TestPepInterceptorNullAssertionToken.java

/**
 * Copyright (c) Codice Foundation
 * <p>
 * This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
 * General Public License as published by the Free Software Foundation, either version 3 of the
 * License, or any later version.
 * <p>
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details. A copy of the GNU Lesser General Public License
 * is distributed along with this program and can be found at
 * <http://www.gnu.org/licenses/lgpl.html>.
 */
package ddf.security.pep.interceptor;

import static org.junit.Assert.assertNotNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import org.apache.cxf.interceptor.security.AccessDeniedException;
import org.apache.cxf.message.Message;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.rule.PowerMockRule;

import ddf.security.assertion.SecurityAssertion;
import ddf.security.common.audit.SecurityLogger;
import ddf.security.service.impl.SecurityAssertionStore;

@PrepareForTest({SecurityAssertionStore.class, SecurityLogger.class})
public class TestPepInterceptorNullAssertionToken {

    @Rule
    public PowerMockRule rule = new PowerMockRule();

    @Rule
    public ExpectedException expectedExForNullMessage = ExpectedException.none();

    @Test
    public void testMessageNullSecurityAssertionToken() {
        PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();

        Message messageWithNullSecurityAssertion = mock(Message.class);
        SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
        assertNotNull(mockSecurityAssertion);
        PowerMockito.mockStatic(SecurityAssertionStore.class);
        PowerMockito.mockStatic(SecurityLogger.class);
        when(SecurityAssertionStore.getSecurityAssertion(messageWithNullSecurityAssertion)).thenReturn(
                mockSecurityAssertion);
        // SecurityLogger is already stubbed out
        when(mockSecurityAssertion.getSecurityToken()).thenReturn(null);
        expectedExForNullMessage.expect(AccessDeniedException.class);
        expectedExForNullMessage.expectMessage("Unauthorized");
        interceptor.handleMessage(messageWithNullSecurityAssertion);

        PowerMockito.verifyStatic();
    }
}