1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.wrapper;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.Authentication;
21  import org.acegisecurity.GrantedAuthority;
22  import org.acegisecurity.GrantedAuthorityImpl;
23  import org.acegisecurity.context.SecurityContextHolder;
24  import org.acegisecurity.providers.TestingAuthenticationToken;
25  import org.acegisecurity.userdetails.User;
26  import org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper;
27  
28  import org.springframework.mock.web.MockHttpServletRequest;
29  
30  
31  /***
32   * Tests {@link SecurityContextHolderAwareRequestWrapper}.
33   *
34   * @author Ben Alex
35   * @version $Id: SecurityContextHolderAwareRequestWrapperTests.java,v 1.3 2005/11/29 13:10:13 benalex Exp $
36   */
37  public class SecurityContextHolderAwareRequestWrapperTests extends TestCase {
38      //~ Constructors ===========================================================
39  
40      public SecurityContextHolderAwareRequestWrapperTests() {
41          super();
42      }
43  
44      public SecurityContextHolderAwareRequestWrapperTests(String arg0) {
45          super(arg0);
46      }
47  
48      //~ Methods ================================================================
49  
50      public final void setUp() throws Exception {
51          super.setUp();
52      }
53  
54      public static void main(String[] args) {
55          junit.textui.TestRunner.run(SecurityContextHolderAwareRequestWrapperTests.class);
56      }
57  
58      public void testCorrectOperationWithStringBasedPrincipal()
59          throws Exception {
60          Authentication auth = new TestingAuthenticationToken("marissa",
61                  "koala",
62                  new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOO")});
63          SecurityContextHolder.getContext().setAuthentication(auth);
64  
65          MockHttpServletRequest request = new MockHttpServletRequest();
66          request.setRequestURI("/");
67  
68          SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request);
69  
70          assertEquals("marissa", wrapper.getRemoteUser());
71          assertTrue(wrapper.isUserInRole("ROLE_FOO"));
72          assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
73          assertEquals(auth, wrapper.getUserPrincipal());
74  
75          SecurityContextHolder.getContext().setAuthentication(null);
76      }
77  
78      public void testCorrectOperationWithUserDetailsBasedPrincipal()
79          throws Exception {
80          Authentication auth = new TestingAuthenticationToken(new User(
81                      "marissaAsUserDetails", "koala", true, true, true, true,
82                      new GrantedAuthority[] {}), "koala",
83                  new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl(
84                          "ROLE_FOOBAR")});
85          SecurityContextHolder.getContext().setAuthentication(auth);
86  
87          MockHttpServletRequest request = new MockHttpServletRequest();
88          request.setRequestURI("/");
89  
90          SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request);
91  
92          assertEquals("marissaAsUserDetails", wrapper.getRemoteUser());
93          assertFalse(wrapper.isUserInRole("ROLE_FOO"));
94          assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
95          assertTrue(wrapper.isUserInRole("ROLE_FOOBAR"));
96          assertTrue(wrapper.isUserInRole("ROLE_HELLO"));
97          assertEquals(auth, wrapper.getUserPrincipal());
98  
99          SecurityContextHolder.getContext().setAuthentication(null);
100     }
101 
102     public void testNullAuthenticationHandling() throws Exception {
103         SecurityContextHolder.getContext().setAuthentication(null);
104 
105         MockHttpServletRequest request = new MockHttpServletRequest();
106         request.setRequestURI("/");
107 
108         SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request);
109         assertNull(wrapper.getRemoteUser());
110         assertFalse(wrapper.isUserInRole("ROLE_ANY"));
111         assertNull(wrapper.getUserPrincipal());
112 
113         SecurityContextHolder.getContext().setAuthentication(null);
114     }
115 
116     public void testNullPrincipalHandling() throws Exception {
117         Authentication auth = new TestingAuthenticationToken(null, "koala",
118                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl(
119                         "ROLE_FOOBAR")});
120         SecurityContextHolder.getContext().setAuthentication(auth);
121 
122         MockHttpServletRequest request = new MockHttpServletRequest();
123         request.setRequestURI("/");
124 
125         SecurityContextHolderAwareRequestWrapper wrapper = new SecurityContextHolderAwareRequestWrapper(request);
126 
127         assertNull(wrapper.getRemoteUser());
128         assertFalse(wrapper.isUserInRole("ROLE_HELLO")); // principal is null, so reject
129         assertFalse(wrapper.isUserInRole("ROLE_FOOBAR")); // principal is null, so reject
130         assertNull(wrapper.getUserPrincipal());
131 
132         SecurityContextHolder.getContext().setAuthentication(null);
133     }
134 }