1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.servlet;
25
26 import java.lang.reflect.Field;
27 import java.util.Collections;
28 import java.util.Enumeration;
29
30 import javax.servlet.FilterChain;
31 import javax.servlet.FilterConfig;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34
35 import mockit.Expectations;
36 import mockit.Mocked;
37 import mockit.Tested;
38 import mockit.Verifications;
39
40 import org.junit.jupiter.api.Assertions;
41 import org.junit.jupiter.api.Test;
42
43 import waffle.util.CorsPreFlightCheck;
44
45
46
47
48 class NegotiateSecurityFilterTest {
49
50
51 @Tested
52 private NegotiateSecurityFilter negotiateSecurityFilter;
53
54
55 private final Enumeration<String> initParameterNames = Collections.enumeration(new java.util.ArrayList<String>() {
56
57
58 private static final long serialVersionUID = 1L;
59
60 {
61 this.add("principalFormat");
62 this.add("principalFormat");
63 this.add("roleFormat");
64 this.add("allowGuestLogin");
65 this.add("impersonate");
66 this.add("securityFilterProviders");
67 this.add("excludePatterns");
68 this.add("excludeCorsPreflight");
69 this.add("excludeBearerAuthorization");
70 }
71 });
72
73
74
75
76
77
78
79
80
81
82 @Test
83 void testCorsAndBearerAuthorizationI_init(@Mocked final FilterConfig filterConfig) throws Exception {
84 this.getClass().getClassLoader().getResource("logback.xml");
85
86 new Expectations() {
87 {
88 filterConfig.getInitParameterNames();
89 this.result = NegotiateSecurityFilterTest.this.initParameterNames;
90 filterConfig.getInitParameter("principalFormat");
91 this.result = "fqn";
92 filterConfig.getInitParameter("roleFormat");
93 this.result = "fqn";
94 filterConfig.getInitParameter("allowGuestLogin");
95 this.result = "false";
96 filterConfig.getInitParameter("impersonate");
97 this.result = "true";
98 filterConfig.getInitParameter("securityFilterProviders");
99 this.result = "waffle.servlet.spi.BasicSecurityFilterProvider\nwaffle.servlet.spi.NegotiateSecurityFilterProvider";
100 filterConfig.getInitParameter("excludePatterns");
101 this.result = ".*/peter/.*";
102 filterConfig.getInitParameter("excludeCorsPreflight");
103 this.result = "true";
104 filterConfig.getInitParameter("excludeBearerAuthorization");
105 this.result = "true";
106 }
107 };
108
109 this.negotiateSecurityFilter.init(filterConfig);
110
111 final Field excludeCorsPreflight = this.negotiateSecurityFilter.getClass()
112 .getDeclaredField("excludeCorsPreflight");
113 final Field excludeBearerAuthorization = this.negotiateSecurityFilter.getClass()
114 .getDeclaredField("excludeBearerAuthorization");
115 excludeCorsPreflight.setAccessible(true);
116 excludeBearerAuthorization.setAccessible(true);
117 Assertions.assertTrue(excludeCorsPreflight.getBoolean(this.negotiateSecurityFilter));
118 Assertions.assertTrue(excludeBearerAuthorization.getBoolean(this.negotiateSecurityFilter));
119 Assertions.assertTrue(this.negotiateSecurityFilter.isImpersonate());
120 Assertions.assertFalse(this.negotiateSecurityFilter.isAllowGuestLogin());
121
122 new Verifications() {
123 {
124 filterConfig.getInitParameter(this.withInstanceOf(String.class));
125 this.minTimes = 8;
126 }
127 };
128
129 }
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146 @Test
147 void testExcludeCorsAndOAUTHBearerAuthorization_doFilter(@Mocked final HttpServletRequest request,
148 @Mocked final HttpServletResponse response, @Mocked final FilterChain chain,
149 @Mocked final FilterConfig filterConfig) throws Exception {
150 this.getClass().getClassLoader().getResource("logback.xml");
151
152 new Expectations() {
153 {
154 filterConfig.getInitParameterNames();
155 this.result = NegotiateSecurityFilterTest.this.initParameterNames;
156 filterConfig.getInitParameter("principalFormat");
157 this.result = "fqn";
158 filterConfig.getInitParameter("roleFormat");
159 this.result = "fqn";
160 filterConfig.getInitParameter("allowGuestLogin");
161 this.result = "false";
162 filterConfig.getInitParameter("impersonate");
163 this.result = "false";
164 filterConfig.getInitParameter("securityFilterProviders");
165 this.result = "waffle.servlet.spi.BasicSecurityFilterProvider\nwaffle.servlet.spi.NegotiateSecurityFilterProvider";
166 filterConfig.getInitParameter("excludePatterns");
167 this.result = ".*/peter/.*";
168 filterConfig.getInitParameter("excludeCorsPreflight");
169 this.result = "true";
170 filterConfig.getInitParameter("excludeBearerAuthorization");
171 this.result = "true";
172 CorsPreFlightCheck.isPreflight(request);
173 this.result = true;
174 request.getHeader("Authorization");
175 this.result = "Bearer aBase64hash";
176 }
177 };
178
179 this.negotiateSecurityFilter.init(filterConfig);
180 this.negotiateSecurityFilter.doFilter(request, response, chain);
181
182 new Verifications() {
183 {
184 chain.doFilter(request, response);
185 this.times = 1;
186 }
187 };
188
189 }
190
191 }