JPARealmTest.java

package net.sf.gazpachoquest.security.shiro;

import static org.fest.assertions.api.Assertions.assertThat;

import java.security.SignatureException;
import java.util.Date;

import net.sf.gazpachoquest.domain.user.User;
import net.sf.gazpachoquest.security.support.HMACSignature;
import net.sf.gazpachoquest.test.dbunit.support.ColumnDetectorXmlDataSetLoader;

import org.apache.commons.lang3.time.DateFormatUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestExecutionListeners;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.DependencyInjectionTestExecutionListener;

import com.github.springtestdbunit.DbUnitTestExecutionListener;
import com.github.springtestdbunit.annotation.DatabaseSetup;
import com.github.springtestdbunit.annotation.DatabaseTearDown;
import com.github.springtestdbunit.annotation.DbUnitConfiguration;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:/jpa-test-context.xml", "classpath:/datasource-test-context.xml",
        "classpath:/services-context.xml", "classpath:/components-context.xml", "classpath:/rest-security-context.xml", })
@TestExecutionListeners({ DependencyInjectionTestExecutionListener.class, DbUnitTestExecutionListener.class })
@DatabaseSetup("JPARealm-dataset.xml")
@DatabaseTearDown("JPARealm-dataset.xml")
@DbUnitConfiguration(dataSetLoader = ColumnDetectorXmlDataSetLoader.class)
public class JPARealmTest {

    @Autowired
    private JPARealm apiKeyRealm;

    @Test
    public void loginTest() throws SignatureException {
        Subject subject = SecurityUtils.getSubject();

        String date = DateFormatUtils.SMTP_DATETIME_FORMAT.format(new Date());

        String resource = "/questionnaires/58";
        String method = "GET";
        String stringToSign = new StringBuilder().append(method).append(" ").append(resource).append("\n").append(date)
                .toString();
        String apiKey = "B868UOHUTKUDWXM";
        String secret = "IQO27YUZO8NJ7RADIK6SJ9BQZNYP4EMO";
        String signature = HMACSignature.calculateRFC2104HMAC(stringToSign, secret);

        AuthenticationToken token = new HmacAuthToken.Builder().apiKey(apiKey).signature(signature).dateUTC(date)
                .message(stringToSign).build();
        subject.login(token);

        assertThat(subject.getPrincipal()).isInstanceOf(User.class);
        assertThat(subject.getPrincipal()).isEqualTo(User.with().id(3).build());

        boolean isPermitted = subject.isPermitted("questionnaire:read:58");
        assertThat(isPermitted).isTrue();
    }

}