nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java

   1 /*
   2  * Copyright 2016-2017, Nokia Corporation
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
  18
  19 import org.junit.Test;
  20 import org.mockito.Mockito;
  21 import org.springframework.security.config.annotation.ObjectPostProcessor;
  22 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  23 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  24 import org.springframework.security.config.annotation.web.builders.WebSecurity;
  25 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
  26 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
  27 import org.springframework.security.web.util.matcher.RequestMatcher;
  28 import org.springframework.test.util.ReflectionTestUtils;
  29
  30 import java.util.HashMap;
  31 import java.util.List;
  32
  33 import static junit.framework.TestCase.assertTrue;
  34
  35 public class TestSecurityConfig {
  36
  37     /**
  38      * verify that not authentication is performed
  39      * this can only fully be tested from CT by starting the web service
  40      */
  41     @Test
  42     public void testNoHttpSecurity() throws Exception {
  43         HttpSecurity http = new HttpSecurity(Mockito.mock(ObjectPostProcessor.class), Mockito.mock(AuthenticationManagerBuilder.class), new HashMap<>());
  44         //when
  45         new SecurityConfig().configure(http);
  46         //verify
  47         ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = http.authorizeRequests().anyRequest();
  48         List<? extends RequestMatcher> requestMatchers = (List<? extends RequestMatcher>) ReflectionTestUtils.getField(authorizedUrl, "requestMatchers");
  49         assertTrue(AnyRequestMatcher.class.isAssignableFrom(requestMatchers.get(0).getClass()));
  50     }
  51
  52     /**
  53      * verify that no web security is performed
  54      * this can only fully be tested from CT by starting the web service
  55      */
  56     @Test
  57     public void testNoWebSecurity() throws Exception {
  58         WebSecurity webSecurity = new WebSecurity(Mockito.mock(ObjectPostProcessor.class));
  59         WebSecurity.IgnoredRequestConfigurer ignorer = Mockito.mock(WebSecurity.IgnoredRequestConfigurer.class);
  60         ReflectionTestUtils.setField(webSecurity, "ignoredRequestRegistry", ignorer);
  61         //when
  62         new SecurityConfig().configure(webSecurity);
  63         //verify
  64         Mockito.verify(ignorer).anyRequest();
  65     }
  66
  67 }