[core] Ensure accessManager is called before server start (fixes #387)

javalin · Oct 4, 2018 · ab19ff9 · ab19ff9
1 parent 75d5d02
commit ab19ff9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/src/main/java/io/javalin/Javalin.java b/src/main/java/io/javalin/Javalin.java
@@ -428,6 +428,7 @@ private void ensureActionIsPerformedBeforeServerStart(@NotNull String action) {
      * @see AccessManager
      */
     public Javalin accessManager(@NotNull AccessManager accessManager) {
+        ensureActionIsPerformedBeforeServerStart("Setting an AccessManager");
         this.accessManager = accessManager;
         return this;
     }

diff --git a/src/test/java/io/javalin/TestAccessManager.kt b/src/test/java/io/javalin/TestAccessManager.kt
@@ -11,7 +11,6 @@ import com.mashape.unirest.http.Unirest
 import io.javalin.TestAccessManager.MyRoles.ROLE_ONE
 import io.javalin.TestAccessManager.MyRoles.ROLE_TWO
 import io.javalin.apibuilder.ApiBuilder.get
-import io.javalin.security.AccessManager
 import io.javalin.security.Role
 import io.javalin.security.SecurityUtil.roles
 import io.javalin.util.TestUtil
@@ -23,7 +22,7 @@ class TestAccessManager {
 
     enum class MyRoles : Role { ROLE_ONE, ROLE_TWO, ROLE_THREE }
 
-    private val accessManager = AccessManager { handler, ctx, permittedRoles ->
+    private val managedApp = Javalin.create().accessManager { handler, ctx, permittedRoles ->
         val userRole = ctx.queryParam("role")
         if (userRole != null && permittedRoles.contains(MyRoles.valueOf(userRole))) {
             handler.handle(ctx)
@@ -39,17 +38,15 @@ class TestAccessManager {
     }
 
     @Test
-    fun `AccessManager can restrict access for instance`() = TestUtil.test { app, http ->
-        app.accessManager(accessManager)
+    fun `AccessManager can restrict access for instance`() = TestUtil.test(managedApp) { app, http ->
         app.get("/secured", { ctx -> ctx.result("Hello") }, roles(ROLE_ONE, ROLE_TWO))
         assertThat(callWithRole(http.origin, "/secured", "ROLE_ONE"), `is`("Hello"))
         assertThat(callWithRole(http.origin, "/secured", "ROLE_TWO"), `is`("Hello"))
         assertThat(callWithRole(http.origin, "/secured", "ROLE_THREE"), `is`("Unauthorized"))
     }
 
     @Test
-    fun `AccessManager can restrict access for ApiBuilder`() = TestUtil.test { app, http ->
-        app.accessManager(accessManager)
+    fun `AccessManager can restrict access for ApiBuilder`() = TestUtil.test(managedApp) { app, http ->
         app.routes {
             get("/static-secured", { ctx -> ctx.result("Hello") }, roles(ROLE_ONE, ROLE_TWO))
         }