAsSystem
		public void run()
		{
			runCalled = true;
			SecurityContext ctx = SecurityContextHolder.getContext();

			// Here we should have the SystemSecurityToken
			assertEquals(ctx.getAuthentication(), new SystemSecurityToken());
		}
	}
}