org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors Java Examples
The following examples show how to use
org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AuthConfigurationTest.java From credhub with Apache License 2.0 | 6 votes |
|
@Test
public void dataEndpoint_withMutualTLS_allowsAllClientCertsWithValidOrgUnitAndClientAuthExtensions()
throws Exception {
setupDataEndpointMocks();
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.SELF_SIGNED_CERT_WITH_CLIENT_AUTH_EXT);
final MockHttpServletRequestBuilder post = post(dataApiPath)
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()))
.accept(MediaType.APPLICATION_JSON)
.contentType(MediaType.APPLICATION_JSON)
.content("{\"type\":\"password\",\"name\":\"" + credentialName + "\"}");
mockMvc.perform(post)
.andExpect(status().isOk())
.andExpect(jsonPath("$.type").value("password"))
.andExpect(jsonPath("$.version_created_at").exists())
.andExpect(jsonPath("$.value").exists());
}
Example #2
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testDeleteConfig() throws Exception {
ConfigurationJobModel emptyConfigurationModel = addJob(slackChannelKey.getUniversalKey(), blackDuckProviderKey.getUniversalKey(), Map.of());
String jobId = String.valueOf(emptyConfigurationModel.getJobId());
addGlobalConfiguration(blackDuckProviderKey, Map.of(
BlackDuckDescriptor.KEY_BLACKDUCK_URL, List.of("BLACKDUCK_URL"),
BlackDuckDescriptor.KEY_BLACKDUCK_API_KEY, List.of("BLACKDUCK_API")));
String urlPath = url + "/" + jobId;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.delete(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isAccepted());
descriptorConfigRepository.flush();
UUID id = UUID.fromString(jobId);
Optional<ConfigurationJobModel> configuration = getConfigurationAccessor().getJobById(id);
assertTrue(configuration.isEmpty(), "Expected the job to have been deleted");
}
Example #3
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testSaveConfig() throws Exception {
addGlobalConfiguration(blackDuckProviderKey, Map.of(
BlackDuckDescriptor.KEY_BLACKDUCK_URL, List.of("BLACKDUCK_URL"),
BlackDuckDescriptor.KEY_BLACKDUCK_API_KEY, List.of("BLACKDUCK_API")));
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.post(url)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
JobFieldModel fieldModel = createTestJobFieldModel(null, null);
request.content(gson.toJson(fieldModel));
request.contentType(contentType);
MvcResult mvcResult = mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isCreated()).andReturn();
String response = mvcResult.getResponse().getContentAsString();
checkResponse(response);
}
Example #4
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testValidateConfig() throws Exception {
final String urlPath = url + "/validate";
addGlobalConfiguration(blackDuckProviderKey, Map.of(
BlackDuckDescriptor.KEY_BLACKDUCK_URL, List.of("BLACKDUCK_URL"),
BlackDuckDescriptor.KEY_BLACKDUCK_API_KEY, List.of("BLACKDUCK_API")));
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.post(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
JobFieldModel fieldModel = createTestJobFieldModel(null, null);
request.content(gson.toJson(fieldModel));
request.contentType(contentType);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #5
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetConfigById() throws Exception {
ConfigurationJobModel emptyConfigurationModel = addJob(slackChannelKey.getUniversalKey(), blackDuckProviderKey.getUniversalKey(), Map.of());
String configId = String.valueOf(emptyConfigurationModel.getJobId());
String urlPath = url + "/" + configId;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
MvcResult mvcResult = mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
String response = mvcResult.getResponse().getContentAsString();
ConfigurationJobModel fieldModel = gson.fromJson(response, ConfigurationJobModel.class);
assertNotNull(fieldModel);
assertEquals(configId, fieldModel.getJobId().toString());
}
Example #6
| Source File: AuditEntryControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetConfigWithId() throws Exception {
AuditEntryEntity entity = mockAuditEntryEntity.createEntity();
entity = auditEntryRepository.save(entity);
NotificationEntity notificationContent = mockNotificationContent.createEntity();
notificationContent = notificationRepository.save(notificationContent);
auditNotificationRepository.save(new AuditNotificationRelation(entity.getId(), notificationContent.getId()));
String getUrl = auditUrl + "/" + notificationContent.getId();
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(getUrl)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #7
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetConfig() throws Exception {
ConfigurationJobModel emptyConfigurationModel = addJob(slackChannelKey.getUniversalKey(), blackDuckProviderKey.getUniversalKey(), Map.of());
String configId = String.valueOf(emptyConfigurationModel.getJobId());
String urlPath = url + "?context=" + ConfigContextEnum.DISTRIBUTION.name() + "&descriptorName=" + slackChannelKey.getUniversalKey();
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
MvcResult mvcResult = mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
String response = mvcResult.getResponse().getContentAsString();
TypeToken fieldModelListType = new TypeToken<List<JobFieldModel>>() {};
List<JobFieldModel> fieldModels = gson.fromJson(response, fieldModelListType.getType());
assertNotNull(fieldModels);
assertFalse(fieldModels.isEmpty());
assertTrue(fieldModels.stream()
.anyMatch(fieldModel -> fieldModel.getJobId().equals(configId)));
}
Example #8
| Source File: DescriptorControllerSpeedTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testDescriptorEndpoint() throws Exception {
String urlPath = MetadataController.METADATA_BASE_PATH + DescriptorController.DESCRIPTORS_PATH;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
long startTime = System.nanoTime();
MvcResult mvcResult = mockMvc.perform(request).andReturn();
long endTime = System.nanoTime();
long totalRunTime = endTime - startTime;
long timeInMillis = TimeUnit.NANOSECONDS.toMillis(totalRunTime);
String responseContent = mvcResult.getResponse().getContentAsString();
JsonArray descriptorMetadata = gson.fromJson(responseContent, new TypeToken<JsonArray>() {}.getType());
assertTrue(descriptorMetadata.size() >= descriptors.size());
long expectedMaxTime = 500;
assertTrue(timeInMillis < expectedMaxTime, "Total runtime was: " + timeInMillis + "ms and should be below: " + expectedMaxTime + "ms.");
}
Example #9
| Source File: AuditEntryControllerTestIT.java From blackduck-alert with Apache License 2.0 | 6 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testPostConfig() throws Exception {
List<ConfigurationFieldModel> slackFields = new ArrayList<>(MockConfigurationModelFactory.createSlackDistributionFields());
ConfigurationFieldModel providerConfigName = providerConfigModel.getField(ProviderDescriptor.KEY_PROVIDER_CONFIG_NAME).orElse(null);
slackFields.add(providerConfigName);
SlackChannelKey slackChannelKey = new SlackChannelKey();
ConfigurationModel configurationModel = baseConfigurationAccessor.createConfiguration(slackChannelKey, ConfigContextEnum.DISTRIBUTION, slackFields);
ConfigurationJobModel configurationJobModel = new ConfigurationJobModel(UUID.randomUUID(), Set.of(configurationModel));
NotificationEntity notificationEntity = mockNotificationContent.createEntity();
notificationEntity = notificationRepository.save(notificationEntity);
mockAuditEntryEntity.setCommonConfigId(configurationJobModel.getJobId());
AuditEntryEntity auditEntity = mockAuditEntryEntity.createEntity();
auditEntity = auditEntryRepository.save(auditEntity);
auditNotificationRepository.save(new AuditNotificationRelation(auditEntity.getId(), notificationEntity.getId()));
String resendUrl = auditUrl + "/resend/" + notificationEntity.getId() + "/";
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.post(resendUrl)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #10
| Source File: AuthConfigurationTest.java From credhub with Apache License 2.0 | 6 votes |
|
@Test
public void dataEndpoint_withMutualTLS_deniesClientCertsWithOrgUnitsThatDontContainV4UUID()
throws Exception {
setupDataEndpointMocks();
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.TEST_CERT_WITH_INVALID_UUID_IN_ORGANIZATION_UNIT);
final MockHttpServletRequestBuilder post = post(dataApiPath)
.with(SecurityMockMvcRequestPostProcessors.x509(
certificateReader.getCertificate()))
.accept(MediaType.APPLICATION_JSON)
.contentType(MediaType.APPLICATION_JSON)
.content("{\"type\":\"password\",\"name\":\"" + credentialName + "\"}");
final String expectedError = "The provided authentication mechanism does not "
+ "provide a valid identity. Please contact your system administrator.";
mockMvc.perform(post)
.andExpect(status().isUnauthorized())
.andExpect(jsonPath("$.error").value(expectedError));
}
Example #11
| Source File: AuthConfigurationTest.java From credhub with Apache License 2.0 | 6 votes |
|
@Test
public void dataEndpoint_withMutualTLS_deniesClientCertsWithOrgUnitNotPrefixedAccurately()
throws Exception {
setupDataEndpointMocks();
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.TEST_CERT_WITH_INVALID_ORGANIZATION_UNIT_PREFIX);
final MockHttpServletRequestBuilder post = post(dataApiPath)
.with(SecurityMockMvcRequestPostProcessors.x509(
certificateReader.getCertificate()))
.accept(MediaType.APPLICATION_JSON)
.contentType(MediaType.APPLICATION_JSON)
.content("{\"type\":\"password\",\"name\":\"" + credentialName + "\"}");
final String expectedError = "The provided authentication mechanism does not provide a "
+ "valid identity. Please contact your system administrator.";
mockMvc.perform(post)
.andExpect(status().isUnauthorized())
.andExpect(jsonPath("$.error").value(expectedError));
}
Example #12
| Source File: AuthConfigurationTest.java From credhub with Apache License 2.0 | 6 votes |
|
@Test
public void dataEndpoint_withMutualTLS_deniesClientCertsWithoutOrgUnit() throws Exception {
setupDataEndpointMocks();
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.TEST_CERT_WITHOUT_ORGANIZATION_UNIT);
final MockHttpServletRequestBuilder post = post(dataApiPath)
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()))
.accept(MediaType.APPLICATION_JSON)
.contentType(MediaType.APPLICATION_JSON)
.content("{\"type\":\"password\",\"name\":\"" + credentialName + "\"}");
final String expectedError = "The provided authentication mechanism does not provide a "
+ "valid identity. Please contact your system administrator.";
mockMvc.perform(post)
.andExpect(status().isUnauthorized())
.andExpect(jsonPath("$.error").value(expectedError));
}
Example #13
| Source File: AuthConfigurationTest.java From credhub with Apache License 2.0 | 6 votes |
|
@Test
public void dataEndpoint_withMutualTLS_deniesClientCertsWithoutClientAuthExtension()
throws Exception {
setupDataEndpointMocks();
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.SELF_SIGNED_CERT_WITH_NO_CLIENT_AUTH_EXT);
final MockHttpServletRequestBuilder post = post(dataApiPath)
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()))
.accept(MediaType.APPLICATION_JSON)
.contentType(MediaType.APPLICATION_JSON)
.content("{\"type\":\"password\",\"name\":\"" + credentialName + "\"}");
mockMvc.perform(post)
.andDo(print())
.andExpect(status().isUnauthorized())
.andExpect(jsonPath("$.error")
.value(
"The provided certificate is not authorized to be used for client authentication."));
}
Example #14
| Source File: AuditEntryControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetAuditInfoForJob() throws Exception {
AuditEntryEntity entity = mockAuditEntryEntity.createEntity();
entity = auditEntryRepository.save(entity);
String getUrl = auditUrl + "/job/" + entity.getCommonConfigId();
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(getUrl)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #15
| Source File: CertificateControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
public void deleteForbiddenTest() throws Exception {
CertificateModel expectedCertificate = certTestUtil.createCertificate(certificateActions);
String url = CertificatesController.API_BASE_URL + String.format("/%s", expectedCertificate.getId());
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.delete(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("badUser"))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isForbidden());
}
Example #16
| Source File: CertificateControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
public void updateForbiddenTest() throws Exception {
CertificateModel expectedCertificate = certTestUtil.createCertificate(certificateActions);
CertificateModel updatedCertificate = new CertificateModel(expectedCertificate.getId(), "new-alias", expectedCertificate.getCertificateContent());
String url = CertificatesController.API_BASE_URL + String.format("/%s", expectedCertificate.getId());
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.put(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("badUser"))
.with(SecurityMockMvcRequestPostProcessors.csrf())
.content(gson.toJson(updatedCertificate))
.contentType(contentType);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isForbidden());
}
Example #17
| Source File: CertificateControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
public void createForbiddenTest() throws Exception {
String certificateContent = certTestUtil.readCertificateContents();
CertificateModel certificateModel = new CertificateModel(CertificateTestUtil.TEST_ALIAS, certificateContent, DateUtils.createCurrentDateString(DateUtils.UTC_DATE_FORMAT_TO_MINUTE));
String url = CertificatesController.API_BASE_URL;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.post(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("badUser"))
.with(SecurityMockMvcRequestPostProcessors.csrf())
.content(gson.toJson(certificateModel))
.contentType(contentType);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isForbidden());
}
Example #18
| Source File: JobConfigControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testUpdateConfig() throws Exception {
JobFieldModel fieldModel = createTestJobFieldModel("1", "2");
Map<String, Collection<String>> fieldValueModels = new HashMap<>();
for (FieldModel newFieldModel : fieldModel.getFieldModels()) {
fieldValueModels.putAll(newFieldModel.getKeyToValues().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> entry.getValue().getValues())));
}
ConfigurationJobModel emptyConfigurationModel = addJob(slackChannelKey.getUniversalKey(), blackDuckProviderKey.getUniversalKey(), fieldValueModels);
addGlobalConfiguration(blackDuckProviderKey, Map.of(
BlackDuckDescriptor.KEY_BLACKDUCK_URL, List.of("BLACKDUCK_URL"),
BlackDuckDescriptor.KEY_BLACKDUCK_API_KEY, List.of("BLACKDUCK_API")));
String configId = String.valueOf(emptyConfigurationModel.getJobId());
String urlPath = url + "/" + configId;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.put(urlPath)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
fieldModel.setJobId(configId);
request.content(gson.toJson(fieldModel));
request.contentType(contentType);
MvcResult mvcResult = mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isAccepted()).andReturn();
String response = mvcResult.getResponse().getContentAsString();
checkResponse(response);
}
Example #19
| Source File: AuditEntryControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetConfig() throws Exception {
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(auditUrl)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #20
| Source File: CertificateControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
public void readSingleForbiddenTest() throws Exception {
CertificateModel expectedCertificate = certTestUtil.createCertificate(certificateActions);
String url = CertificatesController.API_BASE_URL + String.format("/%s", expectedCertificate.getId());
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("badUser"))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isForbidden());
}
Example #21
| Source File: CredentialAclEnforcementTest.java From credhub with Apache License 2.0 | 5 votes |
|
@Test
public void GET_byCredentialName_whenTheUserDoesntHavePermissionToReadCredential_returns404() throws Exception {
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.SELF_SIGNED_CERT_WITH_CLIENT_AUTH_EXT);
final MockHttpServletRequestBuilder get = get("/api/v1/data?name=" + CREDENTIAL_NAME)
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()));
final String expectedError = "The request could not be completed because the credential does not exist or you do not have sufficient authorization.";
mockMvc.perform(get)
.andDo(print())
.andExpect(status().isNotFound())
.andExpect(jsonPath("$.error", equalTo(expectedError)));
}
Example #22
| Source File: CredentialAclEnforcementTest.java From credhub with Apache License 2.0 | 5 votes |
|
@Test
public void GET_byId_whenTheUserDoesntHavePermissionToReadCredential_returns404() throws Exception {
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.SELF_SIGNED_CERT_WITH_CLIENT_AUTH_EXT);
final MockHttpServletRequestBuilder get = get("/api/v1/data/" + uuid)
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()));
final String expectedError = "The request could not be completed because the credential does not exist or you do not have sufficient authorization.";
mockMvc.perform(get)
.andDo(print())
.andExpect(status().isNotFound())
.andExpect(jsonPath("$.error", equalTo(expectedError)));
}
Example #23
| Source File: CredentialAclEnforcementTest.java From credhub with Apache License 2.0 | 5 votes |
|
@Test
public void GET_byVersions_whenTheUserDoesntHavePermissionToReadCredential_returns404() throws Exception {
final CertificateReader certificateReader = new CertificateReader(CertificateStringConstants.SELF_SIGNED_CERT_WITH_CLIENT_AUTH_EXT);
final MockHttpServletRequestBuilder get = get("/api/v1/data?name=" + CREDENTIAL_NAME + "&versions=2")
.with(SecurityMockMvcRequestPostProcessors
.x509(certificateReader.getCertificate()));
final String expectedError = "The request could not be completed because the credential does not exist or you do not have sufficient authorization.";
mockMvc.perform(get)
.andDo(print())
.andExpect(status().isNotFound())
.andExpect(jsonPath("$.error", equalTo(expectedError)));
}
Example #24
| Source File: CertificateControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
public void readAllForbiddenTest() throws Exception {
String url = CertificatesController.API_BASE_URL;
MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("badUser"))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isForbidden());
}
Example #25
| Source File: ProfileControllerTest.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
@Test @WithMockWebAuthnUser(id = 1, firstName = "John", lastName = "Doe", emailAddress = "[email protected]", authorities = {"ROLE_USER"}, authenticators = {}) public void delete_test() throws Exception { //When mvc.perform( delete("/api/profile") .with(SecurityMockMvcRequestPostProcessors.csrf()) ) //Then .andExpect(status().isOk()); verify(profileAppService).delete(anyInt()); }
Example #26
| Source File: SystemControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetMessages() throws Exception {
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(SYSTEM_MESSAGE_BASE_URL)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
Example #27
| Source File: SystemControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testGetInitialSystemSetup() throws Exception {
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(SYSTEM_INITIAL_SETUP_BASE_URL)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isNotFound());
}
Example #28
| Source File: SystemControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Test
@WithMockUser(roles = AlertIntegrationTest.ROLE_ALERT_ADMIN)
public void testPostInitialSystemSetup() throws Exception {
final HashMap<String, FieldValueModel> valueModelMap = new HashMap<>();
final FieldModel configuration = new FieldModel("a_key", ConfigContextEnum.GLOBAL.name(), valueModelMap);
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.post(SYSTEM_INITIAL_SETUP_BASE_URL)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
request.content(gson.toJson(configuration));
request.contentType(contentType);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isNotFound());
}
Example #29
| Source File: UploadEndpointControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public void uploadFile(String targetKey) throws Exception {
String url = UploadEndpointManager.UPLOAD_ENDPOINT_URL + "/" + targetKey;
MockMultipartFile file = new MockMultipartFile("file", "testfile.txt", "text/plain", "test text".getBytes());
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.multipart(new URI(url))
.file(file)
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isCreated());
}
Example #30
| Source File: UploadEndpointControllerTestIT.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public void exists(String targetKey) throws Exception {
String url = UploadEndpointManager.UPLOAD_ENDPOINT_URL + "/" + targetKey + "/exists";
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(new URI(url))
.with(SecurityMockMvcRequestPostProcessors.user("admin").roles(AlertIntegrationTest.ROLE_ALERT_ADMIN))
.with(SecurityMockMvcRequestPostProcessors.csrf());
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isOk());
}
