Skip to content

Commit

Permalink
Merge pull request #37814 from michalvavrik/feature/fix-flaky-securit…
Browse files Browse the repository at this point in the history
…y-event-tests

Fix flaky HttpSecurityPolicySecurityEventTest
  • Loading branch information
sberyozkin authored Dec 18, 2023
2 parents 52e0884 + a189605 commit cdbfbc6
Showing 1 changed file with 16 additions and 22 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertInstanceOf;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
Expand Down Expand Up @@ -95,9 +96,7 @@ public void testAuthenticationEvents() {
assertEquals(0, observer.authZFailureStorage.size());
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(1, observer.asyncAuthNFailureEventStorage.size()));
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(1, observer.asyncAllEventsStorage.size()));
assertEquals(1, observer.allEventsStorage.size());
assertAllEvents(1);
AuthenticationFailureEvent event = observer.asyncAuthNFailureEventStorage.get(0);
assertNull(event.getSecurityIdentity());
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
Expand Down Expand Up @@ -128,9 +127,7 @@ public void testAuthenticatedPolicy() {
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
assertEquals(PathMatchingHttpSecurityPolicy.class.getName(), event.getAuthorizationContext());
assertTrue(identity.isAnonymous());
assertEquals(3, observer.allEventsStorage.size());
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(3, observer.asyncAllEventsStorage.size()));
assertAllEvents(3);
AuthenticationSuccessEvent authNSuccessEvent = (AuthenticationSuccessEvent) observer.allEventsStorage.get(0);
identity = authNSuccessEvent.getSecurityIdentity();
assertNotNull(identity);
Expand All @@ -143,14 +140,12 @@ public void testPermitAllPolicy() {
RestAssured.get("/permit").then().statusCode(200);
assertEquals(0, observer.authZFailureStorage.size());
assertEquals(0, observer.authNSuccessStorage.size());
assertEquals(1, observer.allEventsStorage.size());
assertEquals(1, observer.authZSuccessStorage.size());
AuthorizationSuccessEvent event = observer.authZSuccessStorage.get(0);
assertNotNull(event.getSecurityIdentity());
assertTrue(event.getSecurityIdentity().isAnonymous());
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(1, observer.asyncAllEventsStorage.size()));
assertAllEvents(1);
}

@Test
Expand All @@ -177,24 +172,23 @@ public void testRolesPolicy() {
identity = event.getSecurityIdentity();
assertNotNull(identity);
assertEquals("test", identity.getPrincipal().getName());
assertTrue(event.getAuthorizationFailure() instanceof ForbiddenException);
assertInstanceOf(ForbiddenException.class, event.getAuthorizationFailure());
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(4, observer.asyncAllEventsStorage.size()));
assertAllEvents(4);
}

@Test
public void testRolesPolicyAugmentation() {
RestAssured.given().auth().preemptive().basic("test", "test").get("/map-roles").then().statusCode(200);
assertEquals(0, observer.authZFailureStorage.size());
assertEquals(2, observer.allEventsStorage.size());
assertEquals(1, observer.authNSuccessStorage.size());
assertEquals(1, observer.authZSuccessStorage.size());
SecurityIdentity originalIdentity = observer.authNSuccessStorage.get(0).getSecurityIdentity();
SecurityIdentity augmentedIdentity = observer.authZSuccessStorage.get(0).getSecurityIdentity();
assertNotEquals(originalIdentity, augmentedIdentity);
assertTrue(augmentedIdentity.hasRole("admin"));
assertFalse(originalIdentity.hasRole("admin"));
assertAllEvents(2);
}

@Test
Expand All @@ -220,11 +214,9 @@ public void testDenyAllPolicy() {
assertNull(first.getAuthorizationFailure());
assertEquals(PathMatchingHttpSecurityPolicy.class.getName(), first.getAuthorizationContext());
assertNotNull(first.getEventProperties().get(RoutingContext.class.getName()));
assertTrue(second.getAuthorizationFailure() instanceof ForbiddenException);
assertInstanceOf(ForbiddenException.class, second.getAuthorizationFailure());
assertEquals(PathMatchingHttpSecurityPolicy.class.getName(), first.getAuthorizationContext());
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(3, observer.asyncAllEventsStorage.size()));
assertEquals(3, observer.allEventsStorage.size());
assertAllEvents(3);
Awaitility.await().atMost(Duration.ofSeconds(2)).untilAsserted(() -> assertEquals(1,
observer.asyncAllEventsStorage.stream().filter(se -> se instanceof AuthenticationSuccessEvent).count()));
AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) observer.asyncAllEventsStorage.stream()
Expand Down Expand Up @@ -252,11 +244,9 @@ public void testNamedCustomPolicy() {
assertNotNull(identity);
assertTrue(identity.isAnonymous());
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
assertEquals(2, observer.allEventsStorage.size());
assertAllEvents(2);
assertEquals(event, observer.allEventsStorage.get(1));
assertEquals(PathMatchingHttpSecurityPolicy.class.getName(), event.getAuthorizationContext());
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(2, observer.asyncAllEventsStorage.size()));
}

@Test
Expand All @@ -279,9 +269,13 @@ public void testGlobalCustomPolicy() {
assertTrue(identity.isAnonymous());
assertNotNull(event.getEventProperties().get(RoutingContext.class.getName()));
assertTrue(event.getAuthorizationContext().contains("GlobalCustomHttpSecurityPolicy"));
assertAllEvents(2);
}

private void assertAllEvents(int expectedCount) {
assertEquals(expectedCount, observer.allEventsStorage.size());
Awaitility.await().atMost(Duration.ofSeconds(2))
.untilAsserted(() -> assertEquals(2, observer.asyncAllEventsStorage.size()));
assertEquals(2, observer.allEventsStorage.size());
.untilAsserted(() -> assertEquals(expectedCount, observer.asyncAllEventsStorage.size()));
}

@Singleton
Expand Down

0 comments on commit cdbfbc6

Please sign in to comment.