Skip to content

Commit

Permalink
Required authorization propagated from the class level (#9137)
Browse files Browse the repository at this point in the history
Signed-off-by: David Kral <[email protected]>
  • Loading branch information
Verdent authored Aug 14, 2024
1 parent ade9166 commit 18e893e
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ public String toString() {
SecurityDefinition copyMe() {
SecurityDefinition result = new SecurityDefinition();
result.requiresAuthentication = this.requiresAuthentication;
result.requiresAuthorization = this.requiresAuthorization;
result.failOnFailureIfOptional = this.failOnFailureIfOptional;
result.authnOptional = this.authnOptional;
result.authenticator = this.authenticator;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright (c) 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.helidon.tests.integration.security.annotation;

import io.helidon.security.annotations.Authenticated;
import io.helidon.security.annotations.Authorized;

import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;

/**
* An admin resource that should not be accessible without proper credentials.
*/
@Authenticated
@Authorized(false)
@Path("/admin2")
public class SecondAdminResource {


/**
* The resource.
*
* @return admin secret.
*/
@GET
@Authorized
@RolesAllowed("admin")
public String admin() {
return "admin";
}


/**
* The resource.
*
* @return admin secret.
*/
@GET
@Path("/unauthorized")
@RolesAllowed("admin")
public String unauthorizedAdmin() {
return "unauthorized admin";
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,32 @@ class AdminTest {

@Test
void testProtectedAdminEndpoint(WebTarget target) {
try (Response response = target.path("/admin")
testProtectedAdmin(target, "/admin");
}

@Test
void testProtectedAdmin2Endpoint(WebTarget target) {
testProtectedAdmin(target, "/admin2");
}

@Test
void testUnauthorizedAdminEndpoint(WebTarget target) {
testUnprotectedAdmin(target, "/admin/unauthorized");
}

@Test
void testUnauthorizedAdmin2Endpoint(WebTarget target) {
testUnprotectedAdmin(target, "/admin2/unauthorized");
}

private void testProtectedAdmin(WebTarget target, String endpoint) {
try (Response response = target.path(endpoint)
.request()
.header("Authorization", basic("fail"))
.get()) {
assertThat(response.getStatus(), is(Status.FORBIDDEN_403.code()));
}
try (Response response = target.path("/admin")
try (Response response = target.path(endpoint)
.request()
.header("Authorization", basic("success"))
.get()) {
Expand All @@ -48,16 +67,15 @@ void testProtectedAdminEndpoint(WebTarget target) {
}
}

@Test
void testUnauthorizedAdminEndpoint(WebTarget target) {
try (Response response = target.path("/admin/unauthorized")
private void testUnprotectedAdmin(WebTarget target, String endpoint) {
try (Response response = target.path(endpoint)
.request()
.header("Authorization", basic("fail"))
.get()) {
assertThat(response.getStatus(), is(Status.OK_200.code()));
assertThat(response.readEntity(String.class), is("unauthorized admin"));
}
try (Response response = target.path("/admin/unauthorized")
try (Response response = target.path(endpoint)
.request()
.header("Authorization", basic("success"))
.get()) {
Expand Down

0 comments on commit 18e893e

Please sign in to comment.