From 5468218615c724f327e89f62707f97aa1d49c419 Mon Sep 17 00:00:00 2001 From: Avgustin Marinov Date: Fri, 8 Dec 2023 11:57:27 +0200 Subject: [PATCH] Add DDI Server PreAuthorize enabled test (#1506) Signed-off-by: Marinov Avgustin --- .../resource/MgmtBasicAuthResourceTest.java | 11 +---- .../rest/util/HttpResponseFactoryBean.java | 2 +- .../hawkbit/app/ddi/AbstractSecurityTest.java | 4 ++ .../app/ddi/PreAuthorizeEnabledTest.java | 45 +++++++++++++++++++ 4 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/PreAuthorizeEnabledTest.java diff --git a/hawkbit-rest/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtBasicAuthResourceTest.java b/hawkbit-rest/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtBasicAuthResourceTest.java index 03712b46f..e24462a3f 100644 --- a/hawkbit-rest/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtBasicAuthResourceTest.java +++ b/hawkbit-rest/hawkbit-mgmt-resource/src/test/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtBasicAuthResourceTest.java @@ -21,7 +21,6 @@ import org.eclipse.hawkbit.repository.test.util.JUnitTestLoggerExtension; import org.eclipse.hawkbit.repository.test.util.SharedSqlTestDatabaseExtension; import org.eclipse.hawkbit.repository.test.util.WithUser; import org.eclipse.hawkbit.rest.RestConfiguration; -import org.eclipse.hawkbit.rest.util.FilterHttpResponse; import org.eclipse.hawkbit.rest.util.MockMvcResultPrinter; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -42,7 +41,6 @@ import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.util.Base64Utils; import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.filter.CharacterEncodingFilter; import static org.hamcrest.CoreMatchers.equalTo; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; @@ -72,7 +70,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @ContextConfiguration(classes = { MgmtApiConfiguration.class, RestConfiguration.class, RepositoryApplicationConfiguration.class, TestConfiguration.class, TestSupportBinderAutoConfiguration.class }) -//@TestPropertySource(locations = "classpath:/mgmt-test.properties") @Feature("Component Tests - Management API") @Story("Basic auth Userinfo Resource") public class MgmtBasicAuthResourceTest { @@ -83,10 +80,6 @@ public class MgmtBasicAuthResourceTest { @Autowired MockMvc defaultMock; - @Autowired - private FilterHttpResponse filterHttpResponse; - @Autowired - private CharacterEncodingFilter characterEncodingFilter; @Autowired protected WebApplicationContext webApplicationContext; @@ -120,8 +113,6 @@ public class MgmtBasicAuthResourceTest { } private DefaultMockMvcBuilder createMvcWebAppContext(final WebApplicationContext context) { - final DefaultMockMvcBuilder createMvcWebAppContext = MockMvcBuilders.webAppContextSetup(context); - - return createMvcWebAppContext; + return MockMvcBuilders.webAppContextSetup(context); } } diff --git a/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/util/HttpResponseFactoryBean.java b/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/util/HttpResponseFactoryBean.java index 523ccd19e..04665aa5d 100644 --- a/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/util/HttpResponseFactoryBean.java +++ b/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/util/HttpResponseFactoryBean.java @@ -29,7 +29,7 @@ public class HttpResponseFactoryBean implements FactoryBean private ApplicationContext applicationContext; @Override - public HttpServletResponse getObject() throws Exception { + public HttpServletResponse getObject() { return applicationContext.getBean(FilterHttpResponse.class).getHttpServletReponse(); } diff --git a/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/AbstractSecurityTest.java b/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/AbstractSecurityTest.java index 04b2934ef..89b83b974 100644 --- a/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/AbstractSecurityTest.java +++ b/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/AbstractSecurityTest.java @@ -10,6 +10,7 @@ package org.eclipse.hawkbit.app.ddi; import org.eclipse.hawkbit.repository.test.util.SharedSqlTestDatabaseExtension; +import org.eclipse.hawkbit.rest.util.FilterHttpResponse; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; @@ -26,6 +27,8 @@ public abstract class AbstractSecurityTest { @Autowired private WebApplicationContext context; + @Autowired + private FilterHttpResponse filterHttpResponse; protected MockMvc mvc; @@ -33,6 +36,7 @@ public abstract class AbstractSecurityTest { public void setup() { final DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(context) .apply(SecurityMockMvcConfigurers.springSecurity()).dispatchOptions(true); + builder.addFilter(filterHttpResponse); mvc = builder.build(); } } diff --git a/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/PreAuthorizeEnabledTest.java b/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/PreAuthorizeEnabledTest.java new file mode 100644 index 000000000..c51fc3f4d --- /dev/null +++ b/hawkbit-runtime/hawkbit-ddi-server/src/test/java/org/eclipse/hawkbit/app/ddi/PreAuthorizeEnabledTest.java @@ -0,0 +1,45 @@ +/** + * Copyright (c) 2023 Bosch.IO GmbH and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + */ +package org.eclipse.hawkbit.app.ddi; + +import io.qameta.allure.Description; +import io.qameta.allure.Feature; +import io.qameta.allure.Story; +import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.repository.test.util.WithUser; +import org.junit.jupiter.api.Test; +import org.springframework.http.HttpStatus; +import org.springframework.test.context.TestPropertySource; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; + +@Feature("Integration Test - Security") +@Story("PreAuthorized enabled") +@TestPropertySource(properties = {"spring.flyway.enabled=true"}) +public class PreAuthorizeEnabledTest extends AbstractSecurityTest { + + @Test + @Description("Tests whether request fail if a role is forbidden for the user") + @WithUser(authorities = { SpPermission.READ_TARGET } ) + public void failIfNoRole() throws Exception { + mvc.perform(get("/DEFAULT/controller/v1/controllerId")).andExpect(result -> + assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.FORBIDDEN.value())); + } + + @Test + @Description("Tests whether request succeed if a role is granted for the user") + @WithUser(authorities = { SpPermission.SpringEvalExpressions.CONTROLLER_ROLE }) + public void successIfHasRole() throws Exception { + mvc.perform(get("/DEFAULT/controller/v1/controllerId")).andExpect(result -> { + assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); + }); + } +} \ No newline at end of file