Merge pull request eclipse-sw360#2535 from siemens/fix/RestTestCases

fix(rest): Fixing the rest test cases Reviewed-by: mishra.gaurav@siemens.com Tested-by: mishra.gaurav@siemens.com
KoukiHama · Aug 7, 2024 · e5e29a3 · e5e29a3
2 parents 308ce54 + b262c4c
commit e5e29a3
Show file tree

Hide file tree

Showing 63 changed files with 816 additions and 1,318 deletions.
diff --git a/pom.xml b/pom.xml
@@ -145,7 +145,7 @@
     <spotless.version>2.29.0</spotless.version>
     <spring-boot.version>3.3.0</spring-boot.version>
     <spring-restdocs-asciidoctor.version>2.0.6.RELEASE</spring-restdocs-asciidoctor.version>
-    <spring-restdocs.version>2.0.6.RELEASE</spring-restdocs.version>
+    <spring-restdocs.version>3.0.1</spring-restdocs.version>
     <spring-security-jwt.version>1.1.1.RELEASE</spring-security-jwt.version>
     <spring-security-oauth2.version>2.5.1.RELEASE</spring-security-oauth2.version>
     <springdoc-openapi-hateos.version>1.7.0</springdoc-openapi-hateos.version>
@@ -621,12 +621,6 @@
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-surefire-plugin</artifactId>
           <version>${maven-surefire-plugin.version}</version>
-          <configuration>
-            <argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=512m</argLine>
-            <forkCount>0</forkCount>
-            <reuseForks>false</reuseForks>
-            <reportFormat>plain</reportFormat>
-          </configuration>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -652,6 +646,8 @@
         <configuration>
           <source>${java_source.version}</source>
           <target>${java_target.version}</target>
+          <!--REF: https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#parameter-name-retention-->
+          <parameters>true</parameters>
         </configuration>
       </plugin>
       <plugin>

diff --git a/rest/authorization-server/pom.xml b/rest/authorization-server/pom.xml
@@ -20,10 +20,6 @@
         <version>18.99.1</version>
     </parent>
 
-    <properties>
-        <maven.test.skip>true</maven.test.skip>
-    </properties>
-
     <artifactId>authorization-server</artifactId>
     <packaging>war</packaging>
     <dependencies>
@@ -60,6 +56,11 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-oauth2-authorization-server</artifactId>
         </dependency>
+        <!--Added it for client-management endpoint-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-jwt</artifactId>

diff --git a/...ation-server/src/main/java/org/eclipse/sw360/rest/authserver/security/SecurityConfig.java b/...ation-server/src/main/java/org/eclipse/sw360/rest/authserver/security/SecurityConfig.java
@@ -16,6 +16,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -62,8 +63,12 @@ public SecurityFilterChain webFilterChainForOauth(HttpSecurity httpSecurity) thr
     @Order(2)
     @Bean
     public SecurityFilterChain appSecurtiy(HttpSecurity httpSecurity) throws Exception {
-        httpSecurity.authorizeRequests(request -> request.anyRequest().authenticated()).formLogin(Customizer.withDefaults());
-        return httpSecurity.csrf(csrf->csrf.disable()).build();
+        httpSecurity.authorizeRequests(
+                authz -> authz
+                .requestMatchers("/client-management/**").hasAuthority("ADMIN")
+                .anyRequest().authenticated()
+        ).httpBasic(Customizer.withDefaults()).formLogin(Customizer.withDefaults());
+        return httpSecurity.csrf(csrf -> csrf.disable()).build();
     }
 
 

diff --git a/.../eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java b/.../eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java
diff --git a/.../test/java/org/eclipse/sw360/rest/authserver/GrantTypeClientCredentialsBasicAuthTest.java b/.../test/java/org/eclipse/sw360/rest/authserver/GrantTypeClientCredentialsBasicAuthTest.java
@@ -1,31 +1,63 @@
 /*
- * Copyright Siemens AG, 2019. Part of the SW360 Portal Project.
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+* SPDX-FileCopyrightText: © 2024 Siemens AG
+* SPDX-License-Identifier: EPL-2.0
+*/
 package org.eclipse.sw360.rest.authserver;
-
-import org.junit.Before;
+import org.eclipse.sw360.rest.authserver.IntegrationTestBase;
+import org.junit.Test;
 import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.*;
+
+import java.nio.charset.StandardCharsets;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class GrantTypeClientCredentialsBasicAuthTest extends IntegrationTestBase {
+
+    private final String clientId = "trusted-sw360-client";
+    private final String clientSecret = "sw360-secret";
+    private final TestRestTemplate restTemplate = new TestRestTemplate();
+
+    @Test
+    public void successfulTokenRetrieval() {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.setBasicAuth(clientId, clientSecret, StandardCharsets.UTF_8);
+
+        HttpEntity<String> request = new HttpEntity<>("grant_type=client_credentials", headers);
+        String url = "http://localhost:" + port + "/oauth2/token";
+
+        ResponseEntity<String> response = restTemplate.postForEntity(url, request, String.class);
+
+        assertThat(response.getStatusCode(), is(HttpStatus.OK));
+    }
+
+    @Test
+    public void unauthorizedDueToInvalidCredentials() {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.setBasicAuth("invalidClientId", "invalidClientSecret", StandardCharsets.UTF_8);
+
+        HttpEntity<String> request = new HttpEntity<>("grant_type=client_credentials", headers);
+        String url = "http://localhost:" + port + "/oauth2/token";
+
+        ResponseEntity<String> response = restTemplate.postForEntity(url, request, String.class);
+
+        assertThat(response.getStatusCode(), is(HttpStatus.UNAUTHORIZED));
+    }
 
-import java.io.IOException;
+    @Test
+    public void badRequestDueToMissingGrantType() {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.setBasicAuth(clientId, clientSecret, StandardCharsets.UTF_8);
 
-/**
- * A POST request for an access token with grant type 'client_credentials' and
- * basic auth should be possible.
- */
-public class GrantTypeClientCredentialsBasicAuthTest extends GrantTypeClientCredentialsTestBase {
+        HttpEntity<String> request = new HttpEntity<>("", headers);
+        String url = "http://localhost:" + port + "/oauth2/token";
 
-    @Before
-    public void before() throws IOException {
-        String url = "http://localhost:" + String.valueOf(port) + "/oauth/token?grant_type=" + PARAMETER_GRANT_TYPE
-                + "&client_id=" + testClient.getClientId();
+        ResponseEntity<String> response = restTemplate.postForEntity(url, request, String.class);
 
-        responseEntity = new TestRestTemplate(testClient.getClientId(), testClient.getClientSecret()).postForEntity(url,
-                null, String.class);
+        assertThat(response.getStatusCode(), is(HttpStatus.BAD_REQUEST));
     }
-}
+}
diff --git a/...ava/org/eclipse/sw360/rest/authserver/GrantTypeClientCredentialsCustomHeaderAuthTest.java b/...ava/org/eclipse/sw360/rest/authserver/GrantTypeClientCredentialsCustomHeaderAuthTest.java
@@ -9,6 +9,7 @@
  */
 package org.eclipse.sw360.rest.authserver;
 
+import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
@@ -24,6 +25,7 @@
  * A POST request for an access token with grant type 'client_credentials' and
  * custom auth header should NOT be possible.
  */
+@Ignore("Keeeping this test for reference for header bases auth, but it is not needed anymore for now")
 public class GrantTypeClientCredentialsCustomHeaderAuthTest extends IntegrationTestBase {
 
     @Test