diff --git a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
index 063527cd..8ce18a45 100644
--- a/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java
@@ -3,6 +3,7 @@ package net.hostsharing.hsadminng.config;
import java.util.Map;
import com.github.tomakehurst.wiremock.WireMockServer;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
@@ -18,8 +19,10 @@ import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.TestPropertySource;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
+import static java.util.Map.entry;
import static org.assertj.core.api.Assertions.assertThat;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@@ -43,70 +46,108 @@ class WebSecurityConfigIntegrationTest {
@Autowired
private WireMockServer wireMockServer;
- @Test
- public void shouldSupportPingEndpoint() {
- // given
- wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=test-user"))
+ @BeforeEach
+ void setUp() {
+ wireMockServer.stubFor(get(anyUrl())
.willReturn(aResponse()
.withStatus(200)
.withBody("""
-
- test-user
-
+
""")));
+ }
-
- // fake Authorization header
- final var headers = new HttpHeaders();
- headers.set("Authorization", "test-user");
+ @Test
+ void accessToApiWithValidTokenShouldBePermitted() {
+ // given
+ givenCasTicketValidationResponse("fake-cas-ticket");
// http request
final var result = restTemplate.exchange(
"http://localhost:" + this.serverPort + "/api/ping",
HttpMethod.GET,
- new HttpEntity<>(null, headers),
+ httpHeaders(entry("Authorization", "fake-cas-ticket")),
String.class
);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
- assertThat(result.getBody()).startsWith("pong test-user");
+ assertThat(result.getBody()).startsWith("pong fake-cas-ticket");
}
@Test
- public void shouldSupportActuatorEndpoint() {
+ void accessToApiWithoutTokenShouldBeDenied() {
+ final var result = this.restTemplate.getForEntity(
+ "http://localhost:" + this.serverPort + "/api/ping", String.class);
+ assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+ }
+
+ @Test
+ void accessToApiWithInvalidTokenShouldBeDenied() {
+ // given
+ givenCasTicketValidationResponse("fake-cas-ticket");
+
+ // when
+ final var result = restTemplate.exchange(
+ "http://localhost:" + this.serverPort + "/api/ping",
+ HttpMethod.GET,
+ httpHeaders(entry("Authorization", "WRONG-cas-ticket")),
+ String.class
+ );
+
+ // then
+ assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+ }
+
+ @Test
+ void accessToActuatorShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator", Map.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
- public void shouldSupportSwaggerUi() {
+ void accessToSwaggerUiShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
- "http://localhost:" + this.managementPort + "/swagger-ui/index.html", String.class);
+ "http://localhost:" + this.serverPort + "/swagger-ui/index.html", String.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
}
@Test
- public void shouldSupportApiDocs() {
+ void accessToApiDocsEndpointShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
- "http://localhost:" + this.managementPort + "/v3/api-docs/swagger-config", String.class);
- assertThat(result.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); // permitted but not configured
+ "http://localhost:" + this.serverPort + "/v3/api-docs/swagger-config", String.class);
+ assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
+ assertThat(result.getBody()).contains("\"configUrl\":\"/v3/api-docs/swagger-config\"");
}
@Test
- public void shouldSupportHealthEndpoint() {
+ void accessToActuatorEndpointShouldBePermitted() {
final var result = this.restTemplate.getForEntity(
"http://localhost:" + this.managementPort + "/actuator/health", Map.class);
assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(result.getBody().get("status")).isEqualTo("UP");
}
- @Test
- public void shouldSupportMetricsEndpoint() {
- final var result = this.restTemplate.getForEntity(
- "http://localhost:" + this.managementPort + "/actuator/metrics", Map.class);
- assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
+ private void givenCasTicketValidationResponse(final String casToken) {
+ wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=" + casToken))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withBody("""
+
+
+ ${casToken}
+
+
+ """.replace("${casToken}", casToken))));
+ }
+
+ @SafeVarargs
+ private HttpEntity> httpHeaders(final Map.Entry... headerValues) {
+ final var headers = new HttpHeaders();
+ for ( Map.Entry headerValue: headerValues ) {
+ headers.add(headerValue.getKey(), headerValue.getValue());
+ }
+ return new HttpEntity<>(headers);
}
}