diff --git a/core/src/org/tangram/components/GenericAuthorizationService.java b/core/src/org/tangram/components/GenericAuthorizationService.java index fcc8b69a..ced0d6f0 100644 --- a/core/src/org/tangram/components/GenericAuthorizationService.java +++ b/core/src/org/tangram/components/GenericAuthorizationService.java @@ -146,7 +146,14 @@ public void handleRequest(HttpServletRequest request, HttpServletResponse respon if (isAdminUser(request, response)) { request.setAttribute("tangramAdminUser", true); } // if - if (!users.isEmpty()) { + if (users.isEmpty()) { + if (closedSystem) { + LOG.info("handleRequest() no logged in user found while application is globally protected"); + TargetDescriptor target = getLoginTarget(request); + Link loginLink = linkFactoryAggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView()); + response.sendRedirect(loginLink.getUrl()); + } // if + } else { boolean allowed = false; request.setAttribute("tangramLogoutUrl", authenticationService.getLogoutLink(request, response).getUrl()); for (User user : users) { @@ -156,13 +163,6 @@ public void handleRequest(HttpServletRequest request, HttpServletResponse respon LOG.warn("handleRequest() user not allowed to access page: {}", users); response.sendError(HttpServletResponse.SC_FORBIDDEN, users+" not allowed to view page"); } // if - } else { - if (closedSystem) { - LOG.info("handleRequest() no logged in user found while application is globally protected"); - TargetDescriptor target = getLoginTarget(request); - Link loginLink = linkFactoryAggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView()); - response.sendRedirect(loginLink.getUrl()); - } // if } // if } // if } // handleRequest() diff --git a/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java b/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java index ac9ab600..6ea99ae8 100644 --- a/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java +++ b/core/test/org/tangram/components/test/GenericAuthorizationServiceTest.java @@ -18,6 +18,7 @@ */ package org.tangram.components.test; +import java.io.IOException; import java.util.Collections; import java.util.HashSet; import java.util.Map; @@ -35,6 +36,8 @@ import org.tangram.authentication.User; import org.tangram.components.GenericAuthorizationService; import org.tangram.content.CodeResourceCache; +import org.tangram.link.Link; +import org.tangram.link.LinkFactoryAggregator; import org.tangram.link.TargetDescriptor; import org.testng.Assert; import org.testng.annotations.Test; @@ -63,6 +66,9 @@ public class GenericAuthorizationServiceTest { @Spy private final Set loginProviders = new HashSet<>(); // NOPMD - this field is not really unused + @Mock + private final LinkFactoryAggregator aggregator = null; + @InjectMocks private final GenericAuthorizationService authorizationService = new GenericAuthorizationService(); @@ -109,4 +115,45 @@ public void testGenericAuthorizationService() { Assert.assertEquals(target, loginTarget, "We need a login target."); } // testGenericAuthorizationService() + @Test + public void testClosedSystem() { + MockHttpServletRequest request = new MockHttpServletRequest(); + HttpServletResponse response = new MockHttpServletResponse(); + Set users = new HashSet<>(); + Mockito.when(authenticationService.getUsers(request, response)).thenReturn(users); + TargetDescriptor target = new TargetDescriptor(this, "log", "in"); + Mockito.when(authorizationService.getLoginTarget(request)).thenReturn(target); + String uri = "/login-test"; + Link link = new Link(uri); + Mockito.when(aggregator.createLink(request, response, target.getBean(), target.getAction(), target.getView())).thenReturn(link); + try { + authorizationService.handleRequest(request, response); + } catch (IOException e) { + Assert.fail("Request handling should not throw an exception"); + } // try/catch + Assert.assertEquals(response.getStatus(), 302, "expected redirect to new location"); + Assert.assertEquals(response.getHeader("Location"), uri, "expected redirect to new location"); + } // testClosedSystem() + + @Test + public void testHandleRequest() { + MockHttpServletRequest request = new MockHttpServletRequest(); + HttpServletResponse response = new MockHttpServletResponse(); + Map properties = Collections.EMPTY_MAP; + GenericUser user = new GenericUser("form", "testuser", properties); + Set users = new HashSet<>(); + users.add(user); + Mockito.when(authenticationService.getUsers(request, response)).thenReturn(users); + String uri = "/logout-test"; + Link link = new Link(uri); + Mockito.when(authenticationService.getLogoutLink(request, response)).thenReturn(link); + try { + authorizationService.handleRequest(request, response); + } catch (IOException e) { + Assert.fail("Request handling should not throw an exception"); + } // try/catch + Assert.assertEquals(response.getStatus(), 200, "expected normal status result"); + Assert.assertEquals(request.getAttribute("tangramLogoutUrl"), uri, "expected correct logout link in attribute"); + } // testHandleRequest() + } // GenericAuthorizationServiceTest