add junit tests to security of getTargetSecurityToken
Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>
This commit is contained in:
@@ -48,6 +48,7 @@ import org.eclipse.hawkbit.repository.model.DistributionSetType;
|
|||||||
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
|
import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
|
||||||
import org.eclipse.hawkbit.repository.utils.RepositoryDataGenerator.DatabaseCleanupUtil;
|
import org.eclipse.hawkbit.repository.utils.RepositoryDataGenerator.DatabaseCleanupUtil;
|
||||||
import org.eclipse.hawkbit.security.DosFilter;
|
import org.eclipse.hawkbit.security.DosFilter;
|
||||||
|
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
@@ -181,11 +182,10 @@ public abstract class AbstractIntegrationTest implements EnvironmentAware {
|
|||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
protected TenantAwareCacheManager cacheManager;
|
protected TenantAwareCacheManager cacheManager;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
protected TenantConfigurationManagement tenantConfigurationManagement;
|
protected TenantConfigurationManagement tenantConfigurationManagement;
|
||||||
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
protected RolloutManagement rolloutManagement;
|
protected RolloutManagement rolloutManagement;
|
||||||
|
|
||||||
@@ -198,6 +198,9 @@ public abstract class AbstractIntegrationTest implements EnvironmentAware {
|
|||||||
@Autowired
|
@Autowired
|
||||||
protected RolloutRepository rolloutRepository;
|
protected RolloutRepository rolloutRepository;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
protected SystemSecurityContext systemSecurityContext;
|
||||||
|
|
||||||
protected MockMvc mvc;
|
protected MockMvc mvc;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|||||||
@@ -160,19 +160,23 @@ public class WithSpringAuthorityRule implements TestRule {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static WithUser withUser(final String principal, final String... authorities) {
|
public static WithUser withUser(final String principal, final String... authorities) {
|
||||||
return withUserAndTenant(principal, "default", true, authorities);
|
return withUserAndTenant(principal, "default", true, true, authorities);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static WithUser withUser(final String principal, final boolean allSpPermision, final String... authorities) {
|
||||||
|
return withUserAndTenant(principal, "default", true, allSpPermision, authorities);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static WithUser withUser(final boolean autoCreateTenant) {
|
public static WithUser withUser(final boolean autoCreateTenant) {
|
||||||
return withUserAndTenant("bumlux", "default", autoCreateTenant, new String[] {});
|
return withUserAndTenant("bumlux", "default", autoCreateTenant, true, new String[] {});
|
||||||
}
|
}
|
||||||
|
|
||||||
public static WithUser withUserAndTenant(final String principal, final String tenant, final String... authorities) {
|
public static WithUser withUserAndTenant(final String principal, final String tenant, final String... authorities) {
|
||||||
return withUserAndTenant(principal, tenant, true, new String[] {});
|
return withUserAndTenant(principal, tenant, true, true, new String[] {});
|
||||||
}
|
}
|
||||||
|
|
||||||
public static WithUser withUserAndTenant(final String principal, final String tenant,
|
public static WithUser withUserAndTenant(final String principal, final String tenant,
|
||||||
final boolean autoCreateTenant, final String... authorities) {
|
final boolean autoCreateTenant, final boolean allSpPermission, final String... authorities) {
|
||||||
return new WithUser() {
|
return new WithUser() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -197,7 +201,7 @@ public class WithSpringAuthorityRule implements TestRule {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean allSpPermissions() {
|
public boolean allSpPermissions() {
|
||||||
return true;
|
return allSpPermission;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ import org.eclipse.hawkbit.AbstractIntegrationTest;
|
|||||||
import org.eclipse.hawkbit.TestDataUtil;
|
import org.eclipse.hawkbit.TestDataUtil;
|
||||||
import org.eclipse.hawkbit.WithSpringAuthorityRule;
|
import org.eclipse.hawkbit.WithSpringAuthorityRule;
|
||||||
import org.eclipse.hawkbit.WithUser;
|
import org.eclipse.hawkbit.WithUser;
|
||||||
|
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||||
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
|
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
|
||||||
import org.eclipse.hawkbit.repository.exception.TenantNotExistException;
|
import org.eclipse.hawkbit.repository.exception.TenantNotExistException;
|
||||||
import org.eclipse.hawkbit.repository.model.Action;
|
import org.eclipse.hawkbit.repository.model.Action;
|
||||||
@@ -56,6 +57,36 @@ import ru.yandex.qatools.allure.annotations.Stories;
|
|||||||
@Stories("Target Management")
|
@Stories("Target Management")
|
||||||
public class TargetManagementTest extends AbstractIntegrationTest {
|
public class TargetManagementTest extends AbstractIntegrationTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@Description("Ensures that retrieving the target security is only permitted with the necessary permissions.")
|
||||||
|
public void getTargetSecurityTokenOnlyWithCorrectPermission() throws Exception {
|
||||||
|
final Target createdTarget = targetManagement.createTarget(new Target("targetWithSecurityToken"));
|
||||||
|
|
||||||
|
// retrieve security token only with READ_TARGET_SEC_TOKEN permission
|
||||||
|
final String securityTokenWithReadPermission = securityRule.runAs(WithSpringAuthorityRule
|
||||||
|
.withUser("OnlyTargetReadPermission", false, SpPermission.READ_TARGET_SEC_TOKEN.toString()), () -> {
|
||||||
|
return createdTarget.getSecurityToken();
|
||||||
|
});
|
||||||
|
|
||||||
|
// retrieve security token as system code execution
|
||||||
|
final String securityTokenAsSystemCode = systemSecurityContext.runAsSystem(() -> {
|
||||||
|
return createdTarget.getSecurityToken();
|
||||||
|
});
|
||||||
|
|
||||||
|
// retrieve security token without any permissions
|
||||||
|
final String securityTokenWithoutPermission = securityRule
|
||||||
|
.runAs(WithSpringAuthorityRule.withUser("NoPermission", false), () -> {
|
||||||
|
return createdTarget.getSecurityToken();
|
||||||
|
});
|
||||||
|
|
||||||
|
assertThat(createdTarget.getSecurityToken()).isNotNull();
|
||||||
|
assertThat(securityTokenWithReadPermission).isNotNull();
|
||||||
|
assertThat(securityTokenAsSystemCode).isNotNull();
|
||||||
|
|
||||||
|
assertThat(securityTokenWithoutPermission).isNull();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Description("Ensures that targets cannot be created e.g. in plug'n play scenarios when tenant does not exists.")
|
@Description("Ensures that targets cannot be created e.g. in plug'n play scenarios when tenant does not exists.")
|
||||||
@WithUser(tenantId = "tenantWhichDoesNotExists", allSpPermissions = true, autoCreateTenant = false)
|
@WithUser(tenantId = "tenantWhichDoesNotExists", allSpPermissions = true, autoCreateTenant = false)
|
||||||
|
|||||||
Reference in New Issue
Block a user