From 1b7e6957bbec07913762252edefe8e74e395cf45 Mon Sep 17 00:00:00 2001
From: linhvovn <tlinh2110@gmail.com>
Date: Sun, 31 Dec 2017 22:56:35 +0800
Subject: [PATCH] [BAEL1411-tlinh2110] Add Class Level Security Example

---
 .../methodsecurity/service/SystemService.java | 18 +++++++
 .../service/UserRoleService.java              |  2 +-
 .../TestClassLevelSecurity.java               | 49 +++++++++++++++++++
 .../methodsecurity/TestMethodSecurity.java    |  1 +
 .../methodsecurity/TestWithUserDetails.java   | 18 ++++++-
 5 files changed, 85 insertions(+), 3 deletions(-)
 create mode 100644 spring-security-core/src/main/java/org/baeldung/methodsecurity/service/SystemService.java
 create mode 100644 spring-security-core/src/test/java/org/baeldung/methodsecurity/TestClassLevelSecurity.java

diff --git a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/SystemService.java b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/SystemService.java
new file mode 100644
index 0000000000..5f29d7dee6
--- /dev/null
+++ b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/SystemService.java
@@ -0,0 +1,18 @@
+package org.baeldung.methodsecurity.service;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+@Service
+@PreAuthorize("hasRole('ROLE_ADMIN')")
+public class SystemService {
+    
+    public String getSystemYear(){
+        return "2017";
+    }
+    
+    public String getSystemDate(){
+        return "31-12-2017";
+    }
+    
+}
diff --git a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
index 3afd56110a..7379ee5223 100644
--- a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
+++ b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
@@ -103,5 +103,5 @@ public class UserRoleService {
     public CustomUser securedLoadUserDetail(String username){
         return userRoleRepository.loadUserByUserName(username);
     }
-    
+   
 }
diff --git a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestClassLevelSecurity.java b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestClassLevelSecurity.java
new file mode 100644
index 0000000000..502fd50c46
--- /dev/null
+++ b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestClassLevelSecurity.java
@@ -0,0 +1,49 @@
+package org.baeldung.methodsecurity;
+
+import static org.junit.Assert.*;
+
+import org.baeldung.methodsecurity.service.SystemService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@ContextConfiguration
+public class TestClassLevelSecurity {
+    
+    @Autowired
+    SystemService systemService;
+    
+    @Configuration
+    @ComponentScan("org.baeldung.methodsecurity.*")
+    public static class SpringConfig {
+
+    }
+    
+    @Test
+    @WithMockUser(username="john",roles={"ADMIN"})
+    public void givenRoleAdmin_whenCallGetSystemYear_return2017(){
+        String systemYear = systemService.getSystemYear();
+        assertEquals("2017",systemYear);
+    }
+    
+    @Test(expected=AccessDeniedException.class)
+    @WithMockUser(username="john",roles={"VIEWER"})
+    public void givenRoleViewer_whenCallGetSystemYear_returnAccessDenied(){
+        String systemYear = systemService.getSystemYear();
+        assertEquals("2017",systemYear);
+    }
+    
+    @Test
+    @WithMockUser(username="john",roles={"ADMIN"})
+    public void givenRoleAdmin_whenCallGetSystemDate_returnDate(){
+        String systemYear = systemService.getSystemDate();
+        assertEquals("31-12-2017",systemYear);
+    }
+}
diff --git a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
index dcc77fbab5..4e4b665fb2 100644
--- a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
+++ b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
@@ -160,4 +160,5 @@ public class TestMethodSecurity{
     public void givenDefaultRole_whenCallGetUsername4_thenAccessDenied(){
         userRoleService.getUsername4();
     }
+    
 }
\ No newline at end of file
diff --git a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithUserDetails.java b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithUserDetails.java
index 3f60281380..6c1d2ab62c 100644
--- a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithUserDetails.java
+++ b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithUserDetails.java
@@ -9,6 +9,7 @@ import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -35,8 +36,21 @@ public class TestWithUserDetails {
     
     @Test
     @WithUserDetails(value="jane",userDetailsServiceBeanName="userDetailService")
-    public void whenJohn_callSecuredLoadUserDetail_thenOK(){
-        CustomUser user = userService.securedLoadUserDetail("john");
+    public void givenJane_callSecuredLoadUserDetailWithJane_thenOK(){
+        CustomUser user = userService.securedLoadUserDetail("jane");
         assertEquals("jane",user.getNickName());
+        assertEquals("jane",user.getUsername());
+    }
+    
+    @Test(expected=AccessDeniedException.class)
+    @WithUserDetails(value="john",userDetailsServiceBeanName="userDetailService")
+    public void givenJohn_callSecuredLoadUserDetailWithJane_thenAccessDenied(){
+        userService.securedLoadUserDetail("jane");
+    }
+    
+    @Test(expected=AccessDeniedException.class)
+    @WithUserDetails(value="john",userDetailsServiceBeanName="userDetailService")
+    public void givenJohn_callSecuredLoadUserDetailWithJohn_thenAccessDenied(){
+        userService.securedLoadUserDetail("john");
     }
 }