Java tutorial
/* * * Copyright 2016 Netflix, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ package com.netflix.genie.web.security.oauth2.pingfederate; import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.netflix.genie.test.categories.UnitTest; import org.hamcrest.Matchers; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.UUID; /** * Tests for the PingFederateUserAuthenticationConverter. * * @author tgianos * @since 3.0.0 */ @Category(UnitTest.class) public class PingFederateUserAuthenticationConverterUnitTests { private PingFederateUserAuthenticationConverter converter; private Map<String, Object> map; /** * Setup for the tests. */ @Before public void setup() { this.converter = new PingFederateUserAuthenticationConverter(); this.map = Maps.newHashMap(); } /** * Make sure that without a client id no authentication can be derived. */ @Test(expected = InvalidTokenException.class) public void cantGetAuthenticationWithoutClientId() { this.converter.extractAuthentication(this.map); } /** * Make sure that without a string client id no authentication can be derived. */ @Test(expected = InvalidTokenException.class) public void cantGetAuthenticationWithoutStringClientId() { this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, Boolean.TRUE); this.converter.extractAuthentication(this.map); } /** * Make sure that without a string client id no authentication can be derived. */ @Test(expected = InvalidTokenException.class) public void cantGetAuthenticationWithBlankClientId() { this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, ""); this.converter.extractAuthentication(this.map); } /** * Make sure that without any scopes no authentication can be derived. */ @Test(expected = InvalidTokenException.class) public void cantGetAuthenticationWithoutScope() { this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, UUID.randomUUID().toString()); this.map.put(PingFederateUserAuthenticationConverter.SCOPE_KEY, "Not a Collection"); this.converter.extractAuthentication(this.map); } /** * Make sure that without any scopes no authentication can be derived. */ @Test(expected = InvalidTokenException.class) public void cantGetAuthenticationWithoutAnyScopes() { this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, UUID.randomUUID().toString()); this.map.put(PingFederateUserAuthenticationConverter.SCOPE_KEY, new HashSet<String>()); this.converter.extractAuthentication(this.map); } /** * Make sure that with all the require elements we can authenticate. */ @Test public void canAuthenticateUser() { final String clientId = UUID.randomUUID().toString(); final Set<String> scopes = Sets.newHashSet(PingFederateUserAuthenticationConverter.GENIE_PREFIX + "user"); this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, clientId); this.map.put(PingFederateUserAuthenticationConverter.SCOPE_KEY, scopes); final Authentication authentication = this.converter.extractAuthentication(this.map); Assert.assertTrue(authentication instanceof UsernamePasswordAuthenticationToken); Assert.assertThat(authentication.getPrincipal(), Matchers.is(clientId)); Assert.assertThat(authentication.getAuthorities().size(), Matchers.is(1)); Assert.assertThat(authentication.getAuthorities(), Matchers.contains(new SimpleGrantedAuthority("ROLE_USER"))); } /** * Make sure that with all the require elements we can authenticate an admin. */ @Test public void canAuthenticateAdmin() { final String clientId = UUID.randomUUID().toString(); final Set<String> scopes = Sets.newHashSet(PingFederateUserAuthenticationConverter.GENIE_PREFIX + "admin"); this.map.put(PingFederateUserAuthenticationConverter.CLIENT_ID_KEY, clientId); this.map.put(PingFederateUserAuthenticationConverter.SCOPE_KEY, scopes); final Authentication authentication = this.converter.extractAuthentication(this.map); Assert.assertTrue(authentication instanceof UsernamePasswordAuthenticationToken); Assert.assertThat(authentication.getPrincipal(), Matchers.is(clientId)); Assert.assertThat(authentication.getAuthorities().size(), Matchers.is(2)); Assert.assertThat(authentication.getAuthorities(), Matchers.containsInAnyOrder( new SimpleGrantedAuthority("ROLE_ADMIN"), new SimpleGrantedAuthority("ROLE_USER"))); } }