SpringBoot/FamilyCashCard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SpringSecurity: testing basic authentication

Browse Source 
- add autentication chain rule
- create test user
- add auth data to test requests
This commit is contained in:
djmil 2023-07-23 15:20:46 +02:00
parent 7963542c9b
commit 30aff2259e
2 changed files with 57 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/djmil/cashcard/SecurityConfig.java
View File

@ -16,6 +16,13 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
.requestMatchers("/cashcards/**")
.authenticated()
.and()
.csrf().disable()
.httpBasic();
return http.build();
}
@ -23,4 +30,15 @@ public class SecurityConfig {
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService testOnlyUsers(PasswordEncoder passwordEncoder) {
User.UserBuilder users = User.builder();
UserDetails sarah = users
.username("sarah1")
.password(passwordEncoder.encode("abc123"))
.roles() // No roles for now
.build();
return new InMemoryUserDetailsManager(sarah);
}
}

48
src/test/java/djmil/cashcard/CashcardApplicationTests.java
View File

@ -31,7 +31,9 @@ class CashcardApplicationTests {
@Test
void shouldReturnACashCardWhenDataIsSaved() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards/99", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards/99", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
@ -46,7 +48,9 @@ class CashcardApplicationTests {
@Test
void shouldNotReturnACashCardWithAnUnknownId() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards/1000", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards/1000", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
assertThat(response.getBody()).isBlank();
@ -56,15 +60,20 @@ class CashcardApplicationTests {
@DirtiesContext
void shouldCreateANewCashCard() {
CashCard newCashCard = new CashCard(null, 250.00, "sarah1");
ResponseEntity<Void> createResponse = restTemplate.postForEntity("/cashcards", newCashCard, Void.class );
ResponseEntity<Void> createResponse = restTemplate
.withBasicAuth("sarah1", "abc123")
.postForEntity("/cashcards", newCashCard, Void.class );
assertThat(createResponse.getStatusCode()).isEqualTo(HttpStatus.CREATED);
// Validate created CashCard
URI locationOfNewCashCard = createResponse.getHeaders().getLocation();
ResponseEntity<String> getResponse = restTemplate.getForEntity(locationOfNewCashCard, String.class);
ResponseEntity<String> getResponse = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity(locationOfNewCashCard, String.class);
assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.OK);
// Validate created CashCard JSON
DocumentContext documentContext = JsonPath.parse(getResponse.getBody());
Number id = documentContext.read("$.id");
Double amount = documentContext.read("$.amount");
@ -75,7 +84,9 @@ class CashcardApplicationTests {
@Test
void shouldReturnAllCashCardsWhenListIsRequested() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
DocumentContext documentContext = JsonPath.parse(response.getBody());
@ -91,7 +102,9 @@ class CashcardApplicationTests {
@Test
void shouldReturnAPageOfCashCards() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards?page=0&size=1", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards?page=0&size=1", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
DocumentContext documentContext = JsonPath.parse(response.getBody());
@ -101,7 +114,9 @@ class CashcardApplicationTests {
@Test
void shouldReturnASortedPageOfCashCards() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards?page=0&size=1&sort=amount,desc", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards?page=0&size=1&sort=amount,desc", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
DocumentContext documentContext = JsonPath.parse(response.getBody());
@ -114,7 +129,9 @@ class CashcardApplicationTests {
@Test
void shouldReturnASortedPageOfCashCardsWithNoParametersAndUseDefaultValues() {
ResponseEntity<String> response = restTemplate.getForEntity("/cashcards", String.class);
ResponseEntity<String> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
DocumentContext documentContext = JsonPath.parse(response.getBody());
@ -124,4 +141,17 @@ class CashcardApplicationTests {
JSONArray amounts = documentContext.read("$..amount");
assertThat(amounts).containsExactly(1.00, 123.45, 150.00);
}
@Test
void shouldNotReturnACashCardWhenUsingBadCredentials() {
ResponseEntity<String> response = restTemplate
.withBasicAuth("BAD-USER", "abc123")
.getForEntity("/cashcards/99", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
response = restTemplate
.withBasicAuth("sarah1", "BAD-PASSWORD")
.getForEntity("/cashcards/99", String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
}