core-server/src/test/java/org/glassfish/jersey/server/SecurityContextTest.java - jersey - Git at Google

 /*
  * Copyright (c) 2012, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
  * http://www.eclipse.org/legal/epl-2.0.
  *
  * This Source Code may also be made available under the following Secondary
  * Licenses when the conditions for such availability set forth in the
  * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
  * version 2 with the GNU Classpath Exception, which is available at
  * https://www.gnu.org/software/classpath/license.html.
  *
  * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
  */

 package org.glassfish.jersey.server;

 import java.io.IOException;
 import java.security.Principal;

 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.SecurityContext;

 import javax.annotation.Priority;

 import org.junit.Test;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;

 /**
  * Test class for testing security context in the Filter and resource.
  *
  * @author Miroslav Fuksa
  */
 public class SecurityContextTest {

     private static final String PRINCIPAL_NAME = "SetByFilter";
     private static final String PRINCIPAL_NAME_SECOND = "SetByFilterSecond";
     private static final String SKIP_FILTER = "skipFilter";
     private static final String PRINCIPAL_IS_NULL = "principalIsNull";

     @Priority(100)
     private static class SecurityContextFilter implements ContainerRequestFilter {
         @Override
         public void filter(ContainerRequestContext rc) throws IOException {
             // test injections
             assertNotNull(rc.getSecurityContext());
             assertTrue(rc.getSecurityContext().getUserPrincipal() == null);

             String header = rc.getHeaders().getFirst(SKIP_FILTER);
             if ("true".equals(header)) {
                 return;
             }

             // set new Security Context
             rc.setSecurityContext(new SecurityContext() {

                 @Override
                 public boolean isUserInRole(String role) {
                     return false;
                 }

                 @Override
                 public boolean isSecure() {
                     return false;
                 }

                 @Override
                 public Principal getUserPrincipal() {
                     return new Principal() {

                         @Override
                         public String getName() {
                             return PRINCIPAL_NAME;
                         }

                         @Override
                         public int hashCode() {
                             return super.hashCode();
                         }

                         @Override
                         public boolean equals(Object obj) {
                             return (obj instanceof Principal)
                                     && PRINCIPAL_NAME.equals(((Principal) obj).getName());
                         }

                         @Override
                         public String toString() {
                             return super.toString();
                         }
                     };
                 }

                 @Override
                 public String getAuthenticationScheme() {
                     return null;
                 }

                 @Override
                 public int hashCode() {
                     return super.hashCode();
                 }

                 @Override
                 public boolean equals(Object that) {
                     return (that != null && that.getClass() == this.getClass());
                 }

                 @Override
                 public String toString() {
                     return super.toString();
                 }


             });
         }
     }


     @Priority(101)
     private static class SecurityContextFilterSecondInChain implements ContainerRequestFilter {
         @Context
         SecurityContext sc;

         @Override
         public void filter(ContainerRequestContext rc) throws IOException {
             assertNotNull(sc);
             assertEquals(sc.getUserPrincipal().getName(), PRINCIPAL_NAME);
             assertEquals(sc, rc.getSecurityContext());

             String header = rc.getHeaders().getFirst(SKIP_FILTER);
             if ("true".equals(header)) {
                 return;
             }

             // set new Security Context
             rc.setSecurityContext(new SecurityContext() {

                 @Override
                 public boolean isUserInRole(String role) {
                     return false;
                 }

                 @Override
                 public boolean isSecure() {
                     return false;
                 }

                 @Override
                 public Principal getUserPrincipal() {
                     return new Principal() {

                         @Override
                         public String getName() {
                             return PRINCIPAL_NAME_SECOND;
                         }

                         @Override
                         public int hashCode() {
                             return super.hashCode();
                         }

                         @Override
                         public boolean equals(Object obj) {
                             return (obj instanceof Principal)
                                     && PRINCIPAL_NAME_SECOND.equals(((Principal) obj).getName());
                         }

                         @Override
                         public String toString() {
                             return super.toString();
                         }
                     };
                 }

                 @Override
                 public String getAuthenticationScheme() {
                     return null;
                 }

                 @Override
                 public int hashCode() {
                     return super.hashCode();
                 }

                 @Override
                 public boolean equals(Object that) {
                     return (that != null && that.getClass() == this.getClass());
                 }

                 @Override
                 public String toString() {
                     return super.toString();
                 }
             });
         }
     }

     /**
      * Tests SecurityContext injection into a resource method.
      *
      * @throws Exception Thrown when request processing fails in the application.
      */
     @Test
     public void testSecurityContextInjection() throws Exception {
         final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class,
                 SecurityContextFilterSecondInChain.class);
         final ApplicationHandler application = new ApplicationHandler(resourceConfig);

         ContainerResponse response = application.apply(RequestContextBuilder.from("/test/2", "GET").build()).get();
         assertEquals(200, response.getStatus());
         assertEquals(PRINCIPAL_NAME_SECOND, response.getEntity());
     }

     /**
      * Tests SecurityContext in filter.
      *
      * @throws Exception Thrown when request processing fails in the application.
      */
     @Test
     public void testSecurityContextInjectionFilter() throws Exception {
         final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class);
         final ApplicationHandler application = new ApplicationHandler(resourceConfig);

         ContainerResponse response = application.apply(RequestContextBuilder.from("/test", "GET").build()).get();
         assertEquals(200, response.getStatus());
         assertEquals(PRINCIPAL_NAME, response.getEntity());
     }

     /**
      * Tests SecurityContext in filter.
      *
      * @throws Exception Thrown when request processing fails in the
      *                   application.
      */
     @Test
     public void testDefaultSecurityContext() throws Exception {
         final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class);
         final ApplicationHandler application = new ApplicationHandler(resourceConfig);

         ContainerResponse response =
                 application.apply(RequestContextBuilder.from("/test", "GET").header(SKIP_FILTER, "true").build()).get();
         assertEquals(200, response.getStatus());
         Object entity = response.getEntity();
         assertTrue(!PRINCIPAL_NAME.equals(entity));
     }

     /**
      * Test resource class.
      */
     @Path("test")
     public static class Resource {

         /**
          * Test resource method.
          *
          * @param cr Container request context.
          * @return String response with principal name.
          */
         @GET
         public String getSomething(@Context ContainerRequestContext cr) {
             assertNotNull(cr.getSecurityContext());
             Principal userPrincipal = cr.getSecurityContext().getUserPrincipal();
             return userPrincipal == null ? PRINCIPAL_IS_NULL : userPrincipal.getName();
         }

         /**
          * Test resource method.
          *
          * @param sc security context.
          * @param cr container request context.
          * @return String response with principal name.
          */
         @GET
         @Path("2")
         public String getSomething2(@Context SecurityContext sc, @Context ContainerRequestContext cr) {
             assertEquals(sc, cr.getSecurityContext());
             Principal userPrincipal = sc.getUserPrincipal();
             return userPrincipal == null ? PRINCIPAL_IS_NULL : userPrincipal.getName();
         }
     }
 }
	/*
	* Copyright (c) 2012, 2018 Oracle and/or its affiliates. All rights reserved.
	*
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Public License v. 2.0, which is available at
	* http://www.eclipse.org/legal/epl-2.0.
	*
	* This Source Code may also be made available under the following Secondary
	* Licenses when the conditions for such availability set forth in the
	* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
	* version 2 with the GNU Classpath Exception, which is available at
	* https://www.gnu.org/software/classpath/license.html.
	*
	* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
	*/

	package org.glassfish.jersey.server;

	import java.io.IOException;
	import java.security.Principal;

	import javax.ws.rs.GET;
	import javax.ws.rs.Path;
	import javax.ws.rs.container.ContainerRequestContext;
	import javax.ws.rs.container.ContainerRequestFilter;
	import javax.ws.rs.core.Context;
	import javax.ws.rs.core.SecurityContext;

	import javax.annotation.Priority;

	import org.junit.Test;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertTrue;

	/**
	* Test class for testing security context in the Filter and resource.
	*
	* @author Miroslav Fuksa
	*/
	public class SecurityContextTest {

	private static final String PRINCIPAL_NAME = "SetByFilter";
	private static final String PRINCIPAL_NAME_SECOND = "SetByFilterSecond";
	private static final String SKIP_FILTER = "skipFilter";
	private static final String PRINCIPAL_IS_NULL = "principalIsNull";

	@Priority(100)
	private static class SecurityContextFilter implements ContainerRequestFilter {
	@Override
	public void filter(ContainerRequestContext rc) throws IOException {
	// test injections
	assertNotNull(rc.getSecurityContext());
	assertTrue(rc.getSecurityContext().getUserPrincipal() == null);

	String header = rc.getHeaders().getFirst(SKIP_FILTER);
	if ("true".equals(header)) {
	return;
	}

	// set new Security Context
	rc.setSecurityContext(new SecurityContext() {

	@Override
	public boolean isUserInRole(String role) {
	return false;
	}

	@Override
	public boolean isSecure() {
	return false;
	}

	@Override
	public Principal getUserPrincipal() {
	return new Principal() {

	@Override
	public String getName() {
	return PRINCIPAL_NAME;
	}

	@Override
	public int hashCode() {
	return super.hashCode();
	}

	@Override
	public boolean equals(Object obj) {
	return (obj instanceof Principal)
	&& PRINCIPAL_NAME.equals(((Principal) obj).getName());
	}

	@Override
	public String toString() {
	return super.toString();
	}
	};
	}

	@Override
	public String getAuthenticationScheme() {
	return null;
	}

	@Override
	public int hashCode() {
	return super.hashCode();
	}

	@Override
	public boolean equals(Object that) {
	return (that != null && that.getClass() == this.getClass());
	}

	@Override
	public String toString() {
	return super.toString();
	}


	});
	}
	}


	@Priority(101)
	private static class SecurityContextFilterSecondInChain implements ContainerRequestFilter {
	@Context
	SecurityContext sc;

	@Override
	public void filter(ContainerRequestContext rc) throws IOException {
	assertNotNull(sc);
	assertEquals(sc.getUserPrincipal().getName(), PRINCIPAL_NAME);
	assertEquals(sc, rc.getSecurityContext());

	String header = rc.getHeaders().getFirst(SKIP_FILTER);
	if ("true".equals(header)) {
	return;
	}

	// set new Security Context
	rc.setSecurityContext(new SecurityContext() {

	@Override
	public boolean isUserInRole(String role) {
	return false;
	}

	@Override
	public boolean isSecure() {
	return false;
	}

	@Override
	public Principal getUserPrincipal() {
	return new Principal() {

	@Override
	public String getName() {
	return PRINCIPAL_NAME_SECOND;
	}

	@Override
	public int hashCode() {
	return super.hashCode();
	}

	@Override
	public boolean equals(Object obj) {
	return (obj instanceof Principal)
	&& PRINCIPAL_NAME_SECOND.equals(((Principal) obj).getName());
	}

	@Override
	public String toString() {
	return super.toString();
	}
	};
	}

	@Override
	public String getAuthenticationScheme() {
	return null;
	}

	@Override
	public int hashCode() {
	return super.hashCode();
	}

	@Override
	public boolean equals(Object that) {
	return (that != null && that.getClass() == this.getClass());
	}

	@Override
	public String toString() {
	return super.toString();
	}
	});
	}
	}

	/**
	* Tests SecurityContext injection into a resource method.
	*
	* @throws Exception Thrown when request processing fails in the application.
	*/
	@Test
	public void testSecurityContextInjection() throws Exception {
	final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class,
	SecurityContextFilterSecondInChain.class);
	final ApplicationHandler application = new ApplicationHandler(resourceConfig);

	ContainerResponse response = application.apply(RequestContextBuilder.from("/test/2", "GET").build()).get();
	assertEquals(200, response.getStatus());
	assertEquals(PRINCIPAL_NAME_SECOND, response.getEntity());
	}

	/**
	* Tests SecurityContext in filter.
	*
	* @throws Exception Thrown when request processing fails in the application.
	*/
	@Test
	public void testSecurityContextInjectionFilter() throws Exception {
	final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class);
	final ApplicationHandler application = new ApplicationHandler(resourceConfig);

	ContainerResponse response = application.apply(RequestContextBuilder.from("/test", "GET").build()).get();
	assertEquals(200, response.getStatus());
	assertEquals(PRINCIPAL_NAME, response.getEntity());
	}

	/**
	* Tests SecurityContext in filter.
	*
	* @throws Exception Thrown when request processing fails in the
	* application.
	*/
	@Test
	public void testDefaultSecurityContext() throws Exception {
	final ResourceConfig resourceConfig = new ResourceConfig(Resource.class, SecurityContextFilter.class);
	final ApplicationHandler application = new ApplicationHandler(resourceConfig);

	ContainerResponse response =
	application.apply(RequestContextBuilder.from("/test", "GET").header(SKIP_FILTER, "true").build()).get();
	assertEquals(200, response.getStatus());
	Object entity = response.getEntity();
	assertTrue(!PRINCIPAL_NAME.equals(entity));
	}

	/**
	* Test resource class.
	*/
	@Path("test")
	public static class Resource {

	/**
	* Test resource method.
	*
	* @param cr Container request context.
	* @return String response with principal name.
	*/
	@GET
	public String getSomething(@Context ContainerRequestContext cr) {
	assertNotNull(cr.getSecurityContext());
	Principal userPrincipal = cr.getSecurityContext().getUserPrincipal();
	return userPrincipal == null ? PRINCIPAL_IS_NULL : userPrincipal.getName();
	}

	/**
	* Test resource method.
	*
	* @param sc security context.
	* @param cr container request context.
	* @return String response with principal name.
	*/
	@GET
	@Path("2")
	public String getSomething2(@Context SecurityContext sc, @Context ContainerRequestContext cr) {
	assertEquals(sc, cr.getSecurityContext());
	Principal userPrincipal = sc.getUserPrincipal();
	return userPrincipal == null ? PRINCIPAL_IS_NULL : userPrincipal.getName();
	}
	}
	}