Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-14 09:25:43 +01:00
Code Issues Packages Projects Releases Activity

Replace method interceptor with request filter

Browse Source
This commit is contained in:
René Pfeuffer
2018-11-13 09:54:28 +01:00
parent 96c2114e53
commit 3e99709035
4 changed files with 108 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
scm-webapp/src/test/java/sonia/scm/security/SecurityRequestFilterTest.java Normal file
View File

@@ -0,0 +1,62 @@
package sonia.scm.security;
import com.github.sdorra.shiro.ShiroRule;
import com.github.sdorra.shiro.SubjectAware;
import org.apache.shiro.authc.AuthenticationException;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ResourceInfo;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
@SubjectAware(configuration = "classpath:sonia/scm/shiro-001.ini")
public class SecurityRequestFilterTest {
@Rule
public ShiroRule shiroRule = new ShiroRule();
@Mock
private ResourceInfo resourceInfo;
@Mock
private ContainerRequestContext context;
@InjectMocks
private SecurityRequestFilter securityRequestFilter;
@Test
public void shouldAllowUnauthenticatedAccessForAnnotatedMethod() throws NoSuchMethodException {
when(resourceInfo.getResourceMethod()).thenReturn(SecurityTestClass.class.getMethod("anonymousAccessAllowed"));
securityRequestFilter.filter(context);
}
@Test(expected = AuthenticationException.class)
public void shouldRejectUnauthenticatedAccessForAnnotatedMethod() throws NoSuchMethodException {
when(resourceInfo.getResourceMethod()).thenReturn(SecurityTestClass.class.getMethod("loginRequired"));
securityRequestFilter.filter(context);
}
@Test
@SubjectAware(username = "trillian", password = "secret")
public void shouldAllowAuthenticatedAccessForMethodWithoutAnnotation() throws NoSuchMethodException {
when(resourceInfo.getResourceMethod()).thenReturn(SecurityTestClass.class.getMethod("loginRequired"));
securityRequestFilter.filter(context);
}
private static class SecurityTestClass {
@AllowAnonymousAccess
public void anonymousAccessAllowed() {
}
public void loginRequired() {
}
}
}