protected Authorization getDbAuthorization() { Authorization dbAuthorization = authorizationService.createAuthorizationQuery() .authorizationId(resourceId) .singleResult(); if (dbAuthorization == null) { throw new InvalidRequestException(Status.NOT_FOUND, "Authorization with id " + resourceId + " does not exist."); } else { return dbAuthorization; } }
protected Authorization getDbAuthorization() { Authorization dbAuthorization = authorizationService.createAuthorizationQuery() .authorizationId(resourceId) .singleResult(); if (dbAuthorization == null) { throw new InvalidRequestException(Status.NOT_FOUND, "Authorization with id " + resourceId + " does not exist."); } else { return dbAuthorization; } }
protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
protected void applyFilters(AuthorizationQuery query) { if (id != null) { query.authorizationId(id); } if (type != null) { query.authorizationType(type); } if (userIdIn != null) { query.userIdIn(userIdIn); } if (groupIdIn != null) { query.groupIdIn(groupIdIn); } if (resourceType != null) { query.resourceType(resourceType); } if (resourceId != null) { query.resourceId(resourceId); } }
@Test public void testDeleteAuthorization() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then().expect() .statusCode(Status.NO_CONTENT.getStatusCode()) .when() .delete(AUTH_RESOURCE_PATH); verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID); }
@Test public void testGetNonExistingAuthorizationById() { AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(null); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then().expect() .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON) .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist.")) .when() .get(AUTH_RESOURCE_PATH); }
@Test public void testDeleteNonExistingAuthorization() { AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(null); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then().expect() .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON) .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist.")) .when() .delete(AUTH_RESOURCE_PATH); verify(authorizationServiceMock, never()).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID); }
@Test public void testAuthorizationResourceOptions() { String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID; Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); when(identityServiceMock.getCurrentAuthentication()).thenReturn(null); when(processEngineConfigurationMock.isAuthorizationEnabled()).thenReturn(true); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then() .statusCode(Status.OK.getStatusCode()) .body("links[0].href", equalTo(fullAuthorizationUrl)) .body("links[0].method", equalTo(HttpMethod.GET)) .body("links[0].rel", equalTo("self")) .body("links[1].href", equalTo(fullAuthorizationUrl)) .body("links[1].method", equalTo(HttpMethod.DELETE)) .body("links[1].rel", equalTo("delete")) .body("links[2].href", equalTo(fullAuthorizationUrl)) .body("links[2].method", equalTo(HttpMethod.PUT)) .body("links[2].rel", equalTo("update")) .when() .options(AUTH_RESOURCE_PATH); verify(identityServiceMock, times(2)).getCurrentAuthentication(); }
@Test public void testDeleteAuthorizationThrowsAuthorizationException() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); String message = "expected authorization exception"; doThrow(new AuthorizationException(message)).when(authorizationServiceMock).deleteAuthorization(MockProvider.EXAMPLE_AUTHORIZATION_ID); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then().expect() .statusCode(Status.FORBIDDEN.getStatusCode()) .contentType(ContentType.JSON) .body("type", equalTo(AuthorizationException.class.getSimpleName())) .body("message", equalTo(message)) .when() .delete(AUTH_RESOURCE_PATH); }
@Test public void testAuthorizationResourceOptionsUnauthorized() { String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID; Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null); when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication); when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false); when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false); when(processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()).thenReturn(true); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then() .statusCode(Status.OK.getStatusCode()) .body("links[0].href", equalTo(fullAuthorizationUrl)) .body("links[0].method", equalTo(HttpMethod.GET)) .body("links[0].rel", equalTo("self")) .body("links[1]", nullValue()) .body("links[2]", nullValue()) .when() .options(AUTH_RESOURCE_PATH); verify(identityServiceMock, times(2)).getCurrentAuthentication(); verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID); }
@Test public void testCreateGlobalAuthorization() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL)).thenReturn(authorization); when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.OK.getStatusCode()) .when() .post(AUTH_CREATE_PATH); verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL); verify(authorization).setUserId(Authorization.ANY); verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType()); verify(authorization, times(2)).setResourceId(authorization.getResourceId()); verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values())); verify(authorizationServiceMock).saveAuthorization(authorization); }
@Test public void testUpdateAuthorizationThrowsAuthorizationException() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); String message = "expected authorization exception"; when(authorizationServiceMock.saveAuthorization(any(Authorization.class))).thenThrow(new AuthorizationException(message)); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.FORBIDDEN.getStatusCode()) .contentType(ContentType.JSON) .body("type", equalTo(AuthorizationException.class.getSimpleName())) .body("message", equalTo(message)) .when() .put(AUTH_RESOURCE_PATH); }
@Test public void testAuthorizationResourceOptionsUpdateUnauthorized() { String fullAuthorizationUrl = "http://localhost:" + PORT + TEST_RESOURCE_ROOT_PATH + AuthorizationRestService.PATH + "/" + MockProvider.EXAMPLE_AUTHORIZATION_ID; Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); Authentication authentication = new Authentication(MockProvider.EXAMPLE_USER_ID, null); when(identityServiceMock.getCurrentAuthentication()).thenReturn(authentication); when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(true); when(authorizationServiceMock.isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(false); when(processEngine.getProcessEngineConfiguration().isAuthorizationEnabled()).thenReturn(true); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then() .statusCode(Status.OK.getStatusCode()) .body("links[0].href", equalTo(fullAuthorizationUrl)) .body("links[0].method", equalTo(HttpMethod.GET)) .body("links[0].rel", equalTo("self")) .body("links[1].href", equalTo(fullAuthorizationUrl)) .body("links[1].method", equalTo(HttpMethod.DELETE)) .body("links[1].rel", equalTo("delete")) .body("links[2]", nullValue()) .when() .options(AUTH_RESOURCE_PATH); verify(identityServiceMock, times(2)).getCurrentAuthentication(); verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, DELETE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(authorizationServiceMock, times(1)).isUserAuthorized(MockProvider.EXAMPLE_USER_ID, null, UPDATE, AUTHORIZATION, MockProvider.EXAMPLE_AUTHORIZATION_ID); }
@Test public void testUpdateAuthorization() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.NO_CONTENT.getStatusCode()) .when() .put(AUTH_RESOURCE_PATH); verify(authorizationQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(authorization).setGroupId(dto.getGroupId()); verify(authorization).setUserId(dto.getUserId()); verify(authorization).setResourceId(dto.getResourceId()); verify(authorization).setResourceType(dto.getResourceType()); verify(authorizationServiceMock).saveAuthorization(authorization); }
@Test public void testUpdateNonExistingAuthorization() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(null); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON) .body("message", equalTo("Authorization with id "+MockProvider.EXAMPLE_AUTHORIZATION_ID+" does not exist.")) .when() .put(AUTH_RESOURCE_PATH); verify(authorizationServiceMock, never()).saveAuthorization(authorization); }
@Test public void testCreateGrantAuthorization() { Authorization authorization = MockProvider.createMockGrantAuthorization(); when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_GRANT)).thenReturn(authorization); when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.OK.getStatusCode()) .when() .post(AUTH_CREATE_PATH); verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_GRANT); verify(authorization, times(2)).setUserId(authorization.getUserId()); verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType()); verify(authorization, times(2)).setResourceId(authorization.getResourceId()); verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values())); verify(authorizationServiceMock).saveAuthorization(authorization); }
@Test public void testCreateRevokeAuthorization() { Authorization authorization = MockProvider.createMockRevokeAuthorization(); when(authorizationServiceMock.createNewAuthorization(Authorization.AUTH_TYPE_REVOKE)).thenReturn(authorization); when(authorizationServiceMock.saveAuthorization(authorization)).thenReturn(authorization); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); AuthorizationDto dto = AuthorizationDto.fromAuthorization(authorization); given() .body(dto).contentType(ContentType.JSON) .then().expect() .statusCode(Status.OK.getStatusCode()) .when() .post(AUTH_CREATE_PATH); verify(authorizationServiceMock).createNewAuthorization(Authorization.AUTH_TYPE_REVOKE); verify(authorization, times(2)).setUserId(authorization.getUserId()); verify(authorization, times(4)).setResourceType(authorization.getAuthorizationType()); verify(authorization, times(2)).setResourceId(authorization.getResourceId()); verify(authorization, times(2)).setPermissions(authorization.getPermissions(Permissions.values())); verify(authorizationServiceMock).saveAuthorization(authorization); }
@Test public void testCompleteGetParameters() { List<Authorization> mockAuthorizations = MockProvider.createMockGlobalAuthorizations(); AuthorizationQuery mockQuery = setUpMockQuery(mockAuthorizations); Map<String, String> queryParameters = getCompleteStringQueryParameters(); RequestSpecification requestSpecification = given().contentType(POST_JSON_CONTENT_TYPE); for (Entry<String, String> paramEntry : queryParameters.entrySet()) { requestSpecification.parameter(paramEntry.getKey(), paramEntry.getValue()); } requestSpecification.expect().statusCode(Status.OK.getStatusCode()) .when().get(SERVICE_PATH); verify(mockQuery).authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID); verify(mockQuery).authorizationType(MockProvider.EXAMPLE_AUTHORIZATION_TYPE); verify(mockQuery).userIdIn(new String[]{MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_ID2}); verify(mockQuery).groupIdIn(new String[]{MockProvider.EXAMPLE_GROUP_ID, MockProvider.EXAMPLE_GROUP_ID2}); verify(mockQuery).resourceType(MockProvider.EXAMPLE_RESOURCE_TYPE_ID); verify(mockQuery).resourceId(MockProvider.EXAMPLE_RESOURCE_ID); verify(mockQuery).list(); }
@Test public void testGetAuthorizationById() { Authorization authorization = MockProvider.createMockGlobalAuthorization(); AuthorizationQuery authorizationQuery = mock(AuthorizationQuery.class); when(authorizationServiceMock.createAuthorizationQuery()).thenReturn(authorizationQuery); when(authorizationQuery.authorizationId(MockProvider.EXAMPLE_AUTHORIZATION_ID)).thenReturn(authorizationQuery); when(authorizationQuery.singleResult()).thenReturn(authorization); given() .pathParam("id", MockProvider.EXAMPLE_AUTHORIZATION_ID) .then().expect() .statusCode(Status.OK.getStatusCode()).contentType(ContentType.JSON) .body("id", equalTo(authorization.getId())) .body("type", equalTo(authorization.getAuthorizationType())) .body("permissions[0]", equalTo(Permissions.READ.getName())) .body("permissions[1]", equalTo(Permissions.UPDATE.getName())) .body("userId", equalTo(authorization.getUserId())) .body("groupId", equalTo(authorization.getGroupId())) .body("resourceType", equalTo(authorization.getResourceType())) .body("resourceId", equalTo(authorization.getResourceId())) .when() .get(AUTH_RESOURCE_PATH); }
protected Authorization getDbAuthorization() { Authorization dbAuthorization = authorizationService.createAuthorizationQuery() .authorizationId(resourceId) .singleResult(); if (dbAuthorization == null) { throw new InvalidRequestException(Status.NOT_FOUND, "Authorization with id " + resourceId + " does not exist."); } else { return dbAuthorization; } }