TestCases

Author: ranjani2412

spring-security/getting-started/SecureApplication/pom.xml

@@ -71,6 +71,14 @@
 			<artifactId>problem-spring-web</artifactId>
 			<version>0.27.0</version>
 		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.hamcrest/hamcrest-library -->
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-library</artifactId>
+			<version>2.2</version>
+			<scope>test</scope>
+		</dependency>
+
 	</dependencies>
 
 	<build>

spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java

@@ -9,6 +9,7 @@
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;

spring-security/getting-started/SecureApplication/src/main/resources/application.yml

@@ -1,7 +1,7 @@
 server:
   port: 8083
 
-#spring:
+spring:
   #security:
     #user:
       #name: admin

spring-security/getting-started/SecureApplication/src/test/java/com/reflectoring/security/web/BookControllerTest.java

@@ -0,0 +1,119 @@
+package com.reflectoring.security.web;
+
+import com.reflectoring.security.config.BasicAuthProperties;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.security.test.context.support.WithUserDetails;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.jdbc.Sql;
+import org.springframework.test.context.jdbc.SqlGroup;
+import org.springframework.test.web.servlet.MockMvc;
+
+import static org.hamcrest.Matchers.hasSize;
+import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+@SqlGroup({
+        @Sql(value = "classpath:init/first.sql", executionPhase = BEFORE_TEST_METHOD),
+        @Sql(value = "classpath:init/second.sql", executionPhase = BEFORE_TEST_METHOD)
+})
+public class BookControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Test
+    @WithMockUser(username = "bookadmin", roles = {"USER"})
+    void successIfSecurityApplies() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fiction")
+                        .param("user", "bookadmin")
+                        .header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$", hasSize(3)))
+        ;
+    }
+
+    @Test
+    @WithMockUser(username = "bookadmin", roles = {"ADMIN"})
+    void failsForWrongAuthorization() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fiction")
+                        .param("user", "bookadmin")
+                        .header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isForbidden())
+        ;
+    }
+
+    @Test
+    void failsIfSecurityApplies() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fiction")
+                        .param("user", "bookadmin")
+                        .header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isUnauthorized())
+        ;
+    }
+
+    @Test
+    @WithUserDetails(value="bookadmin", userDetailsServiceBeanName="userDetailsService")
+    void testBookWithConfiguredUserDetails() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fantasy")
+                        .param("user", "bookadmin")
+                        .header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$", hasSize(1)))
+        ;
+    }
+
+    @Test
+    @WithUserDetails(value="bookadmin", userDetailsServiceBeanName="userDetailsService")
+    void failsIfMandatoryHeaderIsMissing() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fantasy")
+                        .param("user", "bookadmin"))
+                        //.header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isForbidden())
+        ;
+    }
+
+    @Test
+    @WithUserDetails(value="bookadmin", userDetailsServiceBeanName="userDetailsService")
+    void failsIfPreAuthorizeConditionFails() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fantasy")
+                        .param("user", "bookuser")
+                .header("X-Application-Name", "Library"))
+                .andDo(print())
+                .andExpect(status().isForbidden())
+        ;
+    }
+
+    @Test
+    //@WithUserDetails(value="bookadmin", userDetailsServiceBeanName="userDetailsService")
+    void testBookWithWrongCredentialsUserDetails() throws Exception {
+        mockMvc.perform(get("/library/books")
+                        .param("genre", "Fantasy")
+                        .param("user", "bookadmin")
+                        .header("X-Application-Name", "Library")
+                        .with(httpBasic("bookadmin", "password")))
+                .andDo(print())
+                .andExpect(status().isUnauthorized());
+    }
+}

spring-security/getting-started/SecureApplication/src/test/resources/application-test.yml

@@ -0,0 +1,21 @@
+spring:
+  datasource:
+    driver-class-name: org.hsqldb.jdbc.JDBCDriver
+    url: jdbc:hsqldb:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+    username: sa
+    password:
+  jpa:
+    hibernate:
+      ddl-auto: create-drop
+    defer-datasource-initialization: true
+    show-sql: true
+    properties:
+      hibernate:
+        dialect: H2Dialect
+        format_sql: true
+
+logging:
+  level:
+    org:
+      hibernate:
+        sql: info

spring-security/getting-started/SecureApplication/src/test/resources/init/first.sql

@@ -0,0 +1,3 @@
+TRUNCATE TABLE AUTHOR_BOOK RESTART IDENTITY;
+TRUNCATE TABLE BOOK RESTART IDENTITY;
+TRUNCATE TABLE AUTHOR RESTART IDENTITY;

spring-security/getting-started/SecureApplication/src/test/resources/init/second.sql

@@ -0,0 +1,5 @@
+INSERT INTO BOOK (id, name, publisher, publication_year, genre) VALUES (1, 'The Kite Runner', 'Riverhead books', '2003', 'Fiction');
+INSERT INTO BOOK (id, name, publisher, publication_year, genre) VALUES (2, 'Exiles', 'Pan Macmillan', '2022', 'Fiction');
+INSERT INTO BOOK (id, name, publisher, publication_year, genre) VALUES (3, 'A Game of Thrones', 'Bantam Spectra', '1996', 'Fiction');
+INSERT INTO BOOK (id, name, publisher, publication_year, genre) VALUES (4, 'American Gods', 'Headline', '2001', 'Fantasy');
+INSERT INTO BOOK (id, name, publisher, publication_year, genre) VALUES (5, 'The Passenger', 'Knopf', '2022', 'Mystery');