001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.wrapper;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.Authentication;
021: import org.acegisecurity.GrantedAuthority;
022: import org.acegisecurity.GrantedAuthorityImpl;
023: import org.acegisecurity.context.SecurityContextHolder;
024: import org.acegisecurity.providers.TestingAuthenticationToken;
025: import org.acegisecurity.userdetails.User;
026: import org.acegisecurity.util.PortResolverImpl;
027: import org.springframework.mock.web.MockHttpServletRequest;
028:
029: /**
030: * Tests {@link SecurityContextHolderAwareRequestWrapper}.
031: *
032: * @author Ben Alex
033: * @version $Id: SecurityContextHolderAwareRequestWrapperTests.java 1877 2007-05-25 05:33:06Z benalex $
034: */
035: public class SecurityContextHolderAwareRequestWrapperTests extends
036: TestCase {
037: //~ Constructors ===================================================================================================
038:
039: public SecurityContextHolderAwareRequestWrapperTests() {
040: super ();
041: }
042:
043: public SecurityContextHolderAwareRequestWrapperTests(String arg0) {
044: super (arg0);
045: }
046:
047: //~ Methods ========================================================================================================
048:
049: public static void main(String[] args) {
050: junit.textui.TestRunner
051: .run(SecurityContextHolderAwareRequestWrapperTests.class);
052: }
053:
054: public final void setUp() throws Exception {
055: super .setUp();
056: }
057:
058: public void testCorrectOperationWithStringBasedPrincipal()
059: throws Exception {
060: Authentication auth = new TestingAuthenticationToken("marissa",
061: "koala",
062: new GrantedAuthority[] { new GrantedAuthorityImpl(
063: "ROLE_FOO") });
064: SecurityContextHolder.getContext().setAuthentication(auth);
065:
066: MockHttpServletRequest request = new MockHttpServletRequest();
067: request.setRequestURI("/");
068:
069: SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
070: request, new PortResolverImpl());
071:
072: assertEquals("marissa", wrapper.getRemoteUser());
073: assertTrue(wrapper.isUserInRole("ROLE_FOO"));
074: assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
075: assertEquals(auth, wrapper.getUserPrincipal());
076:
077: SecurityContextHolder.getContext().setAuthentication(null);
078: }
079:
080: public void testCorrectOperationWithUserDetailsBasedPrincipal()
081: throws Exception {
082: Authentication auth = new TestingAuthenticationToken(new User(
083: "marissaAsUserDetails", "koala", true, true, true,
084: true, new GrantedAuthority[] {}), "koala",
085: new GrantedAuthority[] {
086: new GrantedAuthorityImpl("ROLE_HELLO"),
087: new GrantedAuthorityImpl("ROLE_FOOBAR") });
088: SecurityContextHolder.getContext().setAuthentication(auth);
089:
090: MockHttpServletRequest request = new MockHttpServletRequest();
091: request.setRequestURI("/");
092:
093: SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
094: request, new PortResolverImpl());
095:
096: assertEquals("marissaAsUserDetails", wrapper.getRemoteUser());
097: assertFalse(wrapper.isUserInRole("ROLE_FOO"));
098: assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
099: assertTrue(wrapper.isUserInRole("ROLE_FOOBAR"));
100: assertTrue(wrapper.isUserInRole("ROLE_HELLO"));
101: assertEquals(auth, wrapper.getUserPrincipal());
102:
103: SecurityContextHolder.getContext().setAuthentication(null);
104: }
105:
106: public void testNullAuthenticationHandling() throws Exception {
107: SecurityContextHolder.getContext().setAuthentication(null);
108:
109: MockHttpServletRequest request = new MockHttpServletRequest();
110: request.setRequestURI("/");
111:
112: SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
113: request, new PortResolverImpl());
114: assertNull(wrapper.getRemoteUser());
115: assertFalse(wrapper.isUserInRole("ROLE_ANY"));
116: assertNull(wrapper.getUserPrincipal());
117:
118: SecurityContextHolder.getContext().setAuthentication(null);
119: }
120:
121: public void testNullPrincipalHandling() throws Exception {
122: Authentication auth = new TestingAuthenticationToken(null,
123: "koala", new GrantedAuthority[] {
124: new GrantedAuthorityImpl("ROLE_HELLO"),
125: new GrantedAuthorityImpl("ROLE_FOOBAR") });
126: SecurityContextHolder.getContext().setAuthentication(auth);
127:
128: MockHttpServletRequest request = new MockHttpServletRequest();
129: request.setRequestURI("/");
130:
131: SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(
132: request, new PortResolverImpl());
133:
134: assertNull(wrapper.getRemoteUser());
135: assertFalse(wrapper.isUserInRole("ROLE_HELLO")); // principal is null, so reject
136: assertFalse(wrapper.isUserInRole("ROLE_FOOBAR")); // principal is null, so reject
137: assertNull(wrapper.getUserPrincipal());
138:
139: SecurityContextHolder.getContext().setAuthentication(null);
140: }
141: }
|