<%# Copyright 2013-2021 the original author or authors from the JHipster project. This file is part of the JHipster project, see https://www.jhipster.tech/ for more information. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -%> package <%= packageName %>.security; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; <%_ if (reactive) { _%> import org.springframework.security.core.context.ReactiveSecurityContextHolder; import reactor.util.context.Context; <%_ } else { _%> import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; <%_ if (authenticationTypeOauth2) { _%> import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser; <%_ } _%> <%_ } _%> <%_ if (authenticationTypeOauth2) { _%> import java.time.Instant; import java.util.*; <%_ } else { _%> import java.util.ArrayList; import java.util.Collection; <%_ if (!reactive) { _%> import java.util.Optional; <%_ } _%> <%_ } _%> import static org.assertj.core.api.Assertions.assertThat; <%_ if (authenticationTypeOauth2) { _%> import static org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames.ID_TOKEN; <%_ } _%> /** * Test class for the {@link SecurityUtils} utility class. */ class SecurityUtilsUnitTest { <%_ if (!reactive) { _%> @BeforeEach @AfterEach void cleanup() { SecurityContextHolder.clearContext(); } @Test void testGetCurrentUserLogin() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "admin")); SecurityContextHolder.setContext(securityContext); Optional login = SecurityUtils.getCurrentUserLogin(); assertThat(login).contains("admin"); } <%_ if (authenticationTypeOauth2) { _%> @Test void testGetCurrentUserLoginForOAuth2() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); Map claims = new HashMap<>(); claims.put("groups", AuthoritiesConstants.USER); claims.put("sub", 123); claims.put("preferred_username", "admin"); OidcIdToken idToken = new OidcIdToken(ID_TOKEN, Instant.now(), Instant.now().plusSeconds(60), claims); Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); OidcUser user = new DefaultOidcUser(authorities, idToken); OAuth2AuthenticationToken auth2AuthenticationToken = new OAuth2AuthenticationToken(user, authorities, "oidc"); securityContext.setAuthentication(auth2AuthenticationToken); SecurityContextHolder.setContext(securityContext); Optional login = SecurityUtils.getCurrentUserLogin(); assertThat(login).contains("admin"); } @Test void testExtractAuthorityFromClaims() { Map claims = new HashMap<>(); claims.put("groups", Arrays.asList(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)); List expectedAuthorities = Arrays.asList(new SimpleGrantedAuthority(AuthoritiesConstants.ADMIN), new SimpleGrantedAuthority(AuthoritiesConstants.USER)); List authorities = SecurityUtils.extractAuthorityFromClaims(claims); assertThat(authorities).isNotNull().isNotEmpty().hasSize(2) .containsAll(expectedAuthorities); } @Test void testExtractAuthorityFromClaims_NamespacedRoles() { Map claims = new HashMap<>(); claims.put(SecurityUtils.CLAIMS_NAMESPACE + "roles", Arrays.asList(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)); List expectedAuthorities = Arrays.asList(new SimpleGrantedAuthority(AuthoritiesConstants.ADMIN), new SimpleGrantedAuthority(AuthoritiesConstants.USER)); List authorities = SecurityUtils.extractAuthorityFromClaims(claims); assertThat(authorities).isNotNull().isNotEmpty().hasSize(2) .containsAll(expectedAuthorities); } <%_ } _%> <%_ if (authenticationTypeJwt) { _%> @Test void testGetCurrentUserJWT() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "token")); SecurityContextHolder.setContext(securityContext); Optional jwt = SecurityUtils.getCurrentUserJWT(); assertThat(jwt).contains("token"); } <%_ } _%> @Test void testIsAuthenticated() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "admin")); SecurityContextHolder.setContext(securityContext); boolean isAuthenticated = SecurityUtils.isAuthenticated(); assertThat(isAuthenticated).isTrue(); } @Test void testAnonymousIsNotAuthenticated() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.ANONYMOUS)); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("anonymous", "anonymous", authorities)); SecurityContextHolder.setContext(securityContext); boolean isAuthenticated = SecurityUtils.isAuthenticated(); assertThat(isAuthenticated).isFalse(); } @Test void testHasCurrentUserThisAuthority() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("user", "user", authorities)); SecurityContextHolder.setContext(securityContext); assertThat(SecurityUtils.hasCurrentUserThisAuthority(AuthoritiesConstants.USER)).isTrue(); assertThat(SecurityUtils.hasCurrentUserThisAuthority(AuthoritiesConstants.ADMIN)).isFalse(); } @Test void testHasCurrentUserAnyOfAuthorities() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("user", "user", authorities)); SecurityContextHolder.setContext(securityContext); assertThat(SecurityUtils.hasCurrentUserAnyOfAuthorities(AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)).isTrue(); assertThat(SecurityUtils.hasCurrentUserAnyOfAuthorities(AuthoritiesConstants.ANONYMOUS, AuthoritiesConstants.ADMIN)).isFalse(); } @Test void testHasCurrentUserNoneOfAuthorities() { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("user", "user", authorities)); SecurityContextHolder.setContext(securityContext); assertThat(SecurityUtils.hasCurrentUserNoneOfAuthorities(AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN)).isFalse(); assertThat(SecurityUtils.hasCurrentUserNoneOfAuthorities(AuthoritiesConstants.ANONYMOUS, AuthoritiesConstants.ADMIN)).isTrue(); } <%_ } _%> <%_ if (reactive) { _%> @Test void testgetCurrentUserLogin() { String login = SecurityUtils.getCurrentUserLogin() .subscriberContext( ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin") ) ) .block(); assertThat(login).isEqualTo("admin"); } <%_ if (authenticationTypeJwt) { _%> @Test void testgetCurrentUserJWT() { String jwt = SecurityUtils.getCurrentUserJWT() .subscriberContext( ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "token") ) ) .block(); assertThat(jwt).isEqualTo("token"); } <%_ } _%> @Test void testIsAuthenticated() { Boolean isAuthenticated = SecurityUtils.isAuthenticated() .subscriberContext( ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin") ) ) .block(); assertThat(isAuthenticated).isTrue(); } @Test void testAnonymousIsNotAuthenticated() { Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.ANONYMOUS)); Boolean isAuthenticated = SecurityUtils.isAuthenticated() .subscriberContext( ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin", authorities) ) ) .block(); assertThat(isAuthenticated).isFalse(); } @Test void testHasCurrentUserAnyOfAuthorities() { Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); Context context = ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin", authorities) ); Boolean hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserAnyOfAuthorities(AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isTrue(); hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserAnyOfAuthorities(AuthoritiesConstants.ANONYMOUS, AuthoritiesConstants.ADMIN) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isFalse(); } @Test void testHasCurrentUserNoneOfAuthorities() { Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); Context context = ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin", authorities) ); Boolean hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserNoneOfAuthorities(AuthoritiesConstants.USER, AuthoritiesConstants.ADMIN) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isFalse(); hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserNoneOfAuthorities(AuthoritiesConstants.ANONYMOUS, AuthoritiesConstants.ADMIN) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isTrue(); } @Test void testHasCurrentUserThisAuthority() { Collection authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(AuthoritiesConstants.USER)); Context context = ReactiveSecurityContextHolder.withAuthentication( new UsernamePasswordAuthenticationToken("admin", "admin", authorities) ); Boolean hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserThisAuthority(AuthoritiesConstants.USER) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isTrue(); hasCurrentUserThisAuthority = SecurityUtils.hasCurrentUserThisAuthority(AuthoritiesConstants.ADMIN) .subscriberContext(context) .block(); assertThat(hasCurrentUserThisAuthority).isFalse(); } <%_ } _%> }