added unit tests for security filters

2025-11-12 00:15:44 +01:00 · 2016-11-05 19:46:32 +01:00
parent aa11ee9a23
commit 807eccf459
5 changed files with 342 additions and 15 deletions
--- a/scm-webapp/src/main/java/sonia/scm/filter/AdminSecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/AdminSecurityFilter.java
@@ -44,7 +44,9 @@ import sonia.scm.config.ScmConfiguration;
 import sonia.scm.security.Role;

 /**
- *
+ * Security filter which allow only administrators to access the underlying
+ * resources.
+ * 
 * @author Sebastian Sdorra
 */
@Singleton
@@ -52,10 +54,9 @@ public class AdminSecurityFilter extends SecurityFilter
 {

  /**
-   * Constructs ...
+   * Constructs a new instance.
   *
-   *
-   * @param configuration
+   * @param configuration scm-manager main configuration
   */
  @Inject
  public AdminSecurityFilter(ScmConfiguration configuration)
@@ -66,14 +67,11 @@ public class AdminSecurityFilter extends SecurityFilter
  //~--- get methods ----------------------------------------------------------

  /**
-   * Method description
+   * Returns {@code true} if the subject has the admin role.
   *
+   * @param subject subject
   *
-   * @param securityContext
-   *
-   * @param subject
-   *
-   * @return
+   * @return {@code true} if the subject has the admin role
   */
  @Override
  protected boolean hasPermission(Subject subject)
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityFilter.java
@@ -35,6 +35,7 @@ package sonia.scm.filter;

 //~--- non-JDK imports --------------------------------------------------------

+import com.google.common.annotations.VisibleForTesting;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;

@@ -65,7 +66,8 @@ public class SecurityFilter extends HttpFilter
 {

  /** name of request attribute for the primary principal */
-  private static final String ATTRIBUTE_REMOTE_USER = "principal";
+  @VisibleForTesting
+  static final String ATTRIBUTE_REMOTE_USER = "principal";

  /** Field description */
  public static final String URL_AUTHENTICATION = "/api/rest/authentication";
@@ -102,13 +104,12 @@ public class SecurityFilter extends HttpFilter
    HttpServletResponse response, FilterChain chain)
    throws IOException, ServletException
  {
-    Subject subject = SecurityUtils.getSubject();
-
    String uri =
      request.getRequestURI().substring(request.getContextPath().length());

    if (!uri.startsWith(URL_AUTHENTICATION))
    {
+      Subject subject = SecurityUtils.getSubject();
      if (hasPermission(subject))
      {
        // add primary principal as request attribute
@@ -164,7 +165,7 @@ public class SecurityFilter extends HttpFilter
   */
  private User getUser(Subject subject)
  {
-    User user = null;
+    User user;

    if (subject.isAuthenticated() || subject.isRemembered())
    {
@@ -181,5 +182,5 @@ public class SecurityFilter extends HttpFilter
  //~--- fields ---------------------------------------------------------------

  /** Field description */
-  private ScmConfiguration configuration;
+  private final ScmConfiguration configuration;
 }