public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); final String jsonFeature = CommonProperties.getValue(config.getProperties(), config.getRuntimeType(), InternalProperties.JSON_FEATURE, JSON_FEATURE, String.class); // Other JSON providers registered. if (!JSON_FEATURE.equalsIgnoreCase(jsonFeature)) { return false; } // Disable other JSON providers. context.property(PropertiesHelper.getPropertyNameForRuntime(InternalProperties.JSON_FEATURE, config.getRuntimeType()), JSON_FEATURE); // Register FastJson. if (!config.isRegistered(FastJsonProvider.class)) { //DisableCircularReferenceDetect FastJsonProvider fastJsonProvider = new FastJsonProvider(); FastJsonConfig fastJsonConfig = new FastJsonConfig(); //fastJsonConfig.setSerializerFeatures(SerializerFeature.DisableCircularReferenceDetect,SerializerFeature.BrowserSecure); fastJsonConfig.setSerializerFeatures(SerializerFeature.DisableCircularReferenceDetect); fastJsonProvider.setFastJsonConfig(fastJsonConfig); context.register(fastJsonProvider, MessageBodyReader.class, MessageBodyWriter.class); } return true; }
@Test public void testRegister() throws Exception { logger.info("start Register test"); Client client = newClient(); Map<Class<?>, Integer> myContracts = new HashMap<Class<?>, Integer>(); myContracts.put(Feature.class, 1200); client.register(MyComponent.class, myContracts); Configuration configuration = client.getConfiguration(); Set<Class<?>> classes = configuration.getClasses(); for (Class<?> clazz : classes) { if (MyComponent.class.isAssignableFrom(clazz)) { Map<Class<?>, Integer> contracts = configuration.getContracts(clazz); int priority = contracts.get(Feature.class); assertTrue("Only standard: Feature, DynamicFeature, WriterInterceptor, " + "ReaderInterceptor, ContainerResponseFilter, " + "ContainerRequestFilter, " + "ClientResponseFilter, ClientRequestFilter, " + "ExceptionMapper, MessageBodyWriter, " + "MessageBodyReader,ParamConverterProvider or implemented: InjectorFactory, " + "StringParameterUnmarshaller, StringConverter, " + "ContextResolver, PostProcessInterceptor, " + "PreProcessInterceptor, ClientExecutionInterceptor, ClientExceptionMapper" + "can be registered as contracts. Registered priority", priority == 1200); } } }
/** * Register a Jersey JSON provider feature only if another JSON provider is not already registered, checking * {@link #JERSEY_JSON_PROVIDER_PROPERTY} property value. * @param context Feature context * @param feature Feature to register * @param featureName Feature name to register * @return <code>true</code> if feature was registered, <code>false</code> otherwise */ private static boolean registerJerseyJsonFeature(FeatureContext context, Class<? extends Feature> feature, String featureName) { final Configuration config = context.getConfiguration(); final String jsonFeature = CommonProperties.getValue(config.getProperties(), config.getRuntimeType(), JERSEY_JSON_PROVIDER_PROPERTY, featureName, String.class); if (!featureName.equalsIgnoreCase(jsonFeature)) { // Other JSON providers registered return false; } // Disable other JSON providers context.property( PropertiesHelper.getPropertyNameForRuntime(JERSEY_JSON_PROVIDER_PROPERTY, config.getRuntimeType()), featureName); // Register if (!config.isRegistered(feature)) { context.register(feature); } return true; }
@Test public void testApiKey() { final User user = new User(); final ApiKey apiKey = new ApiKey(); apiKey.setValue("xyz"); apiKey.setUser(user); final String authorization = AuthUtils.create(apiKey.getValue(), ""); final SecurityDao dao = mock(SecurityDao.class); when(dao.findApiKeyByValue(eq("xyz"))).thenReturn(apiKey); when(dao.read(eq(User.class), eq(user.getId()))).thenReturn(user); final Configuration config = mock(Configuration.class); when(config.getProperty(eq(MinijaxProperties.SECURITY_USER_CLASS))).thenReturn(User.class); final Security<User> security = new Security<>(dao, config, authorization, null); security.requireLogin(); assertTrue(security.isLoggedIn()); assertNotNull(security.getUserPrincipal()); assertEquals(user, security.getUserPrincipal()); assertEquals(user, security.getUserPrincipal()); assertEquals(SecurityContext.BASIC_AUTH, security.getAuthenticationScheme()); }
@Test public void testApiKeyDeleted() { final User user = new User(); final ApiKey apiKey = new ApiKey(); apiKey.setValue("xyz"); apiKey.setUser(user); apiKey.setDeleted(true); final String authorization = AuthUtils.create(apiKey.getValue(), ""); final SecurityDao dao = mock(SecurityDao.class); when(dao.findApiKeyByValue(eq("xyz"))).thenReturn(apiKey); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, authorization, null); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); }
@Test(expected = BadRequestException.class) public void testInvalidSessionToken() { final User user = new User(); final UserSession session = new UserSession(); session.setUser(user); final String cookie = session.getId().toString(); final SecurityDao dao = mock(SecurityDao.class); when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session); when(dao.read(eq(User.class), eq(user.getId()))).thenReturn(user); final Configuration config = mock(Configuration.class); when(config.getProperty(eq(MinijaxProperties.SECURITY_USER_CLASS))).thenReturn(User.class); final Security<User> security = new Security<>(dao, config, null, cookie); security.validateSession("not-the-right-token"); }
@Test public void testLogout() { final User user = new User(); final UserSession session = new UserSession(); session.setUser(user); final String cookie = session.getId().toString(); final SecurityDao dao = mock(SecurityDao.class); when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session); when(dao.read(eq(User.class), eq(user.getId()))).thenReturn(user); final Configuration config = mock(Configuration.class); when(config.getProperty(eq(MinijaxProperties.SECURITY_USER_CLASS))).thenReturn(User.class); final Security<User> security = new Security<>(dao, config, null, cookie); final NewCookie newCookie = security.logout(); assertNotNull(newCookie); assertEquals("", newCookie.getValue()); verify(dao).purge(eq(session)); }
@Test public void shouldRegisterAMultiTypedProviderInstanceWithPriorities() { MultiTypedProvider provider = new MultiTypedProvider(); Map<Class<?>, Integer> priorities = new HashMap<>(); priorities.put(ClientRequestFilter.class, 500); priorities.put(ClientResponseFilter.class, 501); priorities.put(MessageBodyReader.class, 502); priorities.put(MessageBodyWriter.class, 503); priorities.put(ReaderInterceptor.class, 504); priorities.put(WriterInterceptor.class, 505); priorities.put(ResponseExceptionMapper.class, 506); priorities.put(ParamConverterProvider.class, 507); RestClientBuilder builder = RestClientBuilder.newBuilder().register(provider, priorities); Configuration configuration = builder.getConfiguration(); assertTrue(configuration.isRegistered(MultiTypedProvider.class), MultiTypedProvider.class + " should be registered"); assertTrue(configuration.isRegistered(provider), MultiTypedProvider.class + " should be registered"); Map<Class<?>, Integer> contracts = configuration.getContracts(MultiTypedProvider.class); assertEquals(contracts.size(), priorities.size(), "There should be "+priorities.size()+" provider types registered"); for(Map.Entry<Class<?>, Integer> priority : priorities.entrySet()) { Integer contractPriority = contracts.get(priority.getKey()); assertEquals(contractPriority, priority.getValue(), "The priority for "+priority.getKey()+" should be "+priority.getValue()); } }
@Test public void shouldRegisterAMultiTypedProviderClassWithPriorities() { Map<Class<?>, Integer> priorities = new HashMap<>(); priorities.put(ClientRequestFilter.class, 500); priorities.put(ClientResponseFilter.class, 501); priorities.put(MessageBodyReader.class, 502); priorities.put(MessageBodyWriter.class, 503); priorities.put(ReaderInterceptor.class, 504); priorities.put(WriterInterceptor.class, 505); priorities.put(ResponseExceptionMapper.class, 506); priorities.put(ParamConverterProvider.class, 507); RestClientBuilder builder = RestClientBuilder.newBuilder().register(MultiTypedProvider.class, priorities); Configuration configuration = builder.getConfiguration(); assertTrue(configuration.isRegistered(MultiTypedProvider.class), MultiTypedProvider.class + " should be registered"); Map<Class<?>, Integer> contracts = configuration.getContracts(MultiTypedProvider.class); assertEquals(contracts.size(), priorities.size(), "There should be "+priorities.size()+" provider types registered"); for(Map.Entry<Class<?>, Integer> priority : priorities.entrySet()) { Integer contractPriority = contracts.get(priority.getKey()); assertEquals(contractPriority, priority.getValue(), "The priority for "+priority.getKey()+" should be "+priority.getValue()); } }
@Override public boolean configure(FeatureContext context) { Configuration configuration = context.getConfiguration(); Boolean enabled = PropertyHelper.getProperty(configuration, RestServerV2.FIRST_TIME_API_ENABLE); Boolean testApiEnabled = PropertyHelper.getProperty(configuration, RestServerV2.TEST_API_ENABLE); // Default is not enabled if (enabled == null || !enabled) { return false; } boolean allowTestApis = testApiEnabled != null && testApiEnabled; // this is handled separately from firstTimeApi because we may enable the api only on master // but still register the filer on all nodes context.register(BootstrapResource.class); if (allowTestApis) { context.register(NoUserTestFilter.class); } else { context.register(NoUserFilter.class); } return true; }
@Override public boolean configure(FeatureContext context) { Configuration configuration = context.getConfiguration(); Boolean enabled = PropertyHelper.getProperty(configuration, RestServerV2.TEST_API_ENABLE); // Default is not enabled if (enabled == null || !enabled) { return false; } for (Class<?> resource : scanResult.getAnnotatedClasses(RestResourceUsedForTesting.class)) { context.register(resource); } return true; }
@Override public boolean configure(FeatureContext context) { final Configuration configuration = context.getConfiguration(); Boolean disabled = PropertyHelper.getProperty(configuration, RestServerV2.DAC_AUTH_FILTER_DISABLE); // Default is not disabled if (disabled != null && disabled) { return false; } context.register(DACAuthFilter.class); if (!configuration.isRegistered(RolesAllowedDynamicFeature.class)) { context.register(RolesAllowedDynamicFeature.class); } return true; }
public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); final String jsonFeature = CommonProperties.getValue(config.getProperties(), config.getRuntimeType(), InternalProperties.JSON_FEATURE, JSON_FEATURE, String.class); // Other JSON providers registered. if (!JSON_FEATURE.equalsIgnoreCase(jsonFeature)) { return false; } // Disable other JSON providers. context.property(PropertiesHelper.getPropertyNameForRuntime(InternalProperties.JSON_FEATURE, config.getRuntimeType()), JSON_FEATURE); // Register FastJson. if (!config.isRegistered(FastJsonProvider.class)) { context.register(FastJsonProvider.class, MessageBodyReader.class, MessageBodyWriter.class); } return true; }
@Override public void configure(FeatureContext context) { final int priorityInc = 3000; // Jersey MOXY provider have higher priority(7000), so we need set higher than it int priority = Priorities.USER + priorityInc; Configuration config = context.getConfiguration(); if (!config.isRegistered(ParsecValidationExceptionMapper.class)) { context.register(ParsecValidationExceptionMapper.class, priority); } if (!config.isRegistered(ValidationConfigurationContextResolver.class)) { context.register(ValidationConfigurationContextResolver.class, priority); } if (!config.isRegistered(ParsecMoxyProvider.class)) { context.register(ParsecMoxyProvider.class, priority); } if (!config.isRegistered(JaxbExceptionMapper.class)) { context.register(JaxbExceptionMapper.class, priority); } }
@Override public boolean configure(FeatureContext context) { Configuration configuration = context.getConfiguration(); if (!configuration.isRegistered(ConfigPropertyResolver.class)) { LOGGER.debug("Register ConfigPropertyFeature"); context.register(ConfigPropertyResolver.class); context.register(new AbstractBinder() { @Override protected void configure() { bind(ConfigPropertyResolver.class) .to(new TypeLiteral<InjectionResolver<ConfigProperty>>() {}) .in(Singleton.class); } }); } return true; }
@Override public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); if (!config.isRegistered(VelocityViewProcessor.class)) { // Template Processor. context.register(VelocityViewProcessor.class); // MvcFeature. if (!config.isRegistered(MvcFeature.class)) { context.register(MvcFeature.class); } return true; } return false; }
@Override public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); if (!config.isRegistered(FreemarkerViewProcessor.class)) { // Template Processor. context.register(FreemarkerViewProcessor.class); // MvcFeature. if (!config.isRegistered(MvcFeature.class)) { context.register(MvcFeature.class); } return true; } return false; }
@Override public AsyncHttpClientConfig.Builder customize( Client client, Configuration config, AsyncHttpClientConfig.Builder configBuilder ) { if (useProxy && !StringUtils.isEmpty(username)) { Realm realm = new Realm.RealmBuilder().setScheme(Realm.AuthScheme.BASIC) .setUsePreemptiveAuth(true) .setTargetProxy(true) .setPrincipal(username) .setPassword(password) .build(); configBuilder.setRealm(realm); } return configBuilder; }
/** * Property defines output encoding produced by * {@link org.glassfish.jersey.server.mvc.spi.TemplateProcessor}. The value * must be a valid encoding defined that can be passed to the * {@link java.nio.charset.Charset#forName(String)} method. * * <p/> * The default value is {@code UTF-8}. * <p/> * The name of the configuration property is <tt>{@value}</tt>. * <p/> * * @param context * @return */ // public static final String ENCODING = MvcFeature.ENCODING + SUFFIX; @Override public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); if (!config.isRegistered(JasperViewProcessor.class)) { // Template Processor. context.register(JasperViewProcessor.class); // MvcFeature. if (!config.isRegistered(MvcFeature.class)) { context.register(MvcFeature.class); } return true; } return false; }
/** * {@inheritDoc} */ @Override public boolean configure(FeatureContext context) { Configuration configuration = context.getConfiguration(); if (!configuration.isRegistered(UriConnegFilter.class)) { context.register(UriConnegFilter.class, Priorities.AUTHENTICATION - 100); } if (!context.getConfiguration().isRegistered(DownloadEntityFilter.class)) { context.register(DownloadEntityFilter.class); } if (!configuration.isRegistered(LoadBalancerRequestFilter.class)) { context.register(LoadBalancerRequestFilter.class); } return true; }
/** * {@inheritDoc} */ @Override public boolean configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); if (!config.isRegistered(EntityFieldsProcessor.class)) { // register EntityFilteringFeature if (!config.isRegistered(EntityFilteringFeature.class)) { context.register(EntityFilteringFeature.class); } // Entity Processors. context.register(EntityFieldsProcessor.class); // Scope Resolver. context.register(EntityFieldsScopeResolver.class); return true; } return false; }
/** * <p>getExtends.</p> * * @param config a {@link javax.ws.rs.core.Configuration} object. * @param module a {@link java.lang.String} object. * @param defaultExtensions an array of {@link java.lang.String} objects. * @return an array of {@link java.lang.String} objects. */ public static String[] getExtends(Configuration config, String module, String[] defaultExtensions) { String extension = getStringExtends(config, module); if (StringUtils.isBlank(extension)) { return defaultExtensions; } else { extension = extension.toLowerCase(); } String[] extensions = extension.split(","); for (String ext : defaultExtensions) { if (!ArrayUtils.contains(extensions, ext.substring(1)) && !ArrayUtils.contains(extensions, ext)) { extensions = ArrayUtils.add(extensions, ext); } } return extensions; }
/** * <p>getStringExtends.</p> * * @param config a {@link javax.ws.rs.core.Configuration} object. * @param module a {@link java.lang.String} object. * @return a {@link java.lang.String} object. */ public static String getStringExtends(Configuration config, String module) { Map<String, Object> map = config.getProperties(); String extension = (String) map.get(AbstractTemplateProcessor.TEMPLATE_CONF_PREFIX + module + ".suffix"); if (StringUtils.isNotBlank(extension)) { extension = StringUtils.deleteWhitespace(extension); } if (StringUtils.isBlank(extension)) { extension = (String) map.get(AbstractTemplateProcessor.TEMPLATE_CONF_PREFIX + "suffix"); if (StringUtils.isNotBlank(extension)) { extension = StringUtils.deleteWhitespace(extension); } } return StringUtils.isBlank(extension) ? null : extension.toLowerCase(); }
/** * Create a new filter. * @param rc Resource config. */ @Inject public SensorSafeOAuth1ServerFilter(Configuration rc) { // establish supported OAuth protocol versions HashSet<String> v = new HashSet<String>(); v.add(null); v.add("1.0"); versions = Collections.unmodifiableSet(v); // optional initialization parameters (defaulted) String realm = PropertiesHelper.getValue(rc.getProperties(), OAuth1ServerProperties.REALM, "default", String.class); /* Maximum age (in milliseconds) of timestamp to accept in incoming messages. */ int maxAge = PropertiesHelper.getValue(rc.getProperties(), OAuth1ServerProperties.MAX_AGE, 300000); /* Average requests to process between nonce garbage collection passes. */ int gcPeriod = PropertiesHelper.getValue(rc.getProperties(), OAuth1ServerProperties.GC_PERIOD, 100); ignorePathPattern = pattern(PropertiesHelper.getValue(rc.getProperties(), OAuth1ServerProperties.IGNORE_PATH_PATTERN, null, String.class)); // no pattern optional = PropertiesHelper.isProperty(rc.getProperties(), OAuth1ServerProperties.NO_FAIL); nonces = new NonceManager(maxAge, gcPeriod); // www-authenticate header for the life of the object wwwAuthenticateHeader = "OAuth realm=\"" + realm + "\""; }
@Override public void configure(final FeatureContext context) { final Configuration config = context.getConfiguration(); // Register FastJson. if (!config.isRegistered(FastJsonFeature.class) && autoDiscover) { context.register(FastJsonFeature.class); } }
@Test public void testConfiguration() throws Exception { logger.info("start REST Configuration test"); Client client = newClient(); Configuration configuration = client.getConfiguration(); Set<Class<?>> classes = configuration.getClasses(); for (Class<?> clazz : classes) { assertTrue("verify if the class is a rest component or provider", MessageBodyReader.class.isAssignableFrom(clazz) || MessageBodyWriter.class.isAssignableFrom(clazz) || clazz.isAnnotationPresent(Provider.class) || DynamicFeature.class.isAssignableFrom(clazz)); Map<Class<?>, Integer> contracts = configuration.getContracts(clazz); assertFalse("each class has different contracts", contracts.isEmpty()); for (Class<?> contract : contracts.keySet()) { int value = contracts.get(contract); assertTrue("verify if the contract is a rest component or provider", value == 5000 || value == 4000 || value == 3000 || value == 0); } } Set<Object> instances = configuration.getInstances(); assertTrue("by default there are not instances", instances.isEmpty()); Map<String, Object> properties = configuration.getProperties(); assertTrue("by default there are not properties", properties.isEmpty()); MyComponent myComponent = new MyComponent(); client.register(myComponent); instances = configuration.getInstances(); assertFalse("Added instance", instances.isEmpty()); for (Object instance : instances) { if (instance instanceof MyComponent) assertTrue("MyComponent is registered and active", configuration.isEnabled((Feature) instance)); } assertEquals("Added property through MyComponent", 1, properties.size()); boolean property = (Boolean) properties.get("configured_myComponent"); assertEquals("configured_myComponent ok!", true, property); assertEquals("type CLIENT by default", CLIENT, configuration.getRuntimeType()); }
@Override public List<Result> verify(String connectorId, Map<String, String> options) { final ResteasyJackson2Provider resteasyJacksonProvider = new ResteasyJackson2Provider(); resteasyJacksonProvider.setMapper(MAPPER); final ResteasyProviderFactory providerFactory = ResteasyProviderFactory.newInstance(); providerFactory.register(resteasyJacksonProvider); final Configuration configuration = new LocalResteasyProviderFactory(providerFactory); Client client = ClientBuilder.newClient(configuration); WebTarget target = client.target(String.format("http://%s/api/v1/verifier/%s", config.getService(), connectorId)); return target.request(MediaType.APPLICATION_JSON).post(Entity.entity(options, MediaType.APPLICATION_JSON), new GenericType<List<Result>>(){}); }
@Before public void setup() { FeatureContext featureContext = Mockito.mock(FeatureContext.class); Mockito.when(featureContext.getConfiguration()).thenReturn(Mockito.mock(Configuration.class)); feature = new CrnkFeature(); feature.configure(featureContext); uriInfo = Mockito.mock(UriInfo.class); Mockito.when(uriInfo.getQueryParameters()).thenReturn(Mockito.mock(MultivaluedMap.class)); requestContext = Mockito.mock(ContainerRequestContext.class); Mockito.when(requestContext.getUriInfo()).thenReturn(uriInfo); context = new JaxrsRequestContext(requestContext, feature); }
public boolean configure(FeatureContext context) { context.property("jersey.config.server.disableMoxyJson", Boolean.valueOf(true)); Configuration config = context.getConfiguration(); context.property(getPropertyNameForRuntime("jersey.config.jsonFeature", config.getRuntimeType()), JSON_FEATURE); if (!config.isRegistered(JacksonJaxbJsonProvider.class)) { context.register(JsonParseExceptionMapper.class); context.register(JsonMappingExceptionMapper.class); context.register(JacksonJaxbJsonProvider.class, new Class[]{MessageBodyReader.class, MessageBodyWriter.class}); } return true; }
@Inject @SuppressWarnings("unchecked") public Security( final SecurityDao dao, @Context final Configuration configuration, @HeaderParam(AUTHORIZATION) final String authorization, @CookieParam(COOKIE_NAME) final String cookie) { userClass = (Class<SecurityUser>) configuration.getProperty(MinijaxProperties.SECURITY_USER_CLASS); this.dao = dao; this.authorization = authorization; this.cookie = cookie; session = initUser(); user = session != null ? session.getUser() : null; }
@Test public void testAnonymous() { final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, null); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); assertNull(security.getUserPrincipal()); assertNull(security.getAuthenticationScheme()); assertFalse(security.isUserInRole("user")); assertTrue(security.isSecure()); }
@Test(expected = NotAuthorizedException.class) public void testAnonymousRequireLogin() { final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, null); security.requireLogin(); }
@Test(expected = NotAuthorizedException.class) public void testAnonymousValidateSession() { final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, null); security.validateSession("foo"); }
@Test public void testApiKeyNotFound() { final String authorization = AuthUtils.create("xyz", ""); final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, authorization, null); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); }
@Test public void testCookie() { final User user = new User(); user.setRoles("admin"); final UserSession session = new UserSession(); session.setUser(user); final String cookie = session.getId().toString(); final SecurityDao dao = mock(SecurityDao.class); when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session); when(dao.read(eq(User.class), eq(user.getId()))).thenReturn(user); final Configuration config = mock(Configuration.class); when(config.getProperty(eq(MinijaxProperties.SECURITY_USER_CLASS))).thenReturn(User.class); final Security<User> security = new Security<>(dao, config, null, cookie); security.requireLogin(); security.validateSession(session.getId().toString()); assertTrue(security.isLoggedIn()); assertNotNull(security.getUserPrincipal()); assertEquals(user, security.getUserPrincipal()); assertEquals(user, security.getUserPrincipal()); assertEquals(SecurityContext.FORM_AUTH, security.getAuthenticationScheme()); assertTrue(security.isUserInRole("admin")); assertFalse(security.isUserInRole("foo")); }
@Test public void testCookieInvalidUuid() { final String cookie = "not-a-uuid"; final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, cookie); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); }
@Test public void testCookieSessionNotFound() { final String cookie = IdUtils.create().toString(); final SecurityDao dao = mock(SecurityDao.class); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, cookie); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); }
@Test public void testCookieInvalidSession() { final UserSession session = new UserSession(); final String cookie = session.getId().toString(); final SecurityDao dao = mock(SecurityDao.class); when(dao.read(eq(UserSession.class), eq(session.getId()))).thenReturn(session); final Configuration config = mock(Configuration.class); final Security<User> security = new Security<>(dao, config, null, cookie); assertFalse(security.isLoggedIn()); assertNull(security.getUserPrincipal()); }
