I tried to test the presence of Authorization value in the request header and my AuthorizationFilter has never been hit:
@Test
public void shouldContainAuthorizationHeader() {
request().params("invoiceNumber","988665646546457").get("findByInvoiceNumber");
a(statusCode()).shouldBeEqual(403);
}
Here is the filter declaration:
public class AppControllerConfig extends AbstractControllerConfig {
public void init(AppContext context) {
add(new DBConnectionFilter(), new CatchAllFilter()).to(AuthorsController.class, InterventionsController.class);
add(new AuthorizationFilter()).to(InterventionsController.class);
}
}
Here is its implementation:
public class AuthorizationFilter extends HttpSupportFilter {
private final static String EMPTY_STRING_SEPARATOR = " ";
@Override
public void before() {
if (!controllerProtected()) {
return;// allow to fall to controller
}
if (!hasAuthorizationHeader() && controllerProtected()) {
render("/errors/message", map("message", "Access denied", "code", 403));
}
}
Protected interface is the same as in activeweb-secure example.
The InterventionsController is annotated with @Protected:
@Protected
public class InterventionsController extends APIController {
...
}
I tried to extend my test class from AppIntegrationSpec:
public class InterventionsControllerIntegrationTest extends AppIntegrationSpec {
...
}
but in this case request method is no more accessible.
Is it a normal behaviour ? If so, how to test different headers values ?
I'm using the latest2.3-SNAPSHOT version of activeweb.
Thank you.