AdminControllerSecurityTest.java

package org.nextprot.api.web.security;

import org.junit.Test;
import org.nextprot.api.web.dbunit.base.mvc.MVCBaseSecurityTest;
import org.springframework.http.MediaType;

import java.util.Arrays;
import java.util.concurrent.TimeUnit;

import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

public class AdminControllerSecurityTest extends MVCBaseSecurityTest {

	private String content = "{\"name\":\"test\"}";

	private String url = "/admin/cache/clear";

	@Test
	public void shouldReturn401ForAbsentToken() throws Exception {

		this.mockMvc.perform(
				get(url).contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON).content(content)).andExpect(
				status().isUnauthorized());
	}

	@Test
	public void shouldReturn401ForAnInvalidToken() throws Exception {

		this.mockMvc.perform(
				get(url).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer a.b.c").accept(MediaType.APPLICATION_JSON).content(content))
				.andExpect(status().isUnauthorized());
	}

	@Test
	public void shouldReturn200ForAValidToken() throws Exception {

		String token = generateTokenWithExpirationDate("test@nextprot.org", 1, TimeUnit.DAYS, Arrays.asList(new String[]{"ROLE_ADMIN"}));
		
		this.mockMvc.perform(
				get(url).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + token).accept(MediaType.APPLICATION_JSON)
						.content(content)).andExpect(status().isOk());
	}

	@Test
	public void shouldReturn401ForInsufficienPrivilege() throws Exception {

		String token = generateTokenWithExpirationDate("test@nextprot.org", 1, TimeUnit.DAYS, Arrays.asList(new String[]{"ROLE_USER"}));

		this.mockMvc.perform(
				get(url).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + token).accept(MediaType.APPLICATION_JSON)
						.content(content)).andExpect(status().isUnauthorized());
	}
}