2 * Copyright 2016-2017, Nokia Corporation
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
19 import java.util.HashMap;
20 import java.util.List;
21 import org.junit.Test;
22 import org.mockito.Mockito;
23 import org.springframework.security.config.annotation.ObjectPostProcessor;
24 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
25 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
26 import org.springframework.security.config.annotation.web.builders.WebSecurity;
27 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
28 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
29 import org.springframework.security.web.util.matcher.RequestMatcher;
30 import org.springframework.test.util.ReflectionTestUtils;
32 import static junit.framework.TestCase.assertTrue;
34 public class TestSecurityConfig {
37 * verify that not authentication is performed
38 * this can only fully be tested from CT by starting the web service
41 public void testNoHttpSecurity() throws Exception {
42 HttpSecurity http = new HttpSecurity(Mockito.mock(ObjectPostProcessor.class), Mockito.mock(AuthenticationManagerBuilder.class), new HashMap<>());
44 new SecurityConfig().configure(http);
46 ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = http.authorizeRequests().anyRequest();
47 List<? extends RequestMatcher> requestMatchers = (List<? extends RequestMatcher>) ReflectionTestUtils.getField(authorizedUrl, "requestMatchers");
48 assertTrue(AnyRequestMatcher.class.isAssignableFrom(requestMatchers.get(0).getClass()));
52 * verify that no web security is performed
53 * this can only fully be tested from CT by starting the web service
56 public void testNoWebSecurity() throws Exception {
57 WebSecurity webSecurity = new WebSecurity(Mockito.mock(ObjectPostProcessor.class));
58 WebSecurity.IgnoredRequestConfigurer ignorer = Mockito.mock(WebSecurity.IgnoredRequestConfigurer.class);
59 ReflectionTestUtils.setField(webSecurity, "ignoredRequestRegistry", ignorer);
61 new SecurityConfig().configure(webSecurity);
63 Mockito.verify(ignorer).anyRequest();