nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java

   1 /*
   2  * Copyright 2016-2017, Nokia Corporation
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
  18
  19 import java.util.HashMap;
  20 import java.util.List;
  21 import org.junit.Test;
  22 import org.mockito.Mockito;
  23 import org.springframework.security.config.annotation.ObjectPostProcessor;
  24 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  25 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  26 import org.springframework.security.config.annotation.web.builders.WebSecurity;
  27 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
  28 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
  29 import org.springframework.security.web.util.matcher.RequestMatcher;
  30 import org.springframework.test.util.ReflectionTestUtils;
  31
  32 import static junit.framework.TestCase.assertTrue;
  33
  34 public class TestSecurityConfig {
  35
  36     /**
  37      * verify that not authentication is performed
  38      * this can only fully be tested from CT by starting the web service
  39      */
  40     @Test
  41     public void testNoHttpSecurity() throws Exception {
  42         HttpSecurity http = new HttpSecurity(Mockito.mock(ObjectPostProcessor.class), Mockito.mock(AuthenticationManagerBuilder.class), new HashMap<>());
  43         //when
  44         new SecurityConfig().configure(http);
  45         //verify
  46         ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = http.authorizeRequests().anyRequest();
  47         List<? extends RequestMatcher> requestMatchers = (List<? extends RequestMatcher>) ReflectionTestUtils.getField(authorizedUrl, "requestMatchers");
  48         assertTrue(AnyRequestMatcher.class.isAssignableFrom(requestMatchers.get(0).getClass()));
  49     }
  50
  51     /**
  52      * verify that no web security is performed
  53      * this can only fully be tested from CT by starting the web service
  54      */
  55     @Test
  56     public void testNoWebSecurity() throws Exception {
  57         WebSecurity webSecurity = new WebSecurity(Mockito.mock(ObjectPostProcessor.class));
  58         WebSecurity.IgnoredRequestConfigurer ignorer = Mockito.mock(WebSecurity.IgnoredRequestConfigurer.class);
  59         ReflectionTestUtils.setField(webSecurity, "ignoredRequestRegistry", ignorer);
  60         //when
  61         new SecurityConfig().configure(webSecurity);
  62         //verify
  63         Mockito.verify(ignorer).anyRequest();
  64     }
  65
  66 }