@Test public void configureWhenConfigIsRequestMatchersJavadocThenAuthorizationApplied() throws Exception { this.spring.register(RequestMatcherRegistryConfigs.class).autowire(); this.mockMvc.perform(get("/oauth/a")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/oauth/b")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/api/a")).andExpect(status().isUnauthorized()); this.mockMvc.perform(get("/api/b")).andExpect(status().isUnauthorized()); }
@Test public void getWhenDefaultsThenLoginChallengeCreatesSession() throws Exception { this.spring.register(DefaultConfig.class, BasicController.class).autowire(); MvcResult result = this.mvc.perform(get("/")) .andExpect(status().isUnauthorized()) .andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); }
@Test public void requestWhenRealmNameConfiguredThenUsesOnUnauthenticated() throws Exception { this.spring.register(RealmNameConfiguredOnEntryPoint.class, JwtDecoderConfig.class).autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); when(decoder.decode(anyString())).thenThrow(JwtException.class); this.mvc.perform(get("/authenticated") .with(bearerToken("invalid_token"))) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer realm=\"myRealm\""))); }
@Test public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints() throws Exception { this.spring.configLocations(xml("AnonymousDisabled")).autowire(); this.mvc.perform(get("/protected")) .andExpect(status().isUnauthorized()); this.mvc.perform(get("/unprotected")) .andExpect(status().isUnauthorized()); assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull(); }
@Test public void interceptUrlWhenRequestMatcherRefThenWorks() throws Exception { loadConfig("interceptUrlWhenRequestMatcherRefThenWorks.xml"); mockMvc.perform(get("/foo")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/FOO")) .andExpect(status().isUnauthorized()); mockMvc.perform(get("/other")) .andExpect(status().isOk()); }
@Test public void getWhenDeclaringHttpBasicBeforeFormLoginThenRespondsWith401() throws Exception { this.spring.register(BasicAuthenticationEntryPointBeforeFormLoginConfig.class).autowire(); this.mvc.perform(get("/") .header(HttpHeaders.ACCEPT, "bogus/type")) .andExpect(status().isUnauthorized()); }
@Test public void getWhenAcceptHeaderIsApplicationOctetStreamThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/") .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_OCTET_STREAM)) .andExpect(status().isUnauthorized()); }
@Test public void getWhenAcceptHeaderIsMultipartFormDataThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/") .header(HttpHeaders.ACCEPT, MediaType.MULTIPART_FORM_DATA)) .andExpect(status().isUnauthorized()); }
@Test public void getWhenAcceptHeaderIsApplicationAtomXmlThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/") .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_ATOM_XML)) .andExpect(status().isUnauthorized()); }
@Test public void getWhenAcceptHeaderIsApplicationFormUrlEncodedThenRespondsWith401() throws Exception { this.spring.register(HttpBasicAndFormLoginEntryPointsConfig.class).autowire(); this.mvc.perform(get("/") .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_FORM_URLENCODED)) .andExpect(status().isUnauthorized()); }
@Test // http@realm public void configureWhenHttpBasicAndRequestUnauthorizedThenReturnWWWAuthenticateWithRealm() throws Exception { this.spring.register(RealmConfig.class).autowire(); this.mockMvc.perform(get("/")) .andExpect(status().isUnauthorized()) .andExpect(header().string("WWW-Authenticate", "Basic realm=\"RealmConfig\"")); }
@Test public void getWhenUsingDefaultsWithMalformedBearerTokenThenInvalidToken() throws Exception { this.spring.register(JwkSetUriConfig.class).autowire(); this.mvc.perform(get("/").with(bearerToken("an\"invalid\"token"))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Bearer token is malformed")); }
/** * http@realm equivalent */ @Test public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire(); this.mvc.perform(get("/") .with(httpBasic("user", "invalid"))) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); }
@Test public void getWhenUsingDefaultsWithBadJwkEndpointThenInvalidToken() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations("malformed"); String token = this.token("ValidNoScopes"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed Jwk set")); }
@Test public void getWhenUsingDefaultsWithUnavailableJwkEndpointThenInvalidToken() throws Exception { this.spring.register(WebServerConfig.class, JwkSetUriConfig.class).autowire(); this.web.shutdown(); String token = this.token("ValidNoScopes"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); }
@Test public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly() throws Exception { this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire(); this.mvc.perform(get("/ProTectEd")) .andExpect(status().isUnauthorized()); this.mvc.perform(get("/UnProTectEd")) .andExpect(status().isNotFound()); }
@Test public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly() throws Exception { this.spring.configLocations(xml("RegexSecurityPattern")).autowire(); this.mvc.perform(get("/protected")) .andExpect(status().isUnauthorized()); this.mvc.perform(get("/unprotected")) .andExpect(status().isNotFound()); }
@Test public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); }
@Test public void getWhenUsingDefaultsWithMalformedPayloadThenInvalidToken() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("MalformedPayload"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt: Malformed payload")); }
@Test public void requestWhenClockSkewSetButJwtStillTooLateThenReportsExpired() throws Exception { this.spring.register(RestOperationsConfig.class, ExpiredJwtClockSkewConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ExpiresAt4687177990"); this.mvc.perform(get("/") .with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("Jwt expired at")); }