You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bm...@apache.org on 2021/01/25 20:19:15 UTC
[shiro] 01/02: [SHIRO-811] fix toggling test through Mockito
conversion.
This is an automated email from the ASF dual-hosted git repository.
bmarwell pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git
commit 1b0ff3e4434a33406e7198485e9b4009e966a5e7
Author: Benjamin Marwell <bm...@apache.org>
AuthorDate: Fri Jan 22 07:15:01 2021 +0100
[SHIRO-811] fix toggling test through Mockito conversion.
---
.../SubjectAwareExecutorServiceTest.java | 31 ++--
.../shiro/concurrent/SubjectAwareExecutorTest.java | 25 ++-
.../authc/BasicHttpAuthenticationFilter.java | 4 +-
.../authc/BasicHttpFilterAuthenticationTest.java | 199 +++++++++------------
.../web/filter/authz/AuthorizationFilterTest.java | 34 ++--
5 files changed, 137 insertions(+), 156 deletions(-)
diff --git a/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorServiceTest.java b/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorServiceTest.java
index 7d6a025..91dd4a2 100644
--- a/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorServiceTest.java
+++ b/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorServiceTest.java
@@ -21,10 +21,17 @@ package org.apache.shiro.concurrent;
import org.apache.shiro.subject.support.SubjectRunnable;
import org.apache.shiro.test.SecurityManagerTestSupport;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
-import java.util.concurrent.*;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
-import static org.easymock.EasyMock.*;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
/**
* Test cases for the {@link SubjectAwareExecutorService} implementation.
@@ -34,40 +41,42 @@ public class SubjectAwareExecutorServiceTest extends SecurityManagerTestSupport
@SuppressWarnings({"unchecked"})
@Test
public void testSubmitRunnable() {
- ExecutorService mockExecutorService = createNiceMock(ExecutorService.class);
- expect(mockExecutorService.submit(isA(SubjectRunnable.class))).andReturn(new DummyFuture());
- replay(mockExecutorService);
+ ExecutorService mockExecutorService = mock(ExecutorService.class);
+ ArgumentCaptor<SubjectRunnable> captor = ArgumentCaptor.forClass(SubjectRunnable.class);
+ when(mockExecutorService.submit(captor.capture())).thenReturn(new DummyFuture<>());
final SubjectAwareExecutorService executor = new SubjectAwareExecutorService(mockExecutorService);
- Runnable testRunnable = new Runnable() {
- public void run() {
- System.out.println("Hello World");
- }
- };
+ Runnable testRunnable = () -> System.out.println("Hello World");
executor.submit(testRunnable);
- verify(mockExecutorService);
+ SubjectRunnable subjectRunnable = captor.getValue();
+ assertNotNull(subjectRunnable);
}
private class DummyFuture<V> implements Future<V> {
+ @Override
public boolean cancel(boolean b) {
return false;
}
+ @Override
public boolean isCancelled() {
return false;
}
+ @Override
public boolean isDone() {
return true;
}
+ @Override
public V get() throws InterruptedException, ExecutionException {
return null;
}
+ @Override
public V get(long l, TimeUnit timeUnit) throws InterruptedException, ExecutionException, TimeoutException {
return null;
}
diff --git a/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorTest.java b/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorTest.java
index 29d0148..f872c7a 100644
--- a/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorTest.java
+++ b/core/src/test/java/org/apache/shiro/concurrent/SubjectAwareExecutorTest.java
@@ -21,10 +21,13 @@ package org.apache.shiro.concurrent;
import org.apache.shiro.subject.support.SubjectRunnable;
import org.apache.shiro.test.SecurityManagerTestSupport;
import org.junit.Test;
+import org.mockito.ArgumentCaptor;
import java.util.concurrent.Executor;
-import static org.easymock.EasyMock.*;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
/**
* Test cases for the {@link SubjectAwareExecutor} implementation.
@@ -35,21 +38,17 @@ public class SubjectAwareExecutorTest extends SecurityManagerTestSupport {
@Test
public void testExecute() {
- Executor targetMockExecutor = createNiceMock(Executor.class);
- //* ensure the target Executor receives a SubjectRunnable instance that retains the subject identity:
- //(this is what verifies the test is valid):
- targetMockExecutor.execute(isA(SubjectRunnable.class));
- replay(targetMockExecutor);
-
+ Executor targetMockExecutor = mock(Executor.class);
final SubjectAwareExecutor executor = new SubjectAwareExecutor(targetMockExecutor);
- Runnable work = new Runnable() {
- public void run() {
- System.out.println("Hello World");
- }
- };
+ Runnable work = () -> System.out.println("Hello World");
executor.execute(work);
- verify(targetMockExecutor);
+ //* ensure the target Executor receives a SubjectRunnable instance that retains the subject identity:
+ //(this is what verifies the test is valid):
+ ArgumentCaptor<SubjectRunnable> subjectRunnableArgumentCaptor = ArgumentCaptor.forClass(SubjectRunnable.class);
+ verify(targetMockExecutor).execute(subjectRunnableArgumentCaptor.capture());
+ SubjectRunnable subjectRunnable = subjectRunnableArgumentCaptor.getValue();
+ assertNotNull(subjectRunnable);
}
}
diff --git a/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java b/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
index 015e692..6b0c08c 100644
--- a/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
+++ b/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
@@ -82,9 +82,10 @@ public class BasicHttpAuthenticationFilter extends HttpAuthenticationFilter {
* </ol>
*
* @param request incoming ServletRequest
- * @param response outgoing ServletResponse
+ * @param response outgoing ServletResponse (never used)
* @return the AuthenticationToken used to execute the login attempt
*/
+ @Override
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
String authorizationHeader = getAuthzHeader(request);
if (authorizationHeader == null || authorizationHeader.length() == 0) {
@@ -125,6 +126,7 @@ public class BasicHttpAuthenticationFilter extends HttpAuthenticationFilter {
* @param encoded the Base64-encoded username:password value found after the scheme in the header
* @return the username (index 0)/password (index 1) pair obtained from the encoded header data.
*/
+ @Override
protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
String decoded = Base64.decodeToString(encoded);
return decoded.split(":", 2);
diff --git a/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java b/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
index ef7fa26..e552deb 100644
--- a/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
+++ b/web/src/test/java/org/apache/shiro/web/filter/authc/BasicHttpFilterAuthenticationTest.java
@@ -18,17 +18,6 @@
*/
package org.apache.shiro.web.filter.authc;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.lang.codec.Base64;
@@ -36,6 +25,17 @@ import org.apache.shiro.test.SecurityManagerTestSupport;
import org.junit.Before;
import org.junit.Test;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
/**
* Test case for {@link BasicHttpAuthenticationFilter}.
@@ -52,56 +52,49 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
@Test
public void createTokenNoAuthorizationHeader() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(null);
- expect(request.getRemoteHost()).andReturn("localhost");
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> null);
+ when(request.getRemoteHost()).then(args -> "localhost");
- HttpServletResponse response = createMock(HttpServletResponse.class);
-
- replay(request);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
AuthenticationToken token = testFilter.createToken(request, response);
assertNotNull(token);
assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
assertEquals("", token.getPrincipal());
- verify(request);
- verify(response);
+ verify(request).getHeader("Authorization");
+ verify(request).getRemoteHost();
}
@Test
public void createTokenNoUsername() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("", ""));
- expect(request.getRemoteHost()).andReturn("localhost");
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
- HttpServletResponse response = createMock(HttpServletResponse.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
- replay(request);
- replay(response);
AuthenticationToken token = testFilter.createToken(request, response);
assertNotNull(token);
assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
assertEquals("", token.getPrincipal());
-
- verify(request);
- verify(response);
+
+ verify(request).getHeader("Authorization");
+ verify(request).getRemoteHost();
}
@Test
public void createTokenNoPassword() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", ""));
- expect(request.getRemoteHost()).andReturn("localhost");
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
- HttpServletResponse response = createMock(HttpServletResponse.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
- replay(request);
- replay(response);
AuthenticationToken token = testFilter.createToken(request, response);
assertNotNull(token);
@@ -110,22 +103,20 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
assertEquals("pedro", upToken.getUsername());
assertEquals("Password is not empty.", 0, upToken.getPassword().length);
-
- verify(request);
- verify(response);
+
+ verify(request).getHeader("Authorization");
+ verify(request).getRemoteHost();
}
@Test
public void createTokenColonInPassword() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "pass:word"));
- expect(request.getRemoteHost()).andReturn("localhost");
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", "pass:word"));
+ when(request.getRemoteHost()).then(args -> "localhost");
- HttpServletResponse response = createMock(HttpServletResponse.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
- replay(request);
- replay(response);
AuthenticationToken token = testFilter.createToken(request, response);
assertNotNull(token);
@@ -135,20 +126,18 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
assertEquals("pedro", upToken.getUsername());
assertEquals("pass:word", new String(upToken.getPassword()));
- verify(request);
- verify(response);
+ verify(request).getHeader("Authorization");
+ verify(request).getRemoteHost();
}
@Test
public void httpMethodDoesNotRequireAuthentication() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getMethod()).andReturn("GET");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getMethod()).then(args -> "GET");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, new String[] { "POST", "PUT", "DELETE" });
assertTrue("Access not allowed for GET", accessAllowed);
@@ -158,80 +147,72 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
public void httpMethodRequiresAuthentication() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", ""));
- expect(request.getRemoteHost()).andReturn("localhost");
- expect(request.getMethod()).andReturn("POST");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "POST");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, new String[] { "POST", "PUT", "DELETE" });
- assertTrue("Access allowed for POST", !accessAllowed);
+ assertFalse("Access allowed for POST", accessAllowed);
}
@Test
public void httpMethodsAreCaseInsensitive() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getMethod()).andReturn("GET");
- expect(request.getMethod()).andReturn("post");
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "")).anyTimes();
- expect(request.getRemoteHost()).andReturn("localhost").anyTimes();
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getMethod()).then(args -> "GET");
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, new String[] { "POST", "put", "delete" });
assertTrue("Access not allowed for GET", accessAllowed);
-
+
+ when(request.getMethod()).then(args -> "post");
accessAllowed = testFilter.isAccessAllowed(request, response, new String[] { "post", "put", "delete" });
- assertTrue("Access allowed for POST", !accessAllowed);
+ assertFalse("Access allowed for POST", accessAllowed);
}
@Test
public void allHttpMethodsRequireAuthenticationIfNoneConfigured() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "")).anyTimes();
- expect(request.getRemoteHost()).andReturn("localhost").anyTimes();
- expect(request.getMethod()).andReturn("GET");
- expect(request.getMethod()).andReturn("POST");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "GET");
+ when(request.getMethod()).then(args -> "POST");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, new String[0]);
- assertTrue("Access allowed for GET", !accessAllowed);
+ assertFalse("Access allowed for GET", accessAllowed);
accessAllowed = testFilter.isAccessAllowed(request, response, new String[0]);
- assertTrue("Access allowed for POST", !accessAllowed);
+ assertFalse("Access allowed for POST", accessAllowed);
}
@Test
public void allHttpMethodsRequireAuthenticationIfNullConfig() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "")).anyTimes();
- expect(request.getRemoteHost()).andReturn("localhost").anyTimes();
- expect(request.getMethod()).andReturn("GET");
- expect(request.getMethod()).andReturn("POST");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "GET");
+ when(request.getMethod()).then(args -> "POST");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, null);
- assertTrue("Access allowed for GET", !accessAllowed);
+ assertFalse("Access allowed for GET", accessAllowed);
accessAllowed = testFilter.isAccessAllowed(request, response, null);
- assertTrue("Access allowed for POST", !accessAllowed);
+ assertFalse("Access allowed for POST", accessAllowed);
}
/**
@@ -241,18 +222,16 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
public void permissiveEnabledWithLoginTest() {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", "")).anyTimes();
- expect(request.getRemoteHost()).andReturn("localhost").anyTimes();
- expect(request.getMethod()).andReturn("GET");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "GET");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
String[] mappedValue = {"permissive"};
boolean accessAllowed = testFilter.isAccessAllowed(request, response, mappedValue);
- assertTrue("Access allowed for GET", !accessAllowed); // login attempt should always be false
+ assertFalse("Access allowed for GET", accessAllowed); // login attempt should always be false
}
/**
@@ -262,14 +241,12 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
public void permissiveEnabledTest() {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(null).anyTimes();
- expect(request.getRemoteHost()).andReturn("localhost").anyTimes();
- expect(request.getMethod()).andReturn("GET");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> null);
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "GET");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
String[] mappedValue = {"permissive"};
boolean accessAllowed = testFilter.isAccessAllowed(request, response, mappedValue);
@@ -283,17 +260,15 @@ public class BasicHttpFilterAuthenticationTest extends SecurityManagerTestSuppor
public void httpMethodRequiresAuthenticationWithPermissive() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
- HttpServletRequest request = createMock(HttpServletRequest.class);
- expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", ""));
- expect(request.getRemoteHost()).andReturn("localhost");
- expect(request.getMethod()).andReturn("POST");
- replay(request);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getHeader("Authorization")).then(args -> createAuthorizationHeader("pedro", ""));
+ when(request.getRemoteHost()).then(args -> "localhost");
+ when(request.getMethod()).then(args -> "POST");
- HttpServletResponse response = createMock(HttpServletResponse.class);
- replay(response);
+ HttpServletResponse response = mock(HttpServletResponse.class);
boolean accessAllowed = testFilter.isAccessAllowed(request, response, new String[] {"permissive", "POST", "PUT", "DELETE" });
- assertTrue("Access allowed for POST", !accessAllowed);
+ assertFalse("Access allowed for POST", accessAllowed);
}
private String createAuthorizationHeader(String username, String password) {
diff --git a/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java b/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
index dba7cb5..78692cb 100644
--- a/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
+++ b/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
@@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
-import static org.easymock.EasyMock.*;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
/**
* Test cases for the {@link AuthorizationFilter} class.
@@ -46,19 +49,17 @@ public class AuthorizationFilterTest extends SecurityManagerTestSupport {
AuthorizationFilter filter = new AuthorizationFilter() {
@Override
- protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
- throws Exception {
+ protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
return false; //for this test case
}
};
- HttpServletRequest request = createNiceMock(HttpServletRequest.class);
- HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- replay(response);
+ // response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
filter.onAccessDenied(request, response);
- verify(response);
+ verify(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
@Test
@@ -73,27 +74,22 @@ public class AuthorizationFilterTest extends SecurityManagerTestSupport {
AuthorizationFilter filter = new AuthorizationFilter() {
@Override
- protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
- throws Exception {
+ protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
return false; //for this test case
}
};
filter.setUnauthorizedUrl(unauthorizedUrl);
- HttpServletRequest request = createNiceMock(HttpServletRequest.class);
- HttpServletResponse response = createNiceMock(HttpServletResponse.class);
-
- expect(request.getContextPath()).andReturn("/").anyTimes();
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ HttpServletResponse response = mock(HttpServletResponse.class);
String encoded = "/" + unauthorizedUrl;
- expect(response.encodeRedirectURL(unauthorizedUrl)).andReturn(encoded);
+ when(response.encodeRedirectURL(unauthorizedUrl)).thenReturn(encoded);
response.sendRedirect(encoded);
- replay(request);
- replay(response);
filter.onAccessDenied(request, response);
- verify(request);
- verify(response);
+ verify(response, atLeastOnce()).sendRedirect(encoded);
+ verify(response).encodeRedirectURL(unauthorizedUrl);
}
}