Java tutorial
/* * Copyright 2015 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package io.curly.advisor.web; import io.curly.advisor.AdvisorApplication; import io.curly.advisor.model.ReviewEntity; import org.bson.types.ObjectId; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.test.SpringApplicationConfiguration; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.mock.http.MockHttpOutputMessage; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import javax.servlet.Filter; import java.io.IOException; import java.math.BigDecimal; import static org.hamcrest.Matchers.not; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; /** * @author Joao Pedro Evangelista */ @DirtiesContext @WebAppConfiguration @SpringApplicationConfiguration(classes = AdvisorApplication.class) @RunWith(SpringJUnit4ClassRunner.class) public class HttpSecurityAntMatchersTests { @Autowired private WebApplicationContext wac; @Autowired @Qualifier("springSecurityFilterChain") private Filter securityFilter; private MockMvc mvc; @Before public void setUp() throws Exception { this.mvc = MockMvcBuilders.webAppContextSetup(wac).addFilter(securityFilter).build(); } @Test public void testReviewsByArtifactIsNotSecure() throws Exception { mvc.perform(get("/reviews/artifact/{artifact}", ObjectId.get().toHexString())) .andExpect(status().is(not(HttpStatus.UNAUTHORIZED.value()))); } @Test public void testReviewsOwnedIsSecure() throws Exception { mvc.perform(get("/reviews/owned")).andExpect(status().isUnauthorized()); } @Test public void testReviewsOwnedSingleIsSecure() throws Exception { mvc.perform(get("/reviews/owned/{review}", ObjectId.get().toHexString())) .andExpect(status().isUnauthorized()); } @Test public void testPostOnReviewsIsSecure() throws Exception { mvc.perform(post("/reviews").content(entity()).contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isUnauthorized()); } public String entity() { ReviewEntity reviewEntity = new ReviewEntity(); reviewEntity.setArtifact(ObjectId.get().toHexString()); reviewEntity.setContent("abcd"); reviewEntity.setTitle("some fancy title"); reviewEntity.setRate(BigDecimal.ONE); MockHttpOutputMessage message = new MockHttpOutputMessage(); try { new MappingJackson2HttpMessageConverter().write(reviewEntity, MediaType.APPLICATION_JSON, message); } catch (IOException ignore) { } return message.getBodyAsString(); } }