How to test a rest endpoint that's protected with @RequiresRoles?

[stianlagstad <st...@gmail.com>]

I hope this is ok to post here. I have an endpoint that's protected with
@RequiresRoles and I would like to write a couple of tests to make sure it
works: One where a user without the roles tries to access it and it fails,
and one where a user with the role tries to access it and it succeeds. So
far I haven't been able to set up these tests. I've seen
https://shiro.apache.org/testing.html, but are there any other examples I
can look at? I've managed to write a test for an internal method that's
protected with @RequiresRoles, but not an external endpoint (i.e. a method
annotated with both @GET and @RequiresRoles). For example:

```java
  @GET
  @ApiOperation(value = "helloworld",
      notes = "Simple hello world.",
      response = String.class)
  @RequiresRoles(READ)
  public Response helloWorld() {
    String hello = "Hello world!";
    return Response.status(Response.Status.OK).entity(hello).build();
  }

  @GET
  @Path("/{param}")
  @ApiOperation(value = "helloReply",
      notes = "Returns Hello you! and {param}",
      response = String.class)
  @RequiresRoles(WRITE)
  public Response getMsg(@PathParam("param") String msg) {
    String output = "Hello you! " + msg;
    return Response.status(Response.Status.OK).entity(output).build();
  }
```

If I start my application I can send requests to these endpoints and confirm
that they work as I intend. But how could/should I write tests for these?



--
Sent from: http://shiro-user.582556.n2.nabble.com/