@Test public void indexUserAuthority() throws Exception { // Arrange int size = randomSmallInteger(); List<User> usersWithoutCurrent = list(User.class, size); List<User> users = list(User.class, size); when(userService.findUsersExceptCurrentUser()).thenReturn(usersWithoutCurrent); when(userService.findAll()).thenReturn(users); // Act + Assert mvc.perform(get("/index") .with(user(randomString()).password(randomString()).authorities(USER))) .andExpect(status().isOk()) .andExpect(view().name(Pages.INDEX)) .andExpect(model().attribute("users", equalTo(users))) .andExpect(model().attribute("usersWithoutCurrent", equalTo(usersWithoutCurrent))); // Assert verify(userService).findAll(); verify(userService).findUsersExceptCurrentUser(); }
.with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .file("content", "This is a test.".getBytes("UTF-8")) .with(csrf().asHeader()) .with(user("admin").roles("ADMIN")) .param("name", "test.txt") .param("format", "text") .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8"))
/** * Establish a {@link SecurityContext} that has a * {@link UsernamePasswordAuthenticationToken} for the * {@link Authentication#getPrincipal()} and a {@link User} for the * {@link UsernamePasswordAuthenticationToken#getPrincipal()}. All details are * declarative and do not require that the user actually exists. * * <p> * The support works by associating the user to the HttpServletRequest. To associate * the request to the SecurityContextHolder you need to ensure that the * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few * ways to do this are: * </p> * * <ul> * <li>Invoking apply {@link SecurityMockMvcConfigurers#springSecurity()}</li> * <li>Adding Spring Security's FilterChainProxy to MockMvc</li> * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc * instance may make sense when using MockMvcBuilders standaloneSetup</li> * </ul> * * @param username the username to populate * @return the {@link UserRequestPostProcessor} for additional customization */ public static UserRequestPostProcessor user(String username) { return new UserRequestPostProcessor(username); }
@Test public void t002_testDocumentCreate() throws Exception { mvc.perform(get(API_BASE + "/projects/1/documents") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.messages").isEmpty()); mvc.perform(multipart(API_BASE + "/projects/1/documents") .file("content", "This is a test.".getBytes("UTF-8")) .with(csrf().asHeader()) .with(user("admin").roles("ADMIN")) .param("name", "test.txt") .param("format", "text")) .andExpect(status().isCreated()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.body.id").value("1")) .andExpect(jsonPath("$.body.name").value("test.txt")); mvc.perform(get(API_BASE + "/projects/1/documents") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.body[0].id").value("1")) .andExpect(jsonPath("$.body[0].name").value("test.txt")) .andExpect(jsonPath("$.body[0].state").value("NEW")); }
/** * Establish a {@link SecurityContext} that has a * {@link UsernamePasswordAuthenticationToken} for the * {@link Authentication#getPrincipal()} and a {@link User} for the * {@link UsernamePasswordAuthenticationToken#getPrincipal()}. All details are * declarative and do not require that the user actually exists. * * <p> * The support works by associating the user to the HttpServletRequest. To associate * the request to the SecurityContextHolder you need to ensure that the * SecurityContextPersistenceFilter is associated with the MockMvc instance. A few * ways to do this are: * </p> * * <ul> * <li>Invoking apply {@link SecurityMockMvcConfigurers#springSecurity()}</li> * <li>Adding Spring Security's FilterChainProxy to MockMvc</li> * <li>Manually adding {@link SecurityContextPersistenceFilter} to the MockMvc * instance may make sense when using MockMvcBuilders standaloneSetup</li> * </ul> * * @param username the username to populate * @return the {@link UserRequestPostProcessor} for additional customization */ public static UserRequestPostProcessor user(String username) { return new UserRequestPostProcessor(username); }
.with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .file("content", "This is a test.".getBytes("UTF-8")) .with(csrf().asHeader()) .with(user("admin").roles("ADMIN")) .param("name", "test.txt") .param("format", "text")) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8"))
@Test public void t001_testProjectCreate() throws Exception { mvc.perform(get(API_BASE + "/projects") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.messages").isEmpty()); mvc.perform(post(API_BASE + "/projects") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN")) .contentType(MediaType.MULTIPART_FORM_DATA) .param("name", "project1")) .andExpect(status().isCreated()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.body.id").value("1")) .andExpect(jsonPath("$.body.name").value("project1")); mvc.perform(get(API_BASE + "/projects") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.body[0].id").value("1")) .andExpect(jsonPath("$.body[0].name").value("project1")); }
@Test public void indexAdminAuthority() throws Exception { // Arrange int size = randomSmallInteger(); List<User> usersWithoutCurrent = list(User.class, size); List<User> users = list(User.class, size); when(userService.findUsersExceptCurrentUser()).thenReturn(usersWithoutCurrent); when(userService.findAll()).thenReturn(users); // Act + Assert mvc.perform(get("/index") .with(user(randomString()).password(randomString()).authorities(ADMIN))) .andExpect(status().isOk()) .andExpect(view().name(Pages.INDEX)) .andExpect(model().attribute("users", equalTo(users))) .andExpect(model().attribute("usersWithoutCurrent", equalTo(usersWithoutCurrent))) .andExpect(model().attribute("user", hasProperty("username", isEmptyOrNullString()))) .andExpect(model().attribute("user", hasProperty("password", isEmptyOrNullString()))) .andExpect(model().attribute("user", hasProperty("role", isEmptyOrNullString()))); // Assert verify(userService).findAll(); verify(userService).findUsersExceptCurrentUser(); }
@Test public void t005_testCurationDelete() throws Exception { mvc.perform(delete(API_BASE + "/projects/1/documents/1/curation") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN")) .param("projectId", "1") .param("documentId", "1")) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")); mvc.perform(get(API_BASE + "/projects/1/documents") .with(csrf().asHeader()) .with(user("admin").roles("ADMIN"))) .andExpect(status().isOk()) .andExpect(content().contentType("application/json;charset=UTF-8")) .andExpect(jsonPath("$.body[0].id").value("1")) .andExpect(jsonPath("$.body[0].name").value("test.txt")) .andExpect(jsonPath("$.body[0].state").value("ANNOTATION-IN-PROGRESS")); }
@Test public void saveAdminAuthority() throws Exception { // Arrange User user = User.builder().build(); when(userService.save(user)).thenReturn(user); mvc.perform(post("/addUser") .with(csrf()) .with(user(randomString()).password(randomString()).authorities(ADMIN)) .contentType(MediaType.APPLICATION_FORM_URLENCODED)) .andExpect(status().isFound()) .andExpect(view().name("redirect:/index")) .andExpect(model().attribute("user", equalTo(user))) .andExpect(model().attribute("user", hasProperty("username", isEmptyOrNullString()))) .andExpect(model().attribute("user", hasProperty("password", isEmptyOrNullString()))) .andExpect(model().attribute("user", hasProperty("role", isEmptyOrNullString()))); // Assert verify(userService).save(any(User.class)); } }
@Test public void findAllAdminAuthority() throws Exception { // Arrange int size = RandomUtils.randomSmallInteger(); List<User> users = InitializationUtils.list(User.class, size); when(userService.findAll()).thenReturn(users); // Act + Assert mvc.perform(get("/users") .with(user(randomString()).password(randomString()).authorities(ADMIN)) .contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isOk()) .andExpect(jsonPath("$", hasSize(size))); // Assert verify(userService).findAll(); } }
/** * Populates the user's {@link GrantedAuthority}'s. The default is ROLE_USER. * * @param authorities * @see #roles(String...) * @return the UserRequestPostProcessor for further customizations */ public UserRequestPostProcessor authorities(GrantedAuthority... authorities) { return authorities(Arrays.asList(authorities)); }
@Test public void saveUserAuthority() throws Exception { // Act + Assert mvc.perform(post("/addUser") .with(csrf()) .with(user(randomString()).password(randomString()).authorities(USER))) .andExpect(status().isForbidden()); }
@Test public void findAllUserAuthority() throws Exception { // Act + Assert mvc.perform(get("/users") .with(user(randomString()).password(randomString()).authorities(USER)) .contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isForbidden()); }
@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { UserDetailsRequestPostProcessor delegate = new UserDetailsRequestPostProcessor( createUser()); return delegate.postProcessRequest(request); }
@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { UserDetailsRequestPostProcessor delegate = new UserDetailsRequestPostProcessor( createUser()); return delegate.postProcessRequest(request); }