From 44d6854bc50798dc5c37c0386f600709b3a355d4 Mon Sep 17 00:00:00 2001
From: Fabio Formosa <fabio.formosa@gmail.com>
Date: Sat, 1 Oct 2022 15:48:01 +0200
Subject: [PATCH] #63 added security test to test the whitelisted endpoints

---
 .../security/SecurityControllerTest.java              | 11 +++++++----
 .../security/controllers/TestController.java          |  6 ------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/SecurityControllerTest.java b/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/SecurityControllerTest.java
index 39ede6a..5489952 100644
--- a/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/SecurityControllerTest.java
+++ b/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/SecurityControllerTest.java
@@ -2,6 +2,8 @@ package it.fabioformosa.quartzmanager.security;
 
 import it.fabioformosa.quartzmanager.security.controllers.TestController;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -45,10 +47,11 @@ public class SecurityControllerTest {
       .andExpect(status().isUnauthorized());
   }
 
-  @Test
-  void givenAnAnonymousUser_whenRequestedSwaggerResource_thenShouldReturn2xx() throws Exception {
-    mockMvc.perform(MockMvcRequestBuilders.get("/swagger-ui.html"))
-      .andExpect(status().isOk());
+  @ParameterizedTest
+  @ValueSource(strings =  {"/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**"})
+   void givenAnAnonymousUser_whenRequestedAnEndpointInWhitelist_thenShouldnotReturnForbidden(String whitelistEndpoint) throws Exception {
+    mockMvc.perform(MockMvcRequestBuilders.get(whitelistEndpoint))
+      .andExpect(status().isNotFound());
   }
 
   @Test
diff --git a/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/controllers/TestController.java b/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/controllers/TestController.java
index a5a8f49..7edf0e0 100644
--- a/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/controllers/TestController.java
+++ b/quartz-manager-parent/quartz-manager-starter-security/src/test/java/it/fabioformosa/quartzmanager/security/controllers/TestController.java
@@ -18,12 +18,6 @@ public class TestController {
 
   }
 
-  @ResponseStatus(HttpStatus.OK)
-  @GetMapping("/swagger-ui.html")
-  public void getSwaggerUI(){
-
-  }
-
   @ResponseStatus(HttpStatus.OK)
   @GetMapping(QUARTZ_MANAGER + "/scheduler")
   public void getQuartzManagerScheduler(){