TokenAuthenticationFilterTest.java

package org.molgenis.security.token;

import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import java.io.IOException;
import java.util.Arrays;

import static org.mockito.Mockito.*;
import static org.testng.Assert.assertEquals;

public class TokenAuthenticationFilterTest
{
	private TokenAuthenticationFilter filter;
	private AuthenticationProvider authenticationProvider;

	@BeforeMethod
	public void beforeMethod()
	{
		authenticationProvider = mock(AuthenticationProvider.class);
		filter = new TokenAuthenticationFilter(authenticationProvider);
	}

	@Test
	public void doFilter() throws IOException, ServletException
	{
		MockHttpServletRequest request = new MockHttpServletRequest();
		MockHttpServletResponse response = new MockHttpServletResponse();
		FilterChain chain = mock(FilterChain.class);

		RestAuthenticationToken auth = new RestAuthenticationToken("admin", "admin",
				Arrays.asList(new SimpleGrantedAuthority("admin")), "token");

		request.setRequestURI("/api/v1/dataset");
		request.addHeader(TokenExtractor.TOKEN_HEADER, "token");
		when(authenticationProvider.authenticate(new RestAuthenticationToken("token"))).thenReturn(auth);

		filter.doFilter(request, response, chain);
		verify(chain).doFilter(request, response);

		assertEquals(SecurityContextHolder.getContext().getAuthentication(), auth);
	}
}