Google Git
Sign in
apache / juneau / 1ccf56388610f4668ae1dc0b9873f1ea9f175231 / . / juneau-rest / juneau-rest-server-utest / src / test / java / org / apache / juneau / rest / annotation2 / RoleGuardTest.java
blob: 792ed90458772e8ab8c1193be8420afa6b129bb5 [file] [log] [blame]
// ***************************************************************************************************************************
// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file *
// * distributed with this work for additional information regarding copyright ownership. The ASF licenses this file *
// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance *
// * with the License. You may obtain a copy of the License at *
// * *
// * http://www.apache.org/licenses/LICENSE-2.0 *
// * *
// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an *
// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the *
// * specific language governing permissions and limitations under the License. *
// ***************************************************************************************************************************
package org.apache.juneau.rest.annotation2;
import org.apache.juneau.rest.annotation.*;
import org.apache.juneau.rest.mock2.*;
import org.junit.*;
import org.junit.runners.*;
/**
* Tests the @Rest(roleGuard) and @RestMethod(roleGuard) annotations.
*/
@SuppressWarnings({})
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class RoleGuardTest {
//-----------------------------------------------------------------------------------------------------------------
// Simple guard on class
//-----------------------------------------------------------------------------------------------------------------
@Rest(roleGuard="foo")
public static class A1 {
@RestMethod
public String get() {
return "OK";
}
}
static MockRest a1 = MockRest.build(A1.class, null);
@Test
public void a01a_onClass_simple_pass() throws Exception {
a1.get().roles("foo").execute().assertStatus(200);
a1.get().roles("foo","bar").execute().assertStatus(200);
a1.get().roles("bar","foo").execute().assertStatus(200);
}
@Test
public void a01b_onClass_simple_fail() throws Exception {
a1.get().execute().assertStatus(403);
a1.get().roles("foo2").execute().assertStatus(403);
a1.get().roles("foo2","bar").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// Simple guard on method
//-----------------------------------------------------------------------------------------------------------------
@Rest
public static class A2 {
@RestMethod(roleGuard="foo")
public String get() {
return "OK";
}
}
static MockRest a2 = MockRest.build(A2.class, null);
@Test
public void a02a_onMethod_simple_pass() throws Exception {
a2.get().roles("foo").execute().assertStatus(200);
a2.get().roles("foo","bar").execute().assertStatus(200);
a2.get().roles("bar","foo").execute().assertStatus(200);
}
@Test
public void a02b_onMethod_simple_fail() throws Exception {
a2.get().execute().assertStatus(403);
a2.get().roles("foo2").execute().assertStatus(403);
a2.get().roles("foo2","bar").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// Simple guards on class and method
//-----------------------------------------------------------------------------------------------------------------
@Rest(roleGuard="foo")
public static class A3 {
@RestMethod(roleGuard="bar")
public String get() {
return "OK";
}
}
static MockRest a3 = MockRest.build(A3.class, null);
@Test
public void a03a_onBoth_simple_pass() throws Exception {
a3.get().roles("foo","bar").execute().assertStatus(200);
a3.get().roles("bar","foo").execute().assertStatus(200);
a3.get().roles("bar","foo","baz").execute().assertStatus(200);
}
@Test
public void a03b_onBoth_simple_fail() throws Exception {
a3.get().execute().assertStatus(403);
a3.get().roles("foo").execute().assertStatus(403);
a3.get().roles("bar").execute().assertStatus(403);
a3.get().roles("foo2").execute().assertStatus(403);
a3.get().roles("foo2","bar").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// Simple guards on class and method, inherited
//-----------------------------------------------------------------------------------------------------------------
@Rest(roleGuard="foo")
public static class A4a {
@RestMethod(roleGuard="bar")
public String get() {
return "OK";
}
}
@Rest(roleGuard="baz")
public static class A4b extends A4a {
@Override
@RestMethod(roleGuard="qux")
public String get() {
return "OK";
}
}
static MockRest a4 = MockRest.build(A4b.class, null);
@Test
public void a04a_inheritence_simple_pass() throws Exception {
a4.get().roles("foo","bar","baz","qux").execute().assertStatus(200);
a4.get().roles("foo","bar","baz","qux","quux").execute().assertStatus(200);
}
@Test
public void a04b_inheritence_simple_fail() throws Exception {
a3.get().execute().assertStatus(403);
a3.get().roles("foo").execute().assertStatus(403);
a3.get().roles("bar").execute().assertStatus(403);
a3.get().roles("baz").execute().assertStatus(403);
a3.get().roles("qux").execute().assertStatus(403);
a4.get().roles("foo","bar","baz").execute().assertStatus(403);
a4.get().roles("foo","bar","qux").execute().assertStatus(403);
a4.get().roles("foo","baz","qux").execute().assertStatus(403);
a4.get().roles("bar","baz","qux").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @Rest(roleGuard), multiple guards on class
//-----------------------------------------------------------------------------------------------------------------
@Rest
public static class B1 {
@RestMethod
public String get() {
return "OK";
}
}
@Rest(roleGuard="foo,bar")
public static class B1a extends B1 {}
@Rest(roleGuard="foo | bar")
public static class B1b extends B1 {}
@Rest(roleGuard="foo || bar")
public static class B1c extends B1 {}
@Rest(roleGuard="foo & bar")
public static class B1d extends B1 {}
@Rest(roleGuard="foo && bar")
public static class B1e extends B1 {}
@Rest(roleGuard="(foo) && (bar)")
public static class B1f extends B1 {}
@Rest(roleGuard="foo && (bar || baz)")
public static class B1g extends B1 {}
@Rest(roleGuard="foo || (bar && baz)")
public static class B1h extends B1 {}
static MockRest b1a = MockRest.build(B1a.class, null);
static MockRest b1b = MockRest.build(B1b.class, null);
static MockRest b1c = MockRest.build(B1c.class, null);
static MockRest b1d = MockRest.build(B1d.class, null);
static MockRest b1e = MockRest.build(B1e.class, null);
static MockRest b1f = MockRest.build(B1f.class, null);
static MockRest b1g = MockRest.build(B1g.class, null);
static MockRest b1h = MockRest.build(B1h.class, null);
@Test
public void b01a_orsWithComma_pass() throws Exception {
// @Rest(roleGuard="foo,bar")
b1a.get().roles("foo").execute().assertStatus(200);
b1a.get().roles("bar").execute().assertStatus(200);
b1a.get().roles("foo","bar").execute().assertStatus(200);
b1a.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01b_orsWithComma_fail() throws Exception {
// @Rest(roleGuard="foo,bar")
b1a.get().roles().execute().assertStatus(403);
b1a.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01c_orsWithSinglePipe_pass() throws Exception {
// @Rest(roleGuard="foo | bar")
b1b.get().roles("foo").execute().assertStatus(200);
b1b.get().roles("bar").execute().assertStatus(200);
b1b.get().roles("foo","bar").execute().assertStatus(200);
b1b.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01d_orsWithSinglePipe_fail() throws Exception {
// @Rest(roleGuard="foo | bar")
b1b.get().roles().execute().assertStatus(403);
b1b.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01e_orsWithDoublePipe_pass() throws Exception {
// @Rest(roleGuard="foo || bar")
b1c.get().roles("foo").execute().assertStatus(200);
b1c.get().roles("bar").execute().assertStatus(200);
b1c.get().roles("foo","bar").execute().assertStatus(200);
b1c.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01f_orsWithDoublePipe_fail() throws Exception {
// @Rest(roleGuard="foo || bar")
b1c.get().roles().execute().assertStatus(403);
b1c.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01g_andsWithSingleAmp_pass() throws Exception {
// @Rest(roleGuard="foo & bar")
b1d.get().roles("foo","bar").execute().assertStatus(200);
b1d.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01h_andsWithSingleAmp_fail() throws Exception {
// @Rest(roleGuard="foo & bar")
b1d.get().roles().execute().assertStatus(403);
b1d.get().roles("foo").execute().assertStatus(403);
b1d.get().roles("bar").execute().assertStatus(403);
b1d.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01i_andsWithDoubleAmp_pass() throws Exception {
// @Rest(roleGuard="foo && bar")
b1e.get().roles("foo","bar").execute().assertStatus(200);
b1e.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01j_andsWithDoubleAmp_fail() throws Exception {
// @Rest(roleGuard="foo && bar")
b1e.get().roles().execute().assertStatus(403);
b1e.get().roles("foo").execute().assertStatus(403);
b1e.get().roles("bar").execute().assertStatus(403);
b1e.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01k_andsWithDoubleAmpAndParens_pass() throws Exception {
// @Rest(roleGuard="(foo) && (bar)")
b1f.get().roles("foo","bar").execute().assertStatus(200);
b1f.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01l_andsWithDoubleAmpAndParens_fail() throws Exception {
// @Rest(roleGuard="(foo) && (bar)")
b1f.get().roles().execute().assertStatus(403);
b1f.get().roles("foo").execute().assertStatus(403);
b1f.get().roles("bar").execute().assertStatus(403);
b1f.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01m_complex_pass() throws Exception {
// @Rest(roleGuard="foo && (bar || baz)")
b1g.get().roles("foo","bar").execute().assertStatus(200);
b1g.get().roles("foo","baz").execute().assertStatus(200);
b1g.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01n_complex_fail() throws Exception {
// @Rest(roleGuard="foo && (bar || baz)")
b1g.get().roles().execute().assertStatus(403);
b1g.get().roles("foo").execute().assertStatus(403);
b1g.get().roles("bar","baz").execute().assertStatus(403);
b1g.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b01o_complex_pass() throws Exception {
// @Rest(roleGuard="foo || (bar && baz)")
b1h.get().roles("foo").execute().assertStatus(200);
b1h.get().roles("bar","baz").execute().assertStatus(200);
b1h.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b01p_complex_fail() throws Exception {
// @Rest(roleGuard="foo || (bar && baz)")
b1h.get().roles().execute().assertStatus(403);
b1h.get().roles("bar").execute().assertStatus(403);
b1h.get().roles("baz").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @RestMethod(roleGuard), multiple guards on method
//-----------------------------------------------------------------------------------------------------------------
@Rest
public static class B2a {
@RestMethod(roleGuard="foo,bar")
public String get() {
return "OK";
}
}
@Rest
public static class B2b {
@RestMethod(roleGuard="foo | bar")
public String get() {
return "OK";
}
}
@Rest
public static class B2c {
@RestMethod(roleGuard="foo || bar")
public String get() {
return "OK";
}
}
@Rest
public static class B2d {
@RestMethod(roleGuard="foo & bar")
public String get() {
return "OK";
}
}
@Rest
public static class B2e {
@RestMethod(roleGuard="foo && bar")
public String get() {
return "OK";
}
}
@Rest
public static class B2f {
@RestMethod(roleGuard="(foo) && (bar)")
public String get() {
return "OK";
}
}
@Rest
public static class B2g {
@RestMethod(roleGuard="foo && (bar || baz)")
public String get() {
return "OK";
}
}
@Rest
public static class B2h {
@RestMethod(roleGuard="foo || (bar && baz)")
public String get() {
return "OK";
}
}
static MockRest b2a = MockRest.build(B2a.class, null);
static MockRest b2b = MockRest.build(B2b.class, null);
static MockRest b2c = MockRest.build(B2c.class, null);
static MockRest b2d = MockRest.build(B2d.class, null);
static MockRest b2e = MockRest.build(B2e.class, null);
static MockRest b2f = MockRest.build(B2f.class, null);
static MockRest b2g = MockRest.build(B2g.class, null);
static MockRest b2h = MockRest.build(B2h.class, null);
@Test
public void b02a_orsWithComma_pass() throws Exception {
// @RestMethod(roleGuard="foo,bar")
b2a.get().roles("foo").execute().assertStatus(200);
b2a.get().roles("bar").execute().assertStatus(200);
b2a.get().roles("foo","bar").execute().assertStatus(200);
b2a.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02b_orsWithComma_fail() throws Exception {
// @RestMethod(roleGuard="foo,bar")
b2a.get().roles().execute().assertStatus(403);
b2a.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02c_orsWithSinglePipe_pass() throws Exception {
// @RestMethod(roleGuard="foo | bar")
b2b.get().roles("foo").execute().assertStatus(200);
b2b.get().roles("bar").execute().assertStatus(200);
b2b.get().roles("foo","bar").execute().assertStatus(200);
b2b.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02d_orsWithSinglePipe_fail() throws Exception {
// @RestMethod(roleGuard="foo | bar")
b2b.get().roles().execute().assertStatus(403);
b2b.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02e_orsWithDoublePipe_pass() throws Exception {
// @RestMethod(roleGuard="foo || bar")
b2c.get().roles("foo").execute().assertStatus(200);
b2c.get().roles("bar").execute().assertStatus(200);
b2c.get().roles("foo","bar").execute().assertStatus(200);
b2c.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02f_orsWithDoublePipe_fail() throws Exception {
// @RestMethod(roleGuard="foo || bar")
b2c.get().roles().execute().assertStatus(403);
b2c.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02g_andsWithSingleAmp_pass() throws Exception {
// @RestMethod(roleGuard="foo & bar")
b2d.get().roles("foo","bar").execute().assertStatus(200);
b2d.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02h_andsWithSingleAmp_fail() throws Exception {
// @RestMethod(roleGuard="foo & bar")
b2d.get().roles().execute().assertStatus(403);
b2d.get().roles("foo").execute().assertStatus(403);
b2d.get().roles("bar").execute().assertStatus(403);
b2d.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02i_andsWithDoubleAmp_pass() throws Exception {
// @RestMethod(roleGuard="foo && bar")
b2e.get().roles("foo","bar").execute().assertStatus(200);
b2e.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02j_andsWithDoubleAmp_fail() throws Exception {
// @RestMethod(roleGuard="foo && bar")
b2e.get().roles().execute().assertStatus(403);
b2e.get().roles("foo").execute().assertStatus(403);
b2e.get().roles("bar").execute().assertStatus(403);
b2e.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02k_andsWithDoubleAmpAndParens_pass() throws Exception {
// @RestMethod(roleGuard="(foo) && (bar)")
b2f.get().roles("foo","bar").execute().assertStatus(200);
b2f.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02l_andsWithDoubleAmpAndParens_fail() throws Exception {
// @RestMethod(roleGuard="(foo) && (bar)")
b2f.get().roles().execute().assertStatus(403);
b2f.get().roles("foo").execute().assertStatus(403);
b2f.get().roles("bar").execute().assertStatus(403);
b2f.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02m_complex_pass() throws Exception {
// @RestMethod(roleGuard="foo && (bar || baz)")
b2g.get().roles("foo","bar").execute().assertStatus(200);
b2g.get().roles("foo","baz").execute().assertStatus(200);
b2g.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02n_complex_fail() throws Exception {
// @RestMethod(roleGuard="foo && (bar || baz)")
b2g.get().roles().execute().assertStatus(403);
b2g.get().roles("foo").execute().assertStatus(403);
b2g.get().roles("bar","baz").execute().assertStatus(403);
b2g.get().roles("baz").execute().assertStatus(403);
}
@Test
public void b02o_complex_pass() throws Exception {
// @RestMethod(roleGuard="foo || (bar && baz)")
b2h.get().roles("foo").execute().assertStatus(200);
b2h.get().roles("bar","baz").execute().assertStatus(200);
b2h.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void b02p_complex_fail() throws Exception {
// @RestMethod(roleGuard="foo || (bar && baz)")
b2h.get().roles().execute().assertStatus(403);
b2h.get().roles("bar").execute().assertStatus(403);
b2h.get().roles("baz").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @Rest(roleGuard), pattern guards on class
//-----------------------------------------------------------------------------------------------------------------
@Rest(rolesDeclared="foo,bar,baz")
public static class C1 {
@RestMethod
public String get() {
return "OK";
}
}
@Rest(roleGuard="fo*,*ar")
public static class C1a extends C1 {}
@Rest(roleGuard="fo* | *ar")
public static class C1b extends C1 {}
@Rest(roleGuard="fo* || *ar")
public static class C1c extends C1 {}
@Rest(roleGuard="fo* & *ar")
public static class C1d extends C1 {}
@Rest(roleGuard="fo* && *ar")
public static class C1e extends C1 {}
@Rest(roleGuard="(fo*) && (*ar)")
public static class C1f extends C1 {}
@Rest(roleGuard="fo* && (*ar || *az)")
public static class C1g extends C1 {}
@Rest(roleGuard="fo* || (*ar && *az)")
public static class C1h extends C1 {}
static MockRest c1a = MockRest.build(C1a.class, null);
static MockRest c1b = MockRest.build(C1b.class, null);
static MockRest c1c = MockRest.build(C1c.class, null);
static MockRest c1d = MockRest.build(C1d.class, null);
static MockRest c1e = MockRest.build(C1e.class, null);
static MockRest c1f = MockRest.build(C1f.class, null);
static MockRest c1g = MockRest.build(C1g.class, null);
static MockRest c1h = MockRest.build(C1h.class, null);
@Test
public void c01a_orPatternsWithComma_pass() throws Exception {
// @Rest(roleGuard="fo*,*ar")
c1a.get().roles("foo").execute().assertStatus(200);
c1a.get().roles("bar").execute().assertStatus(200);
c1a.get().roles("foo","bar").execute().assertStatus(200);
c1a.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01b_orPatternsWithComma_fail() throws Exception {
// @Rest(roleGuard="fo*,*ar")
c1a.get().roles().execute().assertStatus(403);
c1a.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01c_orPatternsWithSinglePipe_pass() throws Exception {
// @Rest(roleGuard="fo* | *ar")
c1b.get().roles("foo").execute().assertStatus(200);
c1b.get().roles("bar").execute().assertStatus(200);
c1b.get().roles("foo","bar").execute().assertStatus(200);
c1b.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01d_orPatternsWithSinglePipe_fail() throws Exception {
// @Rest(roleGuard="fo* | *ar")
c1b.get().roles().execute().assertStatus(403);
c1b.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01e_orPatternsWithDoublePipe_pass() throws Exception {
// @Rest(roleGuard="fo* || *ar")
c1c.get().roles("foo").execute().assertStatus(200);
c1c.get().roles("bar").execute().assertStatus(200);
c1c.get().roles("foo","bar").execute().assertStatus(200);
c1c.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01f_orPatternsWithDoublePipe_fail() throws Exception {
// @Rest(roleGuard="fo* || *ar")
c1c.get().roles().execute().assertStatus(403);
c1c.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01g_andPatternsWithSingleAmp_pass() throws Exception {
// @Rest(roleGuard="fo* & *ar")
c1d.get().roles("foo","bar").execute().assertStatus(200);
c1d.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01h_andPatternsWithSingleAmp_fail() throws Exception {
// @Rest(roleGuard="fo* & *ar")
c1d.get().roles().execute().assertStatus(403);
c1d.get().roles("foo").execute().assertStatus(403);
c1d.get().roles("bar").execute().assertStatus(403);
c1d.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01i_andPatternsWithDoubleAmp_pass() throws Exception {
// @Rest(roleGuard="fo* && *ar")
c1e.get().roles("foo","bar").execute().assertStatus(200);
c1e.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01j_andPatternsWithDoubleAmp_fail() throws Exception {
// @Rest(roleGuard="fo* && *ar")
c1e.get().roles().execute().assertStatus(403);
c1e.get().roles("foo").execute().assertStatus(403);
c1e.get().roles("bar").execute().assertStatus(403);
c1e.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01k_andPatternsWithDoubleAmpAndParens_pass() throws Exception {
// @Rest(roleGuard="(fo*) && (*ar)")
c1f.get().roles("foo","bar").execute().assertStatus(200);
c1f.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01l_andPatternsWithDoubleAmpAndParens_fail() throws Exception {
// @Rest(roleGuard="(fo*) && (*ar)")
c1f.get().roles().execute().assertStatus(403);
c1f.get().roles("foo").execute().assertStatus(403);
c1f.get().roles("bar").execute().assertStatus(403);
c1f.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01m_complexPatterns_pass() throws Exception {
// @Rest(roleGuard="fo* && (*ar || *az)")
c1g.get().roles("foo","bar").execute().assertStatus(200);
c1g.get().roles("foo","baz").execute().assertStatus(200);
c1g.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01n_complexPatterns_fail() throws Exception {
// @Rest(roleGuard="fo* && (*ar || *az)")
c1g.get().roles().execute().assertStatus(403);
c1g.get().roles("foo").execute().assertStatus(403);
c1g.get().roles("bar","baz").execute().assertStatus(403);
c1g.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c01o_complexPatterns_pass() throws Exception {
// @Rest(roleGuard="fo* || (*ar && *az)")
c1h.get().roles("foo").execute().assertStatus(200);
c1h.get().roles("bar","baz").execute().assertStatus(200);
c1h.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c01p_complexPatterns_fail() throws Exception {
// @Rest(roleGuard="fo* || (*ar && *az)")
c1h.get().roles().execute().assertStatus(403);
c1h.get().roles("bar").execute().assertStatus(403);
c1h.get().roles("baz").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @RestMethod(roleGuard), pattern guards on method
//-----------------------------------------------------------------------------------------------------------------
@Rest
public static class C2a {
@RestMethod(roleGuard="fo*,*ar",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2b {
@RestMethod(roleGuard="fo* | *ar",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2c {
@RestMethod(roleGuard="fo* || *ar",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2d {
@RestMethod(roleGuard="fo* & *ar",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2e {
@RestMethod(roleGuard="fo* && *ar",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2f {
@RestMethod(roleGuard="(fo*) && (*ar)",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2g {
@RestMethod(roleGuard="fo* && (*ar || *az)",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
@Rest
public static class C2h {
@RestMethod(roleGuard="fo* || (*ar && *az)",rolesDeclared="foo,bar,baz")
public String get() {
return "OK";
}
}
static MockRest c2a = MockRest.build(C2a.class, null);
static MockRest c2b = MockRest.build(C2b.class, null);
static MockRest c2c = MockRest.build(C2c.class, null);
static MockRest c2d = MockRest.build(C2d.class, null);
static MockRest c2e = MockRest.build(C2e.class, null);
static MockRest c2f = MockRest.build(C2f.class, null);
static MockRest c2g = MockRest.build(C2g.class, null);
static MockRest c2h = MockRest.build(C2h.class, null);
@Test
public void c02a_orPatternsWithComma_pass() throws Exception {
// @RestMethod(roleGuard="fo*,*ar")
c2a.get().roles("foo").execute().assertStatus(200);
c2a.get().roles("bar").execute().assertStatus(200);
c2a.get().roles("foo","bar").execute().assertStatus(200);
c2a.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02b_orPatternsWithComma_fail() throws Exception {
// @RestMethod(roleGuard="fo*,*ar")
c2a.get().roles().execute().assertStatus(403);
c2a.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02c_orPatternsWithSinglePipe_pass() throws Exception {
// @RestMethod(roleGuard="fo* | *ar")
c2b.get().roles("foo").execute().assertStatus(200);
c2b.get().roles("bar").execute().assertStatus(200);
c2b.get().roles("foo","bar").execute().assertStatus(200);
c2b.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02d_orPatternsWithSinglePipe_fail() throws Exception {
// @RestMethod(roleGuard="fo* | *ar")
c2b.get().roles().execute().assertStatus(403);
c2b.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02e_orPatternsWithDoublePipe_pass() throws Exception {
// @RestMethod(roleGuard="fo* || *ar")
c2c.get().roles("foo").execute().assertStatus(200);
c2c.get().roles("bar").execute().assertStatus(200);
c2c.get().roles("foo","bar").execute().assertStatus(200);
c2c.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02f_orPatternsWithDoublePipe_fail() throws Exception {
// @RestMethod(roleGuard="foo || bar")
c2c.get().roles().execute().assertStatus(403);
c2c.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02g_andPatternsWithSingleAmp_pass() throws Exception {
// @RestMethod(roleGuard="fo* & *ar")
c2d.get().roles("foo","bar").execute().assertStatus(200);
c2d.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02h_andPatternsWithSingleAmp_fail() throws Exception {
// @RestMethod(roleGuard="fo* & *ar")
c2d.get().roles().execute().assertStatus(403);
c2d.get().roles("foo").execute().assertStatus(403);
c2d.get().roles("bar").execute().assertStatus(403);
c2d.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02i_andPatternsWithDoubleAmp_pass() throws Exception {
// @RestMethod(roleGuard="fo* && *ar")
c2e.get().roles("foo","bar").execute().assertStatus(200);
c2e.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02j_andPatternsWithDoubleAmp_fail() throws Exception {
// @RestMethod(roleGuard="fo* && *ar")
c2e.get().roles().execute().assertStatus(403);
c2e.get().roles("foo").execute().assertStatus(403);
c2e.get().roles("bar").execute().assertStatus(403);
c2e.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02k_andPatternsWithDoubleAmpAndParens_pass() throws Exception {
// @RestMethod(roleGuard="(fo*) && (*ar)")
c2f.get().roles("foo","bar").execute().assertStatus(200);
c2f.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02l_andPatternsWithDoubleAmpAndParens_fail() throws Exception {
// @RestMethod(roleGuard="(fo*) && (*ar)")
c2f.get().roles().execute().assertStatus(403);
c2f.get().roles("foo").execute().assertStatus(403);
c2f.get().roles("bar").execute().assertStatus(403);
c2f.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02m_complexPatterns_pass() throws Exception {
// @RestMethod(roleGuard="fo* && (*ar || *az)")
c2g.get().roles("foo","bar").execute().assertStatus(200);
c2g.get().roles("foo","baz").execute().assertStatus(200);
c2g.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02n_complexPatterns_fail() throws Exception {
// @RestMethod(roleGuard="fo* && (*ar || *az)")
c2g.get().roles().execute().assertStatus(403);
c2g.get().roles("foo").execute().assertStatus(403);
c2g.get().roles("bar","baz").execute().assertStatus(403);
c2g.get().roles("baz").execute().assertStatus(403);
}
@Test
public void c02o_complexPatterns_pass() throws Exception {
// @RestMethod(roleGuard="fo* || (*ar && *az)")
c2h.get().roles("foo").execute().assertStatus(200);
c2h.get().roles("bar","baz").execute().assertStatus(200);
c2h.get().roles("foo","bar","baz").execute().assertStatus(200);
}
@Test
public void c02p_complexPatterns_fail() throws Exception {
// @RestMethod(roleGuard="fo* || (*ar && *az)")
c2h.get().roles().execute().assertStatus(403);
c2h.get().roles("bar").execute().assertStatus(403);
c2h.get().roles("baz").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @RestMethod(roleGuard), pattern guards on method but no roles defined
//-----------------------------------------------------------------------------------------------------------------
@Rest
public static class D {
@RestMethod(roleGuard="fo*,*ar")
public String get() {
return "OK";
}
}
static MockRest d = MockRest.build(D.class, null);
@Test
public void d01_patternsWithoutRoles_fail() throws Exception {
// @RestMethod(roleGuard="fo*,*bar")
d.get().roles().execute().assertStatus(403);
d.get().roles("foo").execute().assertStatus(403);
d.get().roles("bar").execute().assertStatus(403);
d.get().roles("baz").execute().assertStatus(403);
d.get().roles("foo","bar").execute().assertStatus(403);
}
//-----------------------------------------------------------------------------------------------------------------
// @RestMethod(roleGuard), any role.
//-----------------------------------------------------------------------------------------------------------------
@Rest(rolesDeclared="foo,bar,baz")
public static class E {
@RestMethod(roleGuard="*")
public String get() {
return "OK";
}
}
static MockRest e = MockRest.build(E.class, null);
@Test
public void e01_anyRole_pass() throws Exception {
// @RestMethod(roleGuard="*")
e.get().roles("foo").execute().assertStatus(200);
e.get().roles("bar").execute().assertStatus(200);
e.get().roles("baz").execute().assertStatus(200);
e.get().roles("foo","bar").execute().assertStatus(200);
}
@Test
public void e02_anyRole_fail() throws Exception {
// @RestMethod(roleGuard="*")
e.get().roles().execute().assertStatus(403);
}
}