TestSecureServices.java example

Explorer
everrest-master
/*******************************************************************************
 * Copyright (c) 2012-2016 Codenvy, S.A.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *   Codenvy, S.A. - initial API and implementation
 *******************************************************************************/
package org.everrest.assured;

import org.hamcrest.Matchers;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;

import static com.jayway.restassured.RestAssured.expect;
import static com.jayway.restassured.RestAssured.given;

@Listeners(value = {EverrestJetty.class})
public class TestSecureServices {
    @Path("/secure-test")
    public class SecureService {
        @GET
        @RolesAllowed("cloud-admin")
        @Path("/sstring")
        public String getSecure() {
            return "sstring";
        }

        @GET
        @Path("/usstring")
        public String getUSecure() {
            return "usstring";
        }
    }

    private final SecureService secureService = new SecureService();

    @Test
    public void shouldAllowToCallUnsecureMethodWithUnsecureRequest() {
        expect()
                .body(Matchers.equalTo("usstring"))
                .when().get("/secure-test/usstring");
    }

    @Test
    public void shouldNotAllowToCallUnsecureMethodWithSecureRequest() {
        expect()
                .statusCode(401)
                .when().get(JettyHttpServer.SECURE_PATH + "/secure-test/usstring");
    }

    @Test
    public void shouldNotAllowToCallSecureMethodWithSecureRequestWithoutAutorization() {
        expect()
                .statusCode(401)
                .when().get(JettyHttpServer.SECURE_PATH + "/secure-test/sstring");
    }

    @Test
    public void shouldNotAllowToCallSecureMethodWithUnsecureRequest() {
        expect()
                .statusCode(403)
                .when().get("/secure-test/sstring");
    }

    @Test
    public void shouldAllowToCallUnsecureMethodWithSecureRequest() {
        //given
        given()
                .auth().basic(JettyHttpServer.ADMIN_USER_NAME, JettyHttpServer.ADMIN_USER_PASSWORD)
                //when-then
                .expect()
                .body(Matchers.equalTo("usstring"))
                .when().get("/secure-test/usstring");
    }

    @Test
    public void shouldAllowToCallUnsecureMethodWithSecureRequestURL() {
        //given
        given()
                .auth().basic(JettyHttpServer.ADMIN_USER_NAME, JettyHttpServer.ADMIN_USER_PASSWORD)
                //when-then
                .expect()
                .body(Matchers.equalTo("usstring"))
                .when().get(JettyHttpServer.SECURE_PATH + "/secure-test/usstring");
    }

    @Test
    public void shouldAllowToCallSecureMethodWithSecureRequestURL() {
        //given
        given()
                .auth().basic(JettyHttpServer.ADMIN_USER_NAME, JettyHttpServer.ADMIN_USER_PASSWORD)
                //when-then
                .expect()
                .body(Matchers.equalTo("sstring"))
                .when().get(JettyHttpServer.SECURE_PATH + "/secure-test/sstring");
    }

    @Test
    public void shouldNotAllowToCallSecureMethodWithUnsecureULR() {
        //given
        given()
                .auth().basic(JettyHttpServer.ADMIN_USER_NAME, JettyHttpServer.ADMIN_USER_PASSWORD)
                //when-then
                .expect()
                .statusCode(403)
                .when().get("/secure-test/sstring");
    }
}