DefaultAsyncSecurityLogicTest.java 文件源码

@Test(timeout = 1000)
public void testAlreadyAuthenticatedNotAuthorized(final TestContext testContext) throws Exception {
    simulatePreviousAuthenticationSuccess();
    final AsyncClient<TestCredentials, TestProfile> indirectClient = getMockIndirectClient(NAME);
    final Clients<AsyncClient<? extends Credentials, ? extends CommonProfile>, AsyncAuthorizationGenerator<CommonProfile>> clients = new Clients<>(CALLBACK_URL, indirectClient);
    when(config.getClients()).thenReturn(clients);
    final String authorizers = NAME;
    addSingleAuthorizerToConfig((context, prof) -> prof.get(0).getId().equals(BAD_USERNAME));
    asyncSecurityLogic = new DefaultAsyncSecurityLogic<>(true, false, config, httpActionAdapter);
    final Async async = testContext.async();
    final CompletableFuture<Object> result = simulatePreviousAuthenticationSuccess()
            .thenCompose(v -> asyncSecurityLogic.perform(webContext, accessGrantedAdapter, null, authorizers, null));

    exception.expect(CompletionException.class);
    exception.expectCause(allOf(IsInstanceOf.instanceOf(HttpAction.class),
            hasProperty("message", is("forbidden")),
            hasProperty("code", is(403))));
    assertSuccessfulEvaluation(result, ExceptionSoftener.softenConsumer(o -> {
        assertThat(o, is(nullValue()));
        assertThat(status.get(), is(403));
        verify(accessGrantedAdapter, times(0)).adapt(webContext);
    }), async);
}