Code Review / vfc / nfvo / driver / vnfm / svnfm.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Removing jackson to mitigate cve-2017-4995
[vfc/nfvo/driver/vnfm/svnfm.git] / nokiav2 / driver / src / test / java / org / onap / vfc / nfvo / driver / vnfm / svnfm / nokia / spring / TestSecurityConfig.java
diff --git a/nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java b/nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java
index 5d0d88b..d1cbbb6 100644 (file)
--- a/nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java
+++ b/nokiav2/driver/src/test/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/TestSecurityConfig.java
@@ -16,19 +16,19 @@
 
 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
 
+import java.util.HashMap;
+import java.util.List;
 import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.test.util.ReflectionTestUtils;
 
-import java.util.HashMap;
-import java.util.List;
-
 import static junit.framework.TestCase.assertTrue;
 
 public class TestSecurityConfig {
@@ -38,7 +38,7 @@ public class TestSecurityConfig {
      * this can only fully be tested from CT by starting the web service
      */
     @Test
-    public void testSpringBootApplicationInit() throws Exception {
+    public void testNoHttpSecurity() throws Exception {
         HttpSecurity http = new HttpSecurity(Mockito.mock(ObjectPostProcessor.class), Mockito.mock(AuthenticationManagerBuilder.class), new HashMap<>());
         //when
         new SecurityConfig().configure(http);
@@ -48,4 +48,19 @@ public class TestSecurityConfig {
         assertTrue(AnyRequestMatcher.class.isAssignableFrom(requestMatchers.get(0).getClass()));
     }
 
+    /**
+     * verify that no web security is performed
+     * this can only fully be tested from CT by starting the web service
+     */
+    @Test
+    public void testNoWebSecurity() throws Exception {
+        WebSecurity webSecurity = new WebSecurity(Mockito.mock(ObjectPostProcessor.class));
+        WebSecurity.IgnoredRequestConfigurer ignorer = Mockito.mock(WebSecurity.IgnoredRequestConfigurer.class);
+        ReflectionTestUtils.setField(webSecurity, "ignoredRequestRegistry", ignorer);
+        //when
+        new SecurityConfig().configure(webSecurity);
+        //verify
+        Mockito.verify(ignorer).anyRequest();
+    }
+
 }
Specific VNFM drivers