Add a test for the AuthenticationPrincipal support

Author: ralscha

src/test/java/ch/ralscha/extdirectspring_itest/LoginController.java

@@ -0,0 +1,48 @@
+/**
+ * Copyright 2010-2014 Ralph Schaer <[email protected]>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.ralscha.extdirectspring_itest;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class LoginController {
+
+	private final InMemoryUserDetailsManager userManager;
+
+	@Autowired
+	public LoginController(InMemoryUserDetailsManager userManager) {
+		this.userManager = userManager;
+	}
+
+	@RequestMapping("/login")
+	@ResponseBody
+	public void login() {
+		UserDetails ud = userManager.loadUserByUsername("jimi");
+		if (ud != null) {
+			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
+					ud, null, ud.getAuthorities());
+			SecurityContextHolder.getContext().setAuthentication(token);
+		}
+	}
+
+}

src/test/java/ch/ralscha/extdirectspring_itest/SecuredService.java

@@ -21,6 +21,8 @@
 
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;
 import org.springframework.stereotype.Service;
 
 import ch.ralscha.extdirectspring.annotation.ExtDirectMethod;
@@ -30,9 +32,16 @@ public class SecuredService {
 
 	@ExtDirectMethod(group = "secured")
 	@PreAuthorize("isAnonymous()")
-	public String setDate(String id, @DateTimeFormat(pattern = "dd/MM/yyyy") Date date) {
+	public String setDate(String id, @DateTimeFormat(pattern = "dd/MM/yyyy") Date date,
+			@AuthenticationPrincipal UserDetails ud) {
 		DateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy");
-		return id + "," + dateFormat.format(date);
+		return id + "," + dateFormat.format(date) + ","
+				+ (ud != null ? ud.getUsername() : "");
 	}
 
+	@ExtDirectMethod(group = "secured")
+	@PreAuthorize("isAuthenticated()")
+	public String secret(String param, @AuthenticationPrincipal UserDetails ud) {
+		return param.toUpperCase() + "," + (ud != null ? ud.getUsername() : "");
+	}
 }

src/test/java/ch/ralscha/extdirectspring_itest/SecuredServiceTest.java

@@ -23,6 +23,7 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -65,7 +66,7 @@ public void callSetDate() throws IOException, JsonParseException,
 			Map<String, Object> rootAsMap = mapper.readValue(
 					responseString.substring(1, responseString.length() - 1), Map.class);
 			assertThat(rootAsMap).hasSize(5);
-			assertThat(rootAsMap.get("result")).isEqualTo("102,26.04.2012");
+			assertThat(rootAsMap.get("result")).isEqualTo("102,26.04.2012,");
 			assertThat(rootAsMap.get("method")).isEqualTo("setDate");
 			assertThat(rootAsMap.get("type")).isEqualTo("rpc");
 			assertThat(rootAsMap.get("action")).isEqualTo("securedService");
@@ -77,4 +78,93 @@ public void callSetDate() throws IOException, JsonParseException,
 		}
 	}
 
+	@Test
+	public void callSecretNotLoggedIn() throws IOException, JsonParseException,
+			JsonMappingException {
+
+		CloseableHttpClient client = HttpClientBuilder.create().build();
+		CloseableHttpResponse response = null;
+		try {
+
+			HttpPost post = new HttpPost("http://localhost:9998/controller/router");
+
+			StringEntity postEntity = new StringEntity(
+					"{\"action\":\"securedService\",\"method\":\"secret\",\"data\":[\"ralph\"],\"type\":\"rpc\",\"tid\":1}",
+					"UTF-8");
+
+			post.setEntity(postEntity);
+			post.setHeader("Content-Type", "application/json; charset=UTF-8");
+
+			response = client.execute(post);
+			HttpEntity entity = response.getEntity();
+			assertThat(entity).isNotNull();
+			String responseString = EntityUtils.toString(entity);
+
+			assertThat(responseString).isNotNull();
+			assertThat(responseString.startsWith("[") && responseString.endsWith("]"))
+					.isTrue();
+			ObjectMapper mapper = new ObjectMapper();
+			Map<String, Object> rootAsMap = mapper.readValue(
+					responseString.substring(1, responseString.length() - 1), Map.class);
+			assertThat(rootAsMap).hasSize(5);
+			assertThat(rootAsMap.get("message")).isEqualTo("Server Error");
+			assertThat(rootAsMap.get("method")).isEqualTo("secret");
+			assertThat(rootAsMap.get("type")).isEqualTo("exception");
+			assertThat(rootAsMap.get("action")).isEqualTo("securedService");
+			assertThat(rootAsMap.get("tid")).isEqualTo(1);
+		}
+		finally {
+			IOUtils.closeQuietly(response);
+			IOUtils.closeQuietly(client);
+		}
+	}
+
+	@Test
+	public void callSecretLoggedIn() throws IOException, JsonParseException,
+			JsonMappingException {
+
+		CloseableHttpClient client = HttpClientBuilder.create().build();
+		CloseableHttpResponse response = null;
+		try {
+
+			HttpGet login = new HttpGet("http://localhost:9998/controller/login");
+			response = client.execute(login);
+			HttpEntity entity = response.getEntity();
+			String responseString = EntityUtils.toString(entity);
+			System.out.println(responseString);
+			response.close();
+
+			HttpPost post = new HttpPost("http://localhost:9998/controller/router");
+
+			StringEntity postEntity = new StringEntity(
+					"{\"action\":\"securedService\",\"method\":\"secret\",\"data\":[\"ralph\"],\"type\":\"rpc\",\"tid\":1}",
+					"UTF-8");
+
+			post.setEntity(postEntity);
+			post.setHeader("Content-Type", "application/json; charset=UTF-8");
+
+			response = client.execute(post);
+			entity = response.getEntity();
+			assertThat(entity).isNotNull();
+			responseString = EntityUtils.toString(entity);
+
+			assertThat(responseString).isNotNull();
+			assertThat(responseString.startsWith("[") && responseString.endsWith("]"))
+					.isTrue();
+			ObjectMapper mapper = new ObjectMapper();
+			Map<String, Object> rootAsMap = mapper.readValue(
+					responseString.substring(1, responseString.length() - 1), Map.class);
+			assertThat(rootAsMap).hasSize(5);
+			assertThat(rootAsMap.get("result")).isEqualTo("RALPH,jimi");
+			assertThat(rootAsMap.get("method")).isEqualTo("secret");
+			assertThat(rootAsMap.get("type")).isEqualTo("rpc");
+			assertThat(rootAsMap.get("action")).isEqualTo("securedService");
+			assertThat(rootAsMap.get("tid")).isEqualTo(1);
+		}
+		finally {
+			IOUtils.closeQuietly(response);
+			IOUtils.closeQuietly(client);
+		}
+	}
+
 }