Merge pull request quarkusio#6247 from geoand/spring-security-devmode…

…-test

Add a dev-mode test for the Spring Security module

extensions/spring-security/deployment/pom.xml

@@ -50,6 +50,21 @@
             <artifactId>quarkus-security-test-utils</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-spring-web-deployment</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-elytron-security-properties-file-deployment</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

extensions/spring-security/deployment/src/test/java/io/quarkus/spring/security/deployment/AnnotationChangeReloadTest.java

@@ -0,0 +1,44 @@
+package io.quarkus.spring.security.deployment;
+
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.spring.security.deployment.springapp.Person;
+import io.quarkus.spring.security.deployment.springapp.Roles;
+import io.quarkus.spring.security.deployment.springapp.SpringComponent;
+import io.quarkus.spring.security.deployment.springapp.SpringController;
+import io.quarkus.test.QuarkusDevModeTest;
+import io.restassured.RestAssured;
+
+public class AnnotationChangeReloadTest {
+
+    @RegisterExtension
+    static QuarkusDevModeTest TEST = new QuarkusDevModeTest()
+            .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class)
+                    .addClasses(Roles.class,
+                            Person.class,
+                            SpringComponent.class,
+                            SpringController.class));
+
+    @Test()
+    public void testUpdatedAnnotationWorks() {
+        RestAssured.given().auth().preemptive().basic("bob", "bob")
+                .when().get("/secure/admin").then()
+                .statusCode(403);
+        RestAssured.given().auth().preemptive().basic("alice", "alice")
+                .when().get("/secure/admin").then()
+                .statusCode(200);
+
+        TEST.modifySourceFile("SpringComponent.java", s -> s.replace("@PreAuthorize(\"hasRole(@roles.ADMIN)\")",
+                "@PreAuthorize(\"hasRole(@roles.USER)\")"));
+
+        RestAssured.given().auth().preemptive().basic("bob", "bob")
+                .when().get("/secure/admin").then()
+                .statusCode(200);
+        RestAssured.given().auth().preemptive().basic("alice", "alice")
+                .when().get("/secure/admin").then()
+                .statusCode(403);
+    }
+}

extensions/spring-security/deployment/src/test/java/io/quarkus/spring/security/deployment/springapp/SpringController.java

@@ -0,0 +1,21 @@
+package io.quarkus.spring.security.deployment.springapp;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/secure")
+public class SpringController {
+
+    private final SpringComponent springComponent;
+
+    public SpringController(SpringComponent springComponent) {
+        this.springComponent = springComponent;
+    }
+
+    @GetMapping("/admin")
+    public String accessibleForAdminOnly() {
+        return springComponent.accessibleForAdminOnly();
+    }
+}

extensions/spring-security/deployment/src/test/resources/application.properties

@@ -0,0 +1,5 @@
+quarkus.security.users.file.enabled=true
+quarkus.security.users.file.users=test-users.properties
+quarkus.security.users.file.roles=test-roles.properties
+#quarkus.security.users.file.auth-mechanism=BASIC
+quarkus.security.users.file.plain-text=true

extensions/spring-security/deployment/src/test/resources/test-roles.properties

@@ -0,0 +1,2 @@
+bob=user
+alice=admin

extensions/spring-security/deployment/src/test/resources/test-users.properties

@@ -0,0 +1,2 @@
+bob=bob
+alice=alice