Java tutorial
/* * Copyright 2014 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package proto; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.MockitoAnnotations; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.security.web.FilterChainProxy; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.util.Base64Utils; import org.springframework.web.context.WebApplicationContext; import proto.data.Role; import proto.data.User; import proto.data.UserRepository; import java.util.HashSet; import java.util.Set; import static org.hamcrest.Matchers.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; @RunWith(SpringJUnit4ClassRunner.class) @WebAppConfiguration @ContextConfiguration(classes = Application.class) public class GreetingControllerTest { @Autowired WebApplicationContext context; @Autowired private FilterChainProxy springSecurityFilterChain; @InjectMocks GreetingController controller; private MockMvc mvc; @Autowired UserRepository userRepository; @Before public void setUp() { userRepository.deleteAll(); createInitialData(); MockitoAnnotations.initMocks(this); mvc = MockMvcBuilders.webAppContextSetup(context).addFilter(springSecurityFilterChain).build(); } private void createInitialData() { //create roles (not in DB) Role userRole = new Role("USER"); Role adminRole = new Role("ADMIN"); Role guestRole = new Role("GUEST"); HashSet<Role> userAndAdmin = new HashSet<>(); userAndAdmin.add(userRole); userAndAdmin.add(adminRole); User roy = new User("Roy", "roy", "spring", userAndAdmin); userRepository.save(roy); User craig = new User("Craig", "craig", "spring", new HashSet<Role>() { { add(userRole); } }); userRepository.save(craig); User greg = new User("Greg", "greg", "spring", new HashSet<Role>() { { add(guestRole); } }); userRepository.save(greg); } @Test public void greetingUnauthorized() throws Exception { // @formatter:off mvc.perform(get("/greeting").accept(MediaType.APPLICATION_JSON)).andExpect(status().isUnauthorized()) .andExpect(jsonPath("$.error", is("unauthorized"))); // @formatter:on } private String getAccessToken(String username, String password) throws Exception { String authorization = "Basic " + new String(Base64Utils.encode("clientapp:123456".getBytes())); String contentType = MediaType.APPLICATION_JSON + ";charset=UTF-8"; // @formatter:off String content = mvc .perform(post("/oauth/token").header("Authorization", authorization) .contentType(MediaType.APPLICATION_FORM_URLENCODED).param("username", username) .param("password", password).param("grant_type", "password").param("scope", "read write") .param("client_id", "clientapp").param("client_secret", "123456")) .andExpect(status().isOk()).andExpect(content().contentType(contentType)) .andExpect(jsonPath("$.access_token", is(notNullValue()))) .andExpect(jsonPath("$.token_type", is(equalTo("bearer")))) .andExpect(jsonPath("$.refresh_token", is(notNullValue()))) .andExpect(jsonPath("$.expires_in", is(greaterThan(4000)))) .andExpect(jsonPath("$.scope", is(equalTo("read write")))).andReturn().getResponse() .getContentAsString(); // @formatter:on return content.substring(17, content.indexOf(",") - 1); } @Test public void greetingAuthorized() throws Exception { String accessToken = getAccessToken("roy", "spring"); // @formatter:off mvc.perform(get("/greeting").header("Authorization", "Bearer " + accessToken)).andExpect(status().isOk()) .andExpect(jsonPath("$.id", is(1))).andExpect(jsonPath("$.content", is("Hello, Roy!"))); // @formatter:on // @formatter:off mvc.perform(get("/greeting").header("Authorization", "Bearer " + accessToken)).andExpect(status().isOk()) .andExpect(jsonPath("$.id", is(2))).andExpect(jsonPath("$.content", is("Hello, Roy!"))); // @formatter:on // @formatter:off mvc.perform(get("/greeting").header("Authorization", "Bearer " + accessToken)).andExpect(status().isOk()) .andExpect(jsonPath("$.id", is(3))).andExpect(jsonPath("$.content", is("Hello, Roy!"))); // @formatter:on } @Test public void usersEndpointAuthorized() throws Exception { // @formatter:off mvc.perform(get("/users").header("Authorization", "Bearer " + getAccessToken("roy", "spring"))) .andExpect(status().isOk()).andExpect(jsonPath("$", hasSize(3))); // @formatter:on } @Test public void usersEndpointAccessDenied() throws Exception { // @formatter:off mvc.perform(get("/users").header("Authorization", "Bearer " + getAccessToken("craig", "spring"))) .andExpect(status().is(403)); // @formatter:on } }