Refactoring

src/main/java/de/kreth/invoice/security/UserManager.java

@@ -3,7 +3,6 @@ package de.kreth.invoice.security;
 import org.keycloak.KeycloakPrincipal;
 import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.representations.AccessToken;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -18,8 +17,7 @@ public class UserManager {
 
 	private UserRepository userRepository;
 
-    @Autowired
-    public void setUserRepository(UserRepository userRepository) {
+	public UserManager(UserRepository userRepository) {
 		this.userRepository = userRepository;
 	}
 

src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java

@@ -0,0 +1,17 @@
+package de.kreth.invoice.business.security;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+@RequestMapping
+public class DummyCatchAllController {
+
+	@GetMapping(path = "/**")
+	@ResponseBody
+	public String catchAll() {
+		return "DummyCatchallController#catchAll";
+	}
+}

src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java

@@ -0,0 +1,43 @@
+package de.kreth.invoice.business.security;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+@WebMvcTest(controllers = DummyCatchAllController.class)
+class SecurityConfigurationTest {
+
+	private MockMvc mockMvc;
+
+	@Autowired
+	private WebApplicationContext webApplicationContext;
+
+	@BeforeEach
+	void setup() {
+		this.mockMvc = MockMvcBuilders
+				.webAppContextSetup(this.webApplicationContext)
+				.apply(springSecurity())
+				.build();
+	}
+
+	@Test
+	@WithMockUser(username = "user", roles = { "USER" })
+	void asLoggedInUser_ICantAccess() throws Exception {
+		mockMvc.perform(get("/")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	@WithMockUser(username = "admin", roles = { "INVOICE_USER" })
+	void asInvoiceUser_ICanAccess() throws Exception {
+		mockMvc.perform(get("/")).andExpect(status().isOk());
+	}
+}

src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java

@@ -0,0 +1,43 @@
+package de.kreth.invoice.business.security;
+
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.keycloak.adapters.springsecurity.account.KeycloakRole;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWebTestClient
+//@ActiveProfiles("test")
+@Disabled
+class ViewSecurityTest {
+
+    @Autowired
+    private WebTestClient client;
+
+    @Test
+    void givenUnauthenticated_whenCallService_thenIsUnauthorized() {
+	this.client.get().uri("/")
+		.exchange().expectStatus().isUnauthorized();
+    }
+
+    @Test
+    void givenAuthenticatedMissingRole_whenCallServiceWithSecured_thenForbidden() {
+
+	this.client.mutateWith(mockOpaqueToken()).get().uri("/")
+		.exchange().expectStatus().isForbidden();
+    }
+
+    @Test
+    void givenAuthenticated_whenCallServiceWithSecured_thenOk() {
+
+	KeycloakRole role = new KeycloakRole("INVOICE_USER");
+	this.client.mutateWith(mockOpaqueToken().authorities(role))
+		.get().uri("/")
+		.exchange().expectStatus().isOk();
+    }
+}