reactive buggy security test

jvmlet · jvmlet · commit 4436fa2b60e5 · 2023-05-15T14:26:17.000+03:00
diff --git a/grpc-spring-boot-starter-demo/src/main/java/org/lognet/springboot/grpc/demo/BuggyReactiveGreeterGrpcService.java b/grpc-spring-boot-starter-demo/src/main/java/org/lognet/springboot/grpc/demo/BuggyReactiveGreeterGrpcService.java
@@ -0,0 +1,33 @@
+package org.lognet.springboot.grpc.demo;
+
+import io.grpc.examples.reactor.ReactiveHelloRequest;
+import io.grpc.examples.reactor.ReactiveHelloResponse;
+import io.grpc.examples.reactor.ReactorReactiveGreeterGrpc;
+import lombok.extern.slf4j.Slf4j;
+import org.lognet.springboot.grpc.GRpcService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.transaction.annotation.Transactional;
+import reactor.core.publisher.Mono;
+
+
+@GRpcService
+@Slf4j
+@ConditionalOnClass(Transactional.class)
+@Profile("reactive-buggy-security")
+public class BuggyReactiveGreeterGrpcService extends ReactorReactiveGreeterGrpc.ReactiveGreeterImplBase {
+
+
+    @Override
+    @Secured({})
+    public Mono<ReactiveHelloResponse> greet(Mono<ReactiveHelloRequest> request) {
+        return super.greet(request);
+    }
+
+    @Override
+    @Secured({}) //invalid
+    public Mono<ReactiveHelloResponse> greet(ReactiveHelloRequest request) {
+        return super.greet(request);
+    }
+}
diff --git a/grpc-spring-boot-starter-demo/src/main/java/org/lognet/springboot/grpc/demo/ReactiveGreeterGrpcService.java b/grpc-spring-boot-starter-demo/src/main/java/org/lognet/springboot/grpc/demo/ReactiveGreeterGrpcService.java
@@ -9,6 +9,7 @@
 import org.lognet.springboot.grpc.recovery.GRpcExceptionHandler;
 import org.lognet.springboot.grpc.recovery.GRpcExceptionScope;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.transaction.annotation.Transactional;
@@ -22,6 +23,7 @@
 @GRpcService
 @Slf4j
 @ConditionalOnClass(Transactional.class)
+@Profile("!reactive-buggy-security")
 public class ReactiveGreeterGrpcService extends ReactorReactiveGreeterGrpc.ReactiveGreeterImplBase {
 
     private ReactiveGreeterService reactiveGreeterService;
@@ -39,6 +41,11 @@ public Mono<ReactiveHelloResponse> greet(Mono<ReactiveHelloRequest> request) {
 
     }
 
+    @Override
+    public Mono<ReactiveHelloResponse> greet(ReactiveHelloRequest request) {
+        return super.greet(request); //for tests
+    }
+
     @Override
     public Flux<ReactiveHelloResponse> multiGreet(Mono<ReactiveHelloRequest> request) {
         return request.flatMapIterable(r ->
diff --git a/grpc-spring-boot-starter-demo/src/reactiveTest/java/org/lognet/springboot/grpc/reactive/BaggyReactiveSecurityTest.java b/grpc-spring-boot-starter-demo/src/reactiveTest/java/org/lognet/springboot/grpc/reactive/BaggyReactiveSecurityTest.java
@@ -0,0 +1,52 @@
+package org.lognet.springboot.grpc.reactive;
+
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.lognet.springboot.grpc.auth.JwtAuthBaseTest;
+import org.lognet.springboot.grpc.demo.DemoApp;
+import org.lognet.springboot.rules.ExpectedStartupExceptionWithInspector;
+import org.lognet.springboot.rules.SpringRunnerWithGlobalExpectedExceptionInspected;
+import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.core.NestedExceptionUtils;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ActiveProfiles;
+
+import java.util.function.Predicate;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.*;
+
+
+@Slf4j
+@RunWith(SpringRunnerWithGlobalExpectedExceptionInspected.class)
+@SpringBootTest(classes = DemoApp.class)
+@ActiveProfiles({"keycloack-test", "r2dbc-test", "reactive-buggy-security"})
+@DirtiesContext
+@ExpectedStartupExceptionWithInspector(BaggyReactiveSecurityTest.ExceptionInspector.class)
+public class BaggyReactiveSecurityTest extends JwtAuthBaseTest {
+
+    @Test
+    public void contextStartupFails() {
+    }
+
+    public static class ExceptionInspector implements Predicate<Throwable> {
+
+        @Override
+        public boolean test(Throwable throwable) {
+
+            Throwable rootCause = NestedExceptionUtils.getRootCause(throwable);
+            assertThat(rootCause, instanceOf(BeanCreationException.class));
+            BeanCreationException beanCreationException = (BeanCreationException) rootCause;
+
+            assertThat(beanCreationException.getMessage(), allOf(
+                    notNullValue(String.class),
+                    stringContainsInOrder("Ambiguous", "Secured",  "method")
+            ));
+
+            return true;
+        }
+
+    }
+}
