0

I tried to test the presence of Authorization value in the request header and my AuthorizationFilter has never been hit:

@Test
public void shouldContainAuthorizationHeader() {
    request().params("invoiceNumber","988665646546457").get("findByInvoiceNumber");
    a(statusCode()).shouldBeEqual(403);
}

Here is the filter declaration:

public class AppControllerConfig extends AbstractControllerConfig {

    public void init(AppContext context) {
        add(new DBConnectionFilter(), new CatchAllFilter()).to(AuthorsController.class, InterventionsController.class);
        add(new AuthorizationFilter()).to(InterventionsController.class);
    }
}

Here is its implementation:

public class AuthorizationFilter extends HttpSupportFilter {

    private final static String EMPTY_STRING_SEPARATOR = " ";

    @Override
    public void before() {

        if (!controllerProtected()) {
            return;// allow to fall to controller
        }

        if (!hasAuthorizationHeader() && controllerProtected()) {
            render("/errors/message", map("message", "Access denied", "code", 403));
        }
    }

Protected interface is the same as in activeweb-secure example.

The InterventionsController is annotated with @Protected:

@Protected
public class InterventionsController extends APIController {
...
}

I tried to extend my test class from AppIntegrationSpec:

public class InterventionsControllerIntegrationTest extends AppIntegrationSpec {
...
}

but in this case request method is no more accessible.

Is it a normal behaviour ? If so, how to test different headers values ? I'm using the latest2.3-SNAPSHOT version of activeweb.

Thank you.

belgoros
  • 3,590
  • 7
  • 38
  • 76
  • I finished with the following implementation of test: `controller("/api/v2/interventions").params("invoiceNumber", "1234567").get("findByInvoiceNumber");`. Then `a(statusCode()).shouldBeEqual(403);` But the response status was `200`. – belgoros Sep 26 '18 at 09:54
  • What is the more correct way to go to test such a kind of things, taking into account that all the protected controllers have the same stuff to test in their headers and I'd like to DRY it if possible. – belgoros Sep 26 '18 at 10:58
  • As for status code testing, I figured out the value to test. I'm using ` errors` view displaying `message` and `code` values as JSON. So when testing `a(val("code")).shouldBeEqual(403);`, it passed. – belgoros Sep 26 '18 at 11:53

0 Answers0