/**
* Copyright (c) 2013-2016, The SeedStack authors <http://seedstack.org>
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package org.seedstack.seed.security.internal;
import com.google.inject.AbstractModule;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.assertj.core.api.Assertions;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.seedstack.seed.Install;
import org.seedstack.seed.it.SeedITRunner;
import org.seedstack.seed.security.AuthorizationException;
import org.seedstack.seed.security.SecuritySupport;
import org.seedstack.seed.security.SimpleScope;
import org.seedstack.seed.security.WithUser;
import org.seedstack.seed.security.internal.fixtures.AnnotatedClass4Security;
import org.seedstack.seed.security.principals.Principals;
import javax.inject.Inject;
import javax.inject.Named;
import static org.assertj.core.api.Assertions.assertThat;
@RunWith(SeedITRunner.class)
public class SecurityIT {
@Inject
private AnnotatedClass4Security annotatedClass;
@Inject
private SecuritySupport securitySupport;
@Inject
private SecurityManager securityManager;
@Inject
@Named("test")
private SecurityManager testSecurityManager;
@Test
@WithUser(id = "Obiwan", password = "yodarulez")
public void Obiwan_should_be_a_jedi() {
assertThat(SecurityUtils.getSubject().hasRole("jedi")).isTrue();
assertThat(securitySupport.hasRole("jedi")).isTrue();
assertThat(securitySupport.hasRole("nothing")).isTrue();
}
@Test
@WithUser(id = "Anakin", password = "imsodark")
public void anakin_should_be_able_to_learn_at_the_academy_and_should_not_be_a_jedi() {
assertThat(SecurityUtils.getSubject().isPermitted("academy:learn")).isTrue();
assertThat(securitySupport.isPermitted("academy:learn")).isTrue();
assertThat(SecurityUtils.getSubject().hasRole("jedi")).isFalse();
assertThat(securitySupport.hasRole("jedi")).isFalse();
}
@Test(expected = AuthenticationException.class)
public void user_zob_should_be_unknown() {
Subject subject = new Subject.Builder(securityManager).buildSubject();
UsernamePasswordToken token = new UsernamePasswordToken("zob", "");
subject.login(token);
}
@Test
@WithUser(id = "ThePoltergeist", password = "bouh")
public void ThePoltergeist_should_be_ghost_on_MU() {
assertThat(SecurityUtils.getSubject().hasRole("ghost")).isTrue();
assertThat(securitySupport.hasRole("ghost")).isTrue();
assertThat(securitySupport.hasRole("ghost", new SimpleScope("MU"))).isTrue();
assertThat(securitySupport.hasRole("ghost", new SimpleScope("SX"))).isTrue();
assertThat(securitySupport.isPermitted("site:haunt")).isTrue();
assertThat(securitySupport.isPermitted("site:haunt", new SimpleScope("MU"))).isTrue();
assertThat(securitySupport.isPermitted("site:haunt", new SimpleScope("SX"))).isTrue();
assertThat(securitySupport.getSimpleScopes().contains(new SimpleScope("MU"))).isTrue();
assertThat(securitySupport.getSimpleScopes().contains(new SimpleScope("SX"))).isTrue();
}
@Test
@WithUser(id = "Obiwan", password = "yodarulez")
public void Obiwan_should_be_able_to_call_the_force_and_teach() {
assertThat(annotatedClass.callTheForce()).isTrue();
assertThat(annotatedClass.teach()).isTrue();
}
@Test
@WithUser(id = "nobody", password = "foreverAlone")
public void user_nobody_should_have_role_nothing() {
assertThat(securitySupport.hasRole("nothing")).isTrue();
}
@Test(expected = AuthorizationException.class)
@WithUser(id = "Anakin", password = "imsodark")
public void Anakin_should_not_be_able_to_call_the_force() {
annotatedClass.callTheForce();
}
@Test(expected = AuthorizationException.class)
@WithUser(id = "Anakin", password = "imsodark")
public void Anakin_should_not_be_able_to_teach() {
annotatedClass.teach();
}
@Test
@WithUser(id = "Anakin", password = "imsodark")
public void Anakin_should_have_customized_principal() {
Assertions.assertThat(Principals.getSimplePrincipalByName(securitySupport.getOtherPrincipals(), "foo").getValue()).isEqualTo("bar");
}
@Install
public static class securityTestModule extends AbstractModule {
@Override
protected void configure() {
bind(AnnotatedClass4Security.class);
}
}
}