Adding test for roles granted to groups.

Pedro Igor · Pedro Igor · commit 6b3100945f8c · 2015-11-30T11:38:15.000-02:00
diff --git a/modules/base/impl/src/test/java/org/picketlink/http/test/SecurityInitializer.java b/modules/base/impl/src/test/java/org/picketlink/http/test/SecurityInitializer.java
@@ -24,6 +24,7 @@
 import org.picketlink.idm.RelationshipManager;
 import org.picketlink.idm.credential.Digest;
 import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.model.IdentityType;
 import org.picketlink.idm.model.Partition;
 import org.picketlink.idm.model.basic.Grant;
 import org.picketlink.idm.model.basic.Group;
@@ -106,6 +107,11 @@ private void configureDefaultPartition() {
 
         // add an user as a member of a group
         addMember(defaultUser, administratorGroup);
+
+        // user must inherit roles from group Administrators, in this case role Administrator
+        Role administratorRole = addRole("Administrator", realm, this.partitionManager);
+
+        grantRole(administratorGroup, administratorRole);
     }
 
     public void addPartition(Partition partition) {
@@ -185,10 +191,10 @@ public Group addGroup(String groupName, Partition partition, PartitionManager pa
         return group;
     }
 
-    public void grantRole(User user, Role role) {
+    public void grantRole(IdentityType assignee, Role role) {
         RelationshipManager relationshipManager = getRelationshipManager();
 
-        relationshipManager.add(new Grant(user, role));
+        relationshipManager.add(new Grant(assignee, role));
     }
 
     /**
diff --git a/modules/base/impl/src/test/java/org/picketlink/http/test/authorization/RoleBasedAuthorizationTestCase.java b/modules/base/impl/src/test/java/org/picketlink/http/test/authorization/RoleBasedAuthorizationTestCase.java
@@ -79,13 +79,25 @@ public void testOnlyManagers() throws Exception {
 
         this.securityFilter.doFilter(this.request, this.response, this.filterChain);
 
-        doAnswer(new Answer() {
-            @Override
-            public Object answer(InvocationOnMock invocation) throws Throwable {
-                assertEquals("/onlyManagerRole", picketLinkRequest.get().getServletPath());
-                return null;
-            }
-        }).when(this.filterChain).doFilter(this.request, this.response);
+        verify(this.filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+    }
+
+    @Test
+    public void testOnlyAdministrator() throws Exception {
+        when(this.request.getServletPath()).thenReturn("/formProtectedUri/" + FormAuthenticationConfiguration.DEFAULT_AUTHENTICATION_URI);
+        when(this.request.getParameter(FormAuthenticationScheme.J_USERNAME)).thenReturn("picketlink");
+        when(this.request.getParameter(FormAuthenticationScheme.J_PASSWORD)).thenReturn("picketlink");
+
+        this.securityFilter.doFilter(this.request, this.response, this.filterChain);
+        verify(this.filterChain, times(0)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
+        verify(this.response).sendRedirect(CONTEXT_PATH);
+
+        when(this.request.getServletPath()).thenReturn("/admin/manage");
+        reset(this.response);
+
+        this.securityFilter.doFilter(this.request, this.response, this.filterChain);
+
+        verify(this.filterChain, times(1)).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
     }
 
     @Test
@@ -120,7 +132,10 @@ public void configureHttpSecurity(@Observes SecurityConfigurationEvent event) {
                 .role("Manager")
                 .forPath("/onlyCustomerRole")
                 .authorizeWith()
-                .role("Customer");
+                .role("Customer")
+                .forPath("/admin/*")
+                .authorizeWith()
+                .role("Administrator");
         }
     }
 }
