Add DDI Server PreAuthorize enabled test (#1506)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

hawkbit-rest/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtBasicAuthResourceTest.java

@@ -21,7 +21,6 @@ import org.eclipse.hawkbit.repository.test.util.JUnitTestLoggerExtension;
 import org.eclipse.hawkbit.repository.test.util.SharedSqlTestDatabaseExtension;
 import org.eclipse.hawkbit.repository.test.util.WithUser;
 import org.eclipse.hawkbit.rest.RestConfiguration;
-import org.eclipse.hawkbit.rest.util.FilterHttpResponse;
 import org.eclipse.hawkbit.rest.util.MockMvcResultPrinter;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -42,7 +41,6 @@ import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.util.Base64Utils;
 import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.filter.CharacterEncodingFilter;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -72,7 +70,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @ContextConfiguration(classes = { MgmtApiConfiguration.class, RestConfiguration.class,
         RepositoryApplicationConfiguration.class, TestConfiguration.class,
         TestSupportBinderAutoConfiguration.class })
-//@TestPropertySource(locations = "classpath:/mgmt-test.properties")
 @Feature("Component Tests - Management API")
 @Story("Basic auth Userinfo Resource")
 public class MgmtBasicAuthResourceTest {
@@ -83,10 +80,6 @@ public class MgmtBasicAuthResourceTest {
     @Autowired
     MockMvc defaultMock;
 
-    @Autowired
-    private FilterHttpResponse filterHttpResponse;
-    @Autowired
-    private CharacterEncodingFilter characterEncodingFilter;
     @Autowired
     protected WebApplicationContext webApplicationContext;
 
@@ -120,8 +113,6 @@ public class MgmtBasicAuthResourceTest {
     }
 
     private DefaultMockMvcBuilder createMvcWebAppContext(final WebApplicationContext context) {
-        final DefaultMockMvcBuilder createMvcWebAppContext = MockMvcBuilders.webAppContextSetup(context);
-
-        return createMvcWebAppContext;
+        return MockMvcBuilders.webAppContextSetup(context);
     }
 }

hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/util/HttpResponseFactoryBean.java

@@ -29,7 +29,7 @@ public class HttpResponseFactoryBean implements FactoryBean<HttpServletResponse>
     private ApplicationContext applicationContext;
 
     @Override
-    public HttpServletResponse getObject() throws Exception {
+    public HttpServletResponse getObject() {
         return applicationContext.getBean(FilterHttpResponse.class).getHttpServletReponse();
     }
 

hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/AbstractSecurityTest.java

@@ -10,6 +10,7 @@
 package org.eclipse.hawkbit.app.ddi;
 
 import org.eclipse.hawkbit.repository.test.util.SharedSqlTestDatabaseExtension;
+import org.eclipse.hawkbit.rest.util.FilterHttpResponse;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,6 +27,8 @@ public abstract class AbstractSecurityTest {
 
     @Autowired
     private WebApplicationContext context;
+    @Autowired
+    private FilterHttpResponse filterHttpResponse;
 
     protected MockMvc mvc;
 
@@ -33,6 +36,7 @@ public abstract class AbstractSecurityTest {
     public void setup() {
         final DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(context)
                 .apply(SecurityMockMvcConfigurers.springSecurity()).dispatchOptions(true);
+        builder.addFilter(filterHttpResponse);
         mvc = builder.build();
     }
 }

hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/PreAuthorizeEnabledTest.java

@@ -0,0 +1,45 @@
+/**
+ * Copyright (c) 2023 Bosch.IO GmbH and others
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.hawkbit.app.ddi;
+
+import io.qameta.allure.Description;
+import io.qameta.allure.Feature;
+import io.qameta.allure.Story;
+import org.eclipse.hawkbit.im.authentication.SpPermission;
+import org.eclipse.hawkbit.repository.test.util.WithUser;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.context.TestPropertySource;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+
+@Feature("Integration Test - Security")
+@Story("PreAuthorized enabled")
+@TestPropertySource(properties = {"spring.flyway.enabled=true"})
+public class PreAuthorizeEnabledTest extends AbstractSecurityTest {
+
+    @Test
+    @Description("Tests whether request fail if a role is forbidden for the user")
+    @WithUser(authorities = { SpPermission.READ_TARGET } )
+    public void failIfNoRole() throws Exception {
+        mvc.perform(get("/DEFAULT/controller/v1/controllerId")).andExpect(result ->
+            assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.FORBIDDEN.value()));
+    }
+
+    @Test
+    @Description("Tests whether request succeed if a role is granted for the user")
+    @WithUser(authorities =  { SpPermission.SpringEvalExpressions.CONTROLLER_ROLE })
+    public void successIfHasRole() throws Exception {
+        mvc.perform(get("/DEFAULT/controller/v1/controllerId")).andExpect(result -> {
+            assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value());
+        });
+    }
+}