separated MockSecurityContext into SecurityContextMock+SecurityContextMock

src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonAccessFilter.java

@@ -4,7 +4,7 @@ package org.hostsharing.hsadminng.service.accessfilter;
 import static com.google.common.base.Verify.verify;
 import static com.google.common.collect.Sets.union;
 import static java.util.Collections.EMPTY_SET;
-import static org.thymeleaf.util.SetUtils.singletonSet;
+import static java.util.Collections.emptySet;
 
 import org.hostsharing.hsadminng.security.SecurityUtils;
 import org.hostsharing.hsadminng.service.IdToDtoResolver;
@@ -71,7 +71,7 @@ abstract class JSonAccessFilter<T> {
         final Field parentIdField = determineFieldWithAnnotation(dto.getClass(), ParentId.class);
 
         if (parentIdField == null) {
-            return singletonSet(Role.ANYBODY);
+            return emptySet();
         }
 
         final ParentId parentIdAnnot = parentIdField.getAnnotation(ParentId.class);
@@ -88,12 +88,12 @@ abstract class JSonAccessFilter<T> {
 
     private Set<Role> getLoginUserDirectRolesFor(final Class<?> dtoClass, final Long id) {
         if (!SecurityUtils.isAuthenticated()) {
-            return singletonSet(Role.ANYBODY);
+            return emptySet();
         }
 
         final EntityTypeId entityTypeId = dtoClass.getAnnotation(EntityTypeId.class);
         if (entityTypeId == null) {
-            return singletonSet(Role.ANYBODY); // TODO mhoennig: all of such singletonSets -> emptySet
+            return emptySet();
         }
 
         return userRoleAssignmentService.getEffectiveRoleOfCurrentUser(entityTypeId.value(), id);

src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializationWithAccessFilter.java

@@ -160,13 +160,13 @@ public class JSonDeserializationWithAccessFilter<T> extends JSonAccessFilter<T>
                                 if (!field.equals(parentIdField)) {
                                     throw new BadRequestAlertException(
                                             "Initialization of field " + toDisplay(field)
-                                                    + " prohibited for current user roles "
+                                                    + " prohibited for current user role(s): "
                                                     + Joiner.on("+").join(roles),
                                             toDisplay(field),
                                             "initializationProhibited");
                                 } else {
                                     throw new BadRequestAlertException(
-                                            "Referencing field " + toDisplay(field) + " prohibited for current user roles "
+                                            "Referencing field " + toDisplay(field) + " prohibited for current user role(s): "
                                                     + Joiner.on("+").join(roles),
                                             toDisplay(field),
                                             "referencingProhibited");
@@ -174,7 +174,7 @@ public class JSonDeserializationWithAccessFilter<T> extends JSonAccessFilter<T>
                             }
                         } else if (!Role.toBeIgnoredForUpdates(field) && !isAllowedToUpdate(getLoginUserRoles(), field)) {
                             throw new BadRequestAlertException(
-                                    "Update of field " + toDisplay(field) + " prohibited for current user roles "
+                                    "Update of field " + toDisplay(field) + " prohibited for current user role(s): "
                                             + Joiner.on("+").join(roles),
                                     toDisplay(field),
                                     "updateProhibited");

src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonSerializationWithAccessFilter.java

@@ -86,7 +86,7 @@ public class JSonSerializationWithAccessFilter<T> extends JSonAccessFilter<T> {
                 return true;
             }
         }
-        return false;
+        return Role.ANYBODY.isAllowedToRead(field);
     }
 
 }

src/main/java/org/hostsharing/hsadminng/service/accessfilter/Role.java

@@ -139,7 +139,7 @@ public enum Role {
      * @return true if this role is independent of a target object, false otherwise.
      */
     public boolean isIndependent() {
-        return this != NOBODY && covers(Role.SUPPORTER);
+        return this != NOBODY && (this == ANYBODY || covers(Role.SUPPORTER));
     }
 
     /**

src/test/java/org/hostsharing/hsadminng/service/UserRoleAssignmentServiceUnitTest.java

@@ -7,8 +7,8 @@ import static org.mockito.BDDMockito.given;
 
 import org.hostsharing.hsadminng.domain.UserRoleAssignment;
 import org.hostsharing.hsadminng.repository.UserRoleAssignmentRepository;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextFake;
 
 import com.google.common.base.VerifyException;
 
@@ -45,7 +45,7 @@ public class UserRoleAssignmentServiceUnitTest {
     @Test
     public void getEffectiveRoleOfCurrentUserReturnsEmptySetIfUserAuthenticatedButNoRolesAssigned() {
         // given
-        new MockSecurityContext().havingAuthenticatedUser();
+        SecurityContextFake.havingAuthenticatedUser();
 
         // when
         final Set<Role> actual = userRoleAssignmentService.getEffectiveRoleOfCurrentUser("test.Something", 1L);
@@ -58,7 +58,7 @@ public class UserRoleAssignmentServiceUnitTest {
     public void getEffectiveRoleOfCurrentUserReturnsExactlyAssignedRoles() {
         // given
         final String givenUserLogin = "someUser";
-        new MockSecurityContext().havingAuthenticatedUser(givenUserLogin);
+        SecurityContextFake.havingAuthenticatedUser(givenUserLogin);
         final long givenEntityObjectId = 2L;
         final String givenEntityTypeId = "test.Something";
         given(userRoleAssignmentRepository.findByLogin(givenUserLogin)).willReturn(

src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializationWithAccessFilterUnitTest.java

@@ -8,6 +8,7 @@ import static org.hostsharing.hsadminng.service.accessfilter.JSonAccessFilterTes
 import static org.hostsharing.hsadminng.service.accessfilter.JSonBuilder.asJSon;
 import static org.mockito.BDDMockito.given;
 
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
 
@@ -71,13 +72,13 @@ public class JSonDeserializationWithAccessFilterUnitTest {
 
     @Mock
     private GivenCustomerService givenCustomerService;
-
+    private SecurityContextMock securityContext;
-    private MockSecurityContext givenSecurityContext;
 
     @Before
     public void init() {
-        givenSecurityContext = new MockSecurityContext(userRoleAssignmentService);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService)
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenDto.class, 1234L, Role.ACTUAL_CUSTOMER_USER);
+                .havingAuthenticatedUser()
+                .withRole(GivenDto.class, 1234L, Role.ACTUAL_CUSTOMER_USER);
 
         given(ctx.getAutowireCapableBeanFactory()).willReturn(autowireCapableBeanFactory);
         given(autowireCapableBeanFactory.createBean(GivenService.class)).willReturn(givenService);
@@ -261,7 +262,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldDeserializeStringFieldIfRequiredRoleIsCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.FINANCIAL_CONTACT);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.FINANCIAL_CONTACT);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("id", 1234L),
@@ -283,7 +285,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldDeserializeUnchangedStringFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.FINANCIAL_CONTACT);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("id", 1234L),
@@ -305,7 +308,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldNotDeserializeUpatedStringFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("customerId", 888L),
@@ -330,7 +334,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldInitializeFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("customerId", 888L),
@@ -355,7 +360,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldNotCreateIfRoleRequiredByParentEntityIsNotCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 9999L, Role.CONTRACTUAL_CONTACT);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 9999L, Role.CONTRACTUAL_CONTACT);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("parentId", 1234L)));
@@ -379,7 +385,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldCreateIfRoleRequiredByReferencedEntityIsCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.CONTRACTUAL_CONTACT);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.CONTRACTUAL_CONTACT);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("parentId", 1234L)));
@@ -400,7 +407,8 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldNotUpdateFieldIfRequiredRoleIsNotCoveredByUser() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
+        securityContext.havingAuthenticatedUser()
+                .withRole(GivenCustomerDto.class, 888L, Role.ACTUAL_CUSTOMER_USER);
         givenJSonTree(
                 asJSon(
                         ImmutablePair.of("id", 1234L),
@@ -446,7 +454,7 @@ public class JSonDeserializationWithAccessFilterUnitTest {
     @Test
     public void shouldDetectUnknownFieldType() throws IOException {
         // given
-        givenSecurityContext.havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
         givenJSonTree(asJSon(ImmutablePair.of("unknown", new Arbitrary())));
 
         // when

src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonSerializationWithAccessFilterUnitTest.java

@@ -45,13 +45,14 @@ public class JSonSerializationWithAccessFilterUnitTest {
     @Mock
     private GivenCustomerService givenCustomerService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     private final GivenDto givenDTO = createSampleDto();
 
     @Before
     public void init() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser()
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
                 .withRole(GivenCustomerDto.class, 888L, Role.ANY_CUSTOMER_USER);
 
         given(ctx.getAutowireCapableBeanFactory()).willReturn(autowireCapableBeanFactory);
@@ -190,6 +191,7 @@ public class JSonSerializationWithAccessFilterUnitTest {
             Arbitrary fieldWithUnimplementedType = new Arbitrary();
         }
         final GivenDtoWithUnimplementedFieldType givenDtoWithUnimplementedFieldType = new GivenDtoWithUnimplementedFieldType();
+        SecurityContextFake.havingAuthenticatedUser();
 
         // when
         final Throwable actual = catchThrowable(

src/test/java/org/hostsharing/hsadminng/service/accessfilter/MockSecurityContext.java

@@ -1,96 +0,0 @@
-// Licensed under Apache-2.0
-package org.hostsharing.hsadminng.service.accessfilter;
-
-import static org.assertj.core.api.Assumptions.assumeThat;
-import static org.mockito.BDDMockito.given;
-
-import org.hostsharing.hsadminng.security.SecurityUtils;
-import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-
-import org.mockito.Mockito;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-
-public class MockSecurityContext {
-
-    private final UserRoleAssignmentService userRoleAssignmentService;
-    private final Collection<GrantedAuthority> authorities;
-
-    // TODO mhoennig: refactor this ctor to method withMock(...) returning a subclass to avoid null checks
-    public MockSecurityContext(final UserRoleAssignmentService userRoleAssignmentService) {
-        this.userRoleAssignmentService = userRoleAssignmentService;
-        this.authorities = new ArrayList<>();
-    }
-
-    public MockSecurityContext() {
-        this(null);
-    }
-
-    public MockSecurityContext havingAuthenticatedUser() {
-        return havingAuthenticatedUser("dummyUser");
-    }
-
-    public MockSecurityContext havingAuthenticatedUser(final String login) {
-        SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
-
-        securityContext.setAuthentication(new UsernamePasswordAuthenticationToken(login, "dummyPassword") {
-
-            @Override
-            public Collection<GrantedAuthority> getAuthorities() {
-                return authorities;
-            }
-        });
-        SecurityContextHolder.setContext(securityContext);
-
-        assumeThat(SecurityUtils.getCurrentUserLogin()).hasValue(login);
-        if (userRoleAssignmentService != null) {
-            Mockito.reset(userRoleAssignmentService);
-        }
-        authorities.clear();
-        return this;
-    }
-
-    public MockSecurityContext withRole(final Class<?> onClass, final Long onId, final Role... roles) {
-        if (userRoleAssignmentService == null) {
-            throw new IllegalStateException("mock not registered for: " + UserRoleAssignmentService.class.getSimpleName());
-        }
-        final EntityTypeId entityTypeId = onClass.getAnnotation(EntityTypeId.class);
-        assumeThat(entityTypeId).as("@" + EntityTypeId.class.getSimpleName() + " missing on class " + onClass.toString())
-                .isNotNull();
-        given(userRoleAssignmentService.getEffectiveRoleOfCurrentUser(entityTypeId.value(), onId))
-                .willReturn(new HashSet(Arrays.asList(roles)));
-        return this;
-    }
-
-    public MockSecurityContext withRole(final Role role) {
-        authorities.add(new GrantedAuthority() {
-
-            @Override
-            public String getAuthority() {
-                return role.asAuthority();
-            }
-        });
-        return this;
-    }
-
-    private static class FakePrincipal {
-
-        private final String username;
-
-        public FakePrincipal(final String username) {
-            this.username = username;
-        }
-
-        @Override
-        public String toString() {
-            return username;
-        }
-    }
-}

src/test/java/org/hostsharing/hsadminng/service/accessfilter/RoleUnitTest.java

@@ -95,6 +95,22 @@ public class RoleUnitTest {
         assertThat(catchThrowable(() -> Role.HOSTMASTER.coversAny((Role[]) null))).isInstanceOf(VerifyException.class);
     }
 
+    @Test
+    public void isNdependend() {
+        assertThat(Role.NOBODY.isIndependent()).isFalse();
+
+        assertThat(Role.HOSTMASTER.isIndependent()).isTrue();
+        assertThat(Role.ADMIN.isIndependent()).isTrue();
+        assertThat(Role.SUPPORTER.isIndependent()).isTrue();
+
+        assertThat(Role.CONTRACTUAL_CONTACT.isIndependent()).isFalse();
+        assertThat(Role.FINANCIAL_CONTACT.isIndependent()).isFalse();
+        assertThat(Role.ACTUAL_CUSTOMER_USER.isIndependent()).isFalse();
+        assertThat(Role.ANY_CUSTOMER_USER.isIndependent()).isFalse();
+
+        assertThat(Role.ANYBODY.isIndependent()).isTrue();
+    }
+
     @Test
     public void isIgnored() {
         for (Role role : Role.values()) {

src/test/java/org/hostsharing/hsadminng/service/accessfilter/SecurityContextDouble.java

@@ -0,0 +1,57 @@
+// Licensed under Apache-2.0
+package org.hostsharing.hsadminng.service.accessfilter;
+
+import static org.assertj.core.api.Assumptions.assumeThat;
+
+import org.hostsharing.hsadminng.security.SecurityUtils;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+abstract class SecurityContextDouble<T extends SecurityContextDouble> {
+
+    private final Collection<GrantedAuthority> authorities = new ArrayList<>();
+
+    protected SecurityContextDouble() {
+    }
+
+    protected SecurityContextDouble withAuthenticatedUser(final String login) {
+        SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
+
+        securityContext.setAuthentication(new UsernamePasswordAuthenticationToken(login, "dummyPassword") {
+
+            @Override
+            public Collection<GrantedAuthority> getAuthorities() {
+                return authorities;
+            }
+        });
+        SecurityContextHolder.setContext(securityContext);
+        assumeThat(SecurityUtils.getCurrentUserLogin()).hasValue(login);
+        return this;
+    }
+
+    public T withAuthority(final String authority) {
+        authorities.add((GrantedAuthority) () -> authority);
+        return (T) this;
+    }
+
+    private static class FakePrincipal {
+
+        private final String username;
+
+        public FakePrincipal(final String username) {
+            this.username = username;
+        }
+
+        @Override
+        public String toString() {
+            return username;
+        }
+    }
+
+}

src/test/java/org/hostsharing/hsadminng/service/accessfilter/SecurityContextFake.java

@@ -0,0 +1,18 @@
+// Licensed under Apache-2.0
+package org.hostsharing.hsadminng.service.accessfilter;
+
+public class SecurityContextFake extends SecurityContextDouble<SecurityContextFake> {
+
+    public static SecurityContextFake havingAuthenticatedUser() {
+        return havingAuthenticatedUser("dummyUser");
+    }
+
+    public static SecurityContextFake havingAuthenticatedUser(final String login) {
+        final SecurityContextFake securityContext = new SecurityContextFake();
+        securityContext.withAuthenticatedUser(login);
+        return securityContext;
+    }
+
+    protected SecurityContextFake() {
+    }
+}

src/test/java/org/hostsharing/hsadminng/service/accessfilter/SecurityContextMock.java

@@ -0,0 +1,47 @@
+// Licensed under Apache-2.0
+package org.hostsharing.hsadminng.service.accessfilter;
+
+import static org.assertj.core.api.Assumptions.assumeThat;
+import static org.mockito.BDDMockito.given;
+
+import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
+
+import org.mockito.Mockito;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+public class SecurityContextMock extends SecurityContextDouble<SecurityContextMock> {
+
+    private final UserRoleAssignmentService userRoleAssignmentService;
+
+    public static SecurityContextMock usingMock(final UserRoleAssignmentService userRoleAssignmentService) {
+        return new SecurityContextMock(userRoleAssignmentService);
+    }
+
+    public SecurityContextMock(final UserRoleAssignmentService userRoleAssignmentService) {
+        this.userRoleAssignmentService = userRoleAssignmentService;
+    }
+
+    public SecurityContextMock havingAuthenticatedUser() {
+        return havingAuthenticatedUser("dummyUser");
+    }
+
+    public SecurityContextMock havingAuthenticatedUser(final String login) {
+        super.withAuthenticatedUser(login);
+        Mockito.reset(userRoleAssignmentService);
+        return this;
+    }
+
+    public SecurityContextMock withRole(final Class<?> onClass, final long onId, final Role... roles) {
+        if (userRoleAssignmentService == null) {
+            throw new IllegalStateException("mock not registered for: " + UserRoleAssignmentService.class.getSimpleName());
+        }
+        final EntityTypeId entityTypeId = onClass.getAnnotation(EntityTypeId.class);
+        assumeThat(entityTypeId).as("@" + EntityTypeId.class.getSimpleName() + " missing on class " + onClass.toString())
+                .isNotNull();
+        given(userRoleAssignmentService.getEffectiveRoleOfCurrentUser(entityTypeId.value(), onId))
+                .willReturn(new HashSet(Arrays.asList(roles)));
+        return this;
+    }
+}

src/test/java/org/hostsharing/hsadminng/service/dto/AssetDTOIntTest.java

@@ -13,13 +13,14 @@ import org.hostsharing.hsadminng.domain.enumeration.AssetAction;
 import org.hostsharing.hsadminng.repository.AssetRepository;
 import org.hostsharing.hsadminng.repository.CustomerRepository;
 import org.hostsharing.hsadminng.repository.MembershipRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.AssetService;
 import org.hostsharing.hsadminng.service.AssetValidator;
 import org.hostsharing.hsadminng.service.MembershipValidator;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
 import org.hostsharing.hsadminng.service.mapper.AssetMapper;
 import org.hostsharing.hsadminng.service.mapper.AssetMapperImpl;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapperImpl;
@@ -113,22 +114,23 @@ public class AssetDTOIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     @Before
     public void init() {
         given(customerRepository.findById(SOME_CUSTOMER_ID)).willReturn(Optional.of(SOME_CUSTOMER));
         given(membershipRepository.findById(SOME_MEMBERSHIP_ID)).willReturn(Optional.of(SOME_MEMBERSHIP));
         given(assetRepository.findById(SOME_ASSET_ID)).willReturn((Optional.of(SOME_ASSET)));
-
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
-        securityContext = new MockSecurityContext(userRoleAssignmentService);
     }
 
     @Test
     public void shouldSerializePartiallyForFinancialCustomerContact() throws JsonProcessingException {
 
         // given
-        securityContext.havingAuthenticatedUser().withRole(CustomerDTO.class, SOME_CUSTOMER_ID, Role.FINANCIAL_CONTACT);
+        securityContext.havingAuthenticatedUser()
+                .withRole(CustomerDTO.class, SOME_CUSTOMER_ID, Role.FINANCIAL_CONTACT);
+
         final AssetDTO given = createSomeAssetDTO(SOME_ASSET_ID);
 
         // when
@@ -143,7 +145,7 @@ public class AssetDTOIntTest {
     public void shouldSerializeCompletelyForSupporter() throws JsonProcessingException {
 
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.SUPPORTER);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
         final AssetDTO given = createSomeAssetDTO(SOME_ASSET_ID);
 
         // when
@@ -170,13 +172,13 @@ public class AssetDTOIntTest {
                 BadRequestAlertException.class,
                 bre -> assertThat(bre.getMessage())
                         .isEqualTo(
-                                "Update of field AssetDTO.remark prohibited for current user roles CONTRACTUAL_CONTACT+ANYBODY"));
+                                "Update of field AssetDTO.remark prohibited for current user role(s): CONTRACTUAL_CONTACT"));
     }
 
     @Test
     public void shouldDeserializeForAdminIfRemarkIsChanged() throws IOException {
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
         final String json = new JSonBuilder()
                 .withFieldValue("id", SOME_ASSET_ID)
                 .withFieldValue("remark", "Updated Remark")

src/test/java/org/hostsharing/hsadminng/service/dto/CustomerDTOUnitTest.java

@@ -9,11 +9,12 @@ import org.hostsharing.hsadminng.domain.Customer;
 import org.hostsharing.hsadminng.domain.enumeration.CustomerKind;
 import org.hostsharing.hsadminng.domain.enumeration.VatRegion;
 import org.hostsharing.hsadminng.repository.CustomerRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.CustomerService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapper;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapperImpl;
 
@@ -64,11 +65,11 @@ public class CustomerDTOUnitTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     @Before
     public void init() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
     }
 
     @Test
@@ -111,7 +112,7 @@ public class CustomerDTOUnitTest {
     public void testSerializationAsSupporter() throws JsonProcessingException {
 
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.SUPPORTER);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
         CustomerDTO given = createSomeCustomerDTO(1234L);
 
         // when

src/test/java/org/hostsharing/hsadminng/service/dto/MembershipDTOUnitTest.java

@@ -6,12 +6,13 @@ import static org.assertj.core.api.Assertions.catchThrowable;
 import static org.hostsharing.hsadminng.service.accessfilter.JSonBuilder.asJSon;
 import static org.mockito.BDDMockito.given;
 
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.CustomerService;
 import org.hostsharing.hsadminng.service.MembershipService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.service.accessfilter.JSonDeserializationWithAccessFilter;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
 import org.hostsharing.hsadminng.web.rest.errors.BadRequestAlertException;
 
 import com.fasterxml.jackson.core.JsonParser;
@@ -61,7 +62,7 @@ public class MembershipDTOUnitTest {
     @Mock
     private CustomerService customerService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     @Before
     public void init() {
@@ -75,12 +76,12 @@ public class MembershipDTOUnitTest {
                         new CustomerDTO()
                                 .with(dto -> dto.setId(1234L))));
 
-        securityContext = new MockSecurityContext(userRoleAssignmentService);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
     }
 
     @Test
     public void adminShouldHaveRightToCreate() throws IOException {
-        securityContext.havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
         givenJSonTree(asJSon(ImmutablePair.of("customerId", 1234L)));
 
         // when

src/test/java/org/hostsharing/hsadminng/service/dto/SepaMandateDTOIntTest.java

@@ -12,12 +12,13 @@ import org.hostsharing.hsadminng.domain.SepaMandate;
 import org.hostsharing.hsadminng.repository.CustomerRepository;
 import org.hostsharing.hsadminng.repository.MembershipRepository;
 import org.hostsharing.hsadminng.repository.SepaMandateRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.MembershipValidator;
 import org.hostsharing.hsadminng.service.SepaMandateService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapperImpl;
 import org.hostsharing.hsadminng.service.mapper.MembershipMapperImpl;
 import org.hostsharing.hsadminng.service.mapper.SepaMandateMapper;
@@ -101,14 +102,14 @@ public class SepaMandateDTOIntTest {
     @MockBean
     public UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     @Before
     public void init() {
         given(customerRepository.findById(SOME_CUSTOMER_ID)).willReturn(Optional.of(SOME_CUSTOMER));
         given(sepaMandateRepository.findById(SOME_SEPA_MANDATE_ID)).willReturn((Optional.of(SOME_SEPA_MANDATE)));
 
-        securityContext = new MockSecurityContext(userRoleAssignmentService);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
     }
 
     @Test
@@ -130,7 +131,7 @@ public class SepaMandateDTOIntTest {
     public void shouldSerializeCompletelyForSupporter() throws JsonProcessingException {
 
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.SUPPORTER);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
         final SepaMandateDTO given = createSampleDTO(SOME_SEPA_MANDATE_ID, SOME_CUSTOMER_ID);
 
         // when
@@ -156,13 +157,13 @@ public class SepaMandateDTOIntTest {
         assertThat(actual).isInstanceOfSatisfying(
                 BadRequestAlertException.class,
                 bre -> assertThat(bre.getMessage()).isEqualTo(
-                        "Update of field SepaMandateDTO.remark prohibited for current user roles CONTRACTUAL_CONTACT+ANYBODY"));
+                        "Update of field SepaMandateDTO.remark prohibited for current user role(s): CONTRACTUAL_CONTACT"));
     }
 
     @Test
     public void shouldDeserializeForAdminIfRemarkIsChanged() throws IOException {
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
         final String json = new JSonBuilder()
                 .withFieldValue("id", SOME_SEPA_MANDATE_ID)
                 .withFieldValue("remark", "Updated Remark")

src/test/java/org/hostsharing/hsadminng/service/dto/ShareDTOIntTest.java

@@ -13,13 +13,14 @@ import org.hostsharing.hsadminng.domain.enumeration.ShareAction;
 import org.hostsharing.hsadminng.repository.CustomerRepository;
 import org.hostsharing.hsadminng.repository.MembershipRepository;
 import org.hostsharing.hsadminng.repository.ShareRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.MembershipValidator;
 import org.hostsharing.hsadminng.service.ShareService;
 import org.hostsharing.hsadminng.service.ShareValidator;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
 import org.hostsharing.hsadminng.service.accessfilter.JSonBuilder;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
 import org.hostsharing.hsadminng.service.accessfilter.Role;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapperImpl;
 import org.hostsharing.hsadminng.service.mapper.MembershipMapperImpl;
 import org.hostsharing.hsadminng.service.mapper.ShareMapper;
@@ -112,7 +113,7 @@ public class ShareDTOIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     @Before
     public void init() {
@@ -120,7 +121,7 @@ public class ShareDTOIntTest {
         given(membershipRepository.findById(SOME_MEMBERSHIP_ID)).willReturn(Optional.of(SOME_MEMBERSHIP));
         given(shareRepository.findById(SOME_SHARE_ID)).willReturn((Optional.of(SOME_SHARE)));
 
-        securityContext = new MockSecurityContext(userRoleAssignmentService);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService);
     }
 
     @Test
@@ -142,7 +143,7 @@ public class ShareDTOIntTest {
     public void shouldSerializeCompletelyForSupporter() throws JsonProcessingException {
 
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.SUPPORTER);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.SUPPORTER);
         final ShareDTO given = createSomeShareDTO(SOME_SHARE_ID);
 
         // when
@@ -169,13 +170,13 @@ public class ShareDTOIntTest {
                 BadRequestAlertException.class,
                 bre -> assertThat(bre.getMessage())
                         .isEqualTo(
-                                "Update of field ShareDTO.remark prohibited for current user roles CONTRACTUAL_CONTACT+ANYBODY"));
+                                "Update of field ShareDTO.remark prohibited for current user role(s): CONTRACTUAL_CONTACT"));
     }
 
     @Test
     public void shouldDeserializeForAdminIfRemarkIsChanged() throws IOException {
         // given
-        securityContext.havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext.havingAuthenticatedUser().withAuthority(AuthoritiesConstants.ADMIN);
         final String json = new JSonBuilder()
                 .withFieldValue("id", SOME_SHARE_ID)
                 .withFieldValue("remark", "Updated Remark")

src/test/java/org/hostsharing/hsadminng/web/rest/AssetResourceIntTest.java

@@ -12,11 +12,11 @@ import org.hostsharing.hsadminng.domain.Asset;
 import org.hostsharing.hsadminng.domain.Membership;
 import org.hostsharing.hsadminng.domain.enumeration.AssetAction;
 import org.hostsharing.hsadminng.repository.AssetRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.AssetQueryService;
 import org.hostsharing.hsadminng.service.AssetService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
-import org.hostsharing.hsadminng.service.accessfilter.Role;
 import org.hostsharing.hsadminng.service.dto.AssetDTO;
 import org.hostsharing.hsadminng.service.mapper.AssetMapper;
 import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
@@ -99,15 +99,15 @@ public class AssetResourceIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
-
     private MockMvc restAssetMockMvc;
 
     private Asset asset;
 
     @Before
     public void setup() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser().withRole(Role.ADMIN);
+        SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
+                .withAuthority(AuthoritiesConstants.ADMIN);
 
         MockitoAnnotations.initMocks(this);
         final AssetResource assetResource = new AssetResource(assetService, assetQueryService);

src/test/java/org/hostsharing/hsadminng/web/rest/CustomerResourceIntTest.java

@@ -14,11 +14,11 @@ import org.hostsharing.hsadminng.domain.SepaMandate;
 import org.hostsharing.hsadminng.domain.enumeration.CustomerKind;
 import org.hostsharing.hsadminng.domain.enumeration.VatRegion;
 import org.hostsharing.hsadminng.repository.CustomerRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.CustomerQueryService;
 import org.hostsharing.hsadminng.service.CustomerService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
-import org.hostsharing.hsadminng.service.accessfilter.Role;
 import org.hostsharing.hsadminng.service.dto.CustomerDTO;
 import org.hostsharing.hsadminng.service.mapper.CustomerMapper;
 import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
@@ -144,8 +144,6 @@ public class CustomerResourceIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
-
     private MockMvc restCustomerMockMvc;
 
     private Customer customer;
@@ -153,7 +151,9 @@ public class CustomerResourceIntTest {
     @Before
     public void setup() {
         MockitoAnnotations.initMocks(this);
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser().withRole(Role.ADMIN);
+        SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
+                .withAuthority(AuthoritiesConstants.ADMIN);
 
         final CustomerResource customerResource = new CustomerResource(customerService, customerQueryService);
         this.restCustomerMockMvc = MockMvcBuilders.standaloneSetup(customerResource)

src/test/java/org/hostsharing/hsadminng/web/rest/MembershipResourceIntTest.java

@@ -13,11 +13,11 @@ import org.hostsharing.hsadminng.domain.Customer;
 import org.hostsharing.hsadminng.domain.Membership;
 import org.hostsharing.hsadminng.domain.Share;
 import org.hostsharing.hsadminng.repository.MembershipRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.MembershipQueryService;
 import org.hostsharing.hsadminng.service.MembershipService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
-import org.hostsharing.hsadminng.service.accessfilter.Role;
 import org.hostsharing.hsadminng.service.dto.MembershipDTO;
 import org.hostsharing.hsadminng.service.mapper.MembershipMapper;
 import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
@@ -105,7 +105,7 @@ public class MembershipResourceIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
+    private SecurityContextMock securityContext;
 
     private MockMvc restMembershipMockMvc;
 
@@ -113,7 +113,9 @@ public class MembershipResourceIntTest {
 
     @Before
     public void setup() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser().withRole(Role.ADMIN);
+        securityContext = SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
+                .withAuthority(AuthoritiesConstants.ADMIN);
 
         MockitoAnnotations.initMocks(this);
         final MembershipResource membershipResource = new MembershipResource(membershipService, membershipQueryService);

src/test/java/org/hostsharing/hsadminng/web/rest/SepaMandateResourceIntTest.java

@@ -11,12 +11,11 @@ import org.hostsharing.hsadminng.HsadminNgApp;
 import org.hostsharing.hsadminng.domain.Customer;
 import org.hostsharing.hsadminng.domain.SepaMandate;
 import org.hostsharing.hsadminng.repository.SepaMandateRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.SepaMandateQueryService;
 import org.hostsharing.hsadminng.service.SepaMandateService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
-import org.hostsharing.hsadminng.service.accessfilter.Role;
-import org.hostsharing.hsadminng.service.dto.CustomerDTO;
 import org.hostsharing.hsadminng.service.dto.SepaMandateDTO;
 import org.hostsharing.hsadminng.service.mapper.SepaMandateMapper;
 import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
@@ -109,15 +108,15 @@ public class SepaMandateResourceIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
-
     private MockMvc restSepaMandateMockMvc;
 
     private SepaMandate sepaMandate;
 
     @Before
     public void setup() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser().withRole(Role.ADMIN);
+        SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
+                .withAuthority(AuthoritiesConstants.ADMIN);
 
         MockitoAnnotations.initMocks(this);
         final SepaMandateResource sepaMandateResource = new SepaMandateResource(sepaMandateService, sepaMandateQueryService);
@@ -132,7 +131,7 @@ public class SepaMandateResourceIntTest {
 
     /**
      * Create an entity for this test.
-     *
+     * <p>
      * This is a static method, as tests for other entities might also need it,
      * if they test an entity which requires the current entity.
      */
@@ -157,7 +156,7 @@ public class SepaMandateResourceIntTest {
 
     /**
      * Create an entity for tests with a specific customer.
-     *
+     * <p>
      * This is a static method, as tests for other entities might also need it,
      * if they test an entity which requires the current entity.
      */
@@ -193,8 +192,6 @@ public class SepaMandateResourceIntTest {
         sepaMandateDTO.setRemark(null);
         sepaMandateDTO.setRevokationDocumentDate(null);
         sepaMandateDTO.setLastUsedDate(null);
-        securityContext.havingAuthenticatedUser()
-                .withRole(CustomerDTO.class, sepaMandateDTO.getCustomerId(), Role.FINANCIAL_CONTACT);
 
         restSepaMandateMockMvc.perform(
                 post("/api/sepa-mandates")

src/test/java/org/hostsharing/hsadminng/web/rest/ShareResourceIntTest.java

@@ -12,11 +12,11 @@ import org.hostsharing.hsadminng.domain.Membership;
 import org.hostsharing.hsadminng.domain.Share;
 import org.hostsharing.hsadminng.domain.enumeration.ShareAction;
 import org.hostsharing.hsadminng.repository.ShareRepository;
+import org.hostsharing.hsadminng.security.AuthoritiesConstants;
 import org.hostsharing.hsadminng.service.ShareQueryService;
 import org.hostsharing.hsadminng.service.ShareService;
 import org.hostsharing.hsadminng.service.UserRoleAssignmentService;
-import org.hostsharing.hsadminng.service.accessfilter.MockSecurityContext;
+import org.hostsharing.hsadminng.service.accessfilter.SecurityContextMock;
-import org.hostsharing.hsadminng.service.accessfilter.Role;
 import org.hostsharing.hsadminng.service.dto.ShareDTO;
 import org.hostsharing.hsadminng.service.mapper.ShareMapper;
 import org.hostsharing.hsadminng.web.rest.errors.ExceptionTranslator;
@@ -97,15 +97,15 @@ public class ShareResourceIntTest {
     @MockBean
     private UserRoleAssignmentService userRoleAssignmentService;
 
-    private MockSecurityContext securityContext;
-
     private MockMvc restShareMockMvc;
 
     private Share share;
 
     @Before
     public void setup() {
-        securityContext = new MockSecurityContext(userRoleAssignmentService).havingAuthenticatedUser().withRole(Role.ADMIN);
+        SecurityContextMock.usingMock(userRoleAssignmentService)
+                .havingAuthenticatedUser()
+                .withAuthority(AuthoritiesConstants.ADMIN);
 
         MockitoAnnotations.initMocks(this);
         final ShareResource shareResource = new ShareResource(shareService, shareQueryService);