View Javadoc

1   package com.atlassian.asap.core.server.filter;
2   
3   import com.atlassian.asap.api.Jwt;
4   import org.junit.After;
5   import org.junit.Before;
6   import org.junit.Test;
7   import org.mockito.Mockito;
8   import org.springframework.mock.web.MockFilterChain;
9   import org.springframework.mock.web.MockHttpServletRequest;
10  import org.springframework.mock.web.MockHttpServletResponse;
11  
12  import javax.servlet.http.HttpServletRequest;
13  
14  import static org.hamcrest.MatcherAssert.assertThat;
15  import static org.hamcrest.Matchers.equalTo;
16  import static org.junit.Assert.assertNotNull;
17  import static org.junit.Assert.assertNull;
18  
19  public class AbstractRequestAuthorizationFilterTest {
20      private MockHttpServletRequest request;
21      private MockHttpServletResponse response;
22      private MockFilterChain filterChain;
23      private Jwt jwt;
24  
25      @Before
26      public void createMocks() {
27          request = new MockHttpServletRequest();
28          response = new MockHttpServletResponse();
29          filterChain = new MockFilterChain();
30          jwt = Mockito.mock(Jwt.class);
31      }
32  
33      @After
34      public void releaseMocks() {
35          request = null;
36          response = null;
37          filterChain = null;
38          jwt = null;
39      }
40  
41      @Test(expected = IllegalStateException.class)
42      public void shouldFailIfJwtTokenIsNotPresentInTheRequest() throws Exception {
43          AbstractRequestAuthorizationFilter filter = createFilter(true);
44          filter.doFilter(request, response, filterChain);
45      }
46  
47      @Test
48      public void shouldPropagateTheChainIfAuthorized() throws Exception {
49          AbstractRequestAuthorizationFilter filter = createFilter(true);
50          request.setAttribute(AbstractRequestAuthenticationFilter.AUTHENTIC_JWT_REQUEST_ATTRIBUTE, jwt);
51  
52          filter.doFilter(request, response, filterChain);
53  
54          assertNotNull(filterChain.getRequest());
55      }
56  
57      @Test
58      public void shouldRejectIfUnauthorized() throws Exception {
59          AbstractRequestAuthorizationFilter filter = createFilter(false);
60          request.setAttribute(AbstractRequestAuthenticationFilter.AUTHENTIC_JWT_REQUEST_ATTRIBUTE, jwt);
61  
62          filter.doFilter(request, response, filterChain);
63  
64          assertThat(response.getStatus(), equalTo(403));
65          assertNull(filterChain.getRequest());
66      }
67  
68      private static AbstractRequestAuthorizationFilter createFilter(boolean authorizationResult) {
69          return new AbstractRequestAuthorizationFilter() {
70              @Override
71              protected boolean isAuthorized(HttpServletRequest request, Jwt jwt) {
72                  return authorizationResult;
73              }
74          };
75      }
76  }