diff --git a/README.md b/README.md index 6be7fbe3..5ade5549 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ If you have at least Docker and the Java JDK installed in appropriate versions a gw bootRun # compiles and runs the application on localhost:8080 + FIXME: use bin/hsadmin-ng for the following commands + # the following command should reply with "pong": curl -f http://localhost:8080/api/ping diff --git a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java b/src/main/java/net/hostsharing/hsadminng/config/AuthenticationFilter.java similarity index 87% rename from src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java rename to src/main/java/net/hostsharing/hsadminng/config/AuthenticationFilter.java index 404a4027..1849b815 100644 --- a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java +++ b/src/main/java/net/hostsharing/hsadminng/config/AuthenticationFilter.java @@ -13,10 +13,10 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.stereotype.Component; @Component -public class CasAuthenticationFilter implements Filter { +public class AuthenticationFilter implements Filter { @Autowired - private CasAuthenticator casAuthenticator; + private Authenticator authenticator; @Override @SneakyThrows @@ -25,7 +25,7 @@ public class CasAuthenticationFilter implements Filter { final var httpResponse = (HttpServletResponse) response; try { - final var currentSubject = casAuthenticator.authenticate(httpRequest); + final var currentSubject = authenticator.authenticate(httpRequest); final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(httpRequest); authenticatedRequest.addHeader("current-subject", currentSubject); diff --git a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java index a048a16c..a7918324 100644 --- a/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java +++ b/src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java @@ -4,6 +4,7 @@ import lombok.AllArgsConstructor; import lombok.NoArgsConstructor; import lombok.SneakyThrows; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Primary; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -13,6 +14,7 @@ import org.springframework.web.client.RestTemplate; import jakarta.servlet.http.HttpServletRequest; import javax.xml.parsers.DocumentBuilderFactory; +@Primary @Service @NoArgsConstructor @AllArgsConstructor diff --git a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java index 6c75cbc2..d775cfde 100644 --- a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java @@ -2,6 +2,7 @@ package net.hostsharing.hsadminng.config; import java.util.Map; +import com.github.tomakehurst.wiremock.WireMockServer; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -14,10 +15,13 @@ import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.test.context.TestPropertySource; +import static com.github.tomakehurst.wiremock.client.WireMock.aResponse; +import static com.github.tomakehurst.wiremock.client.WireMock.get; +import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo; import static org.assertj.core.api.Assertions.assertThat; @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) -@TestPropertySource(properties = {"management.port=0", "server.port=0", "hsadminng.cas.server-url=fake"}) +@TestPropertySource(properties = {"management.port=0", "server.port=0", "hsadminng.cas.server-url=http://localhost:8088/cas"}) // IMPORTANT: To test prod config, do not use test profile! class WebSecurityConfigIntegrationTest { @@ -30,11 +34,27 @@ class WebSecurityConfigIntegrationTest { @Autowired private TestRestTemplate restTemplate; + @Autowired + private WireMockServer wireMockServer; + @Test public void shouldSupportPingEndpoint() { + // given + wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=http://localhost:8080/api&ticket=test-user")) + .willReturn(aResponse() + .withStatus(200) + .withBody(""" + + + test-user + + + """))); + + // fake Authorization header final var headers = new HttpHeaders(); - headers.set("Authorization", "test"); + headers.set("Authorization", "test-user"); // http request final var result = restTemplate.exchange( @@ -45,7 +65,7 @@ class WebSecurityConfigIntegrationTest { ); assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK); - assertThat(result.getBody()).startsWith("pong"); + assertThat(result.getBody()).startsWith("pong test-user"); } @Test diff --git a/src/test/java/net/hostsharing/hsadminng/test/DisableSecurityConfig.java b/src/test/java/net/hostsharing/hsadminng/test/DisableSecurityConfig.java index 978edbb8..0fa84c8c 100644 --- a/src/test/java/net/hostsharing/hsadminng/test/DisableSecurityConfig.java +++ b/src/test/java/net/hostsharing/hsadminng/test/DisableSecurityConfig.java @@ -1,7 +1,6 @@ package net.hostsharing.hsadminng.test; import net.hostsharing.hsadminng.config.Authenticator; -import net.hostsharing.hsadminng.config.CasAuthenticator; import org.springframework.boot.test.context.TestConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; diff --git a/src/test/java/net/hostsharing/hsadminng/test/FakeAuthenticator.java b/src/test/java/net/hostsharing/hsadminng/test/FakeAuthenticator.java index 66dcd9a3..f749c262 100644 --- a/src/test/java/net/hostsharing/hsadminng/test/FakeAuthenticator.java +++ b/src/test/java/net/hostsharing/hsadminng/test/FakeAuthenticator.java @@ -2,7 +2,6 @@ package net.hostsharing.hsadminng.test; import lombok.SneakyThrows; import net.hostsharing.hsadminng.config.Authenticator; -import net.hostsharing.hsadminng.config.CasAuthenticator; import org.springframework.stereotype.Service; import jakarta.servlet.http.HttpServletRequest;