Merge pull request #3336 from linhvovn/BAEL-1411

[Bael 1411-tlinh2110] Add resources for Method Security

spring-security-core/src/main/java/org/baeldung/methodsecurity/annotation/IsViewer.java

@@ -0,0 +1,14 @@
+package org.baeldung.methodsecurity.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasRole('VIEWER')")
+public @interface IsViewer {
+}

spring-security-core/src/main/java/org/baeldung/methodsecurity/config/MethodSecurityConfig.java

@@ -1,11 +1,11 @@
-package org.baeldung.testmethodsecurity.config;
+package org.baeldung.methodsecurity.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
 
 @Configuration
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
+@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
 public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 
 }

spring-security-core/src/main/java/org/baeldung/methodsecurity/entity/CustomUser.java

@@ -1,4 +1,4 @@
-package org.baeldung.testmethodsecurity.entity;
+package org.baeldung.methodsecurity.entity;
 
 import java.util.Collection;
 
@@ -6,15 +6,15 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 
 @SuppressWarnings("serial")
-public class CustomUser extends User{
+public class CustomUser extends User {
-    
+
     private String nickName;
 
     public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
         super(username, password, authorities);
     }
-    
+
-    public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities,String nickName) {
+    public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities, String nickName) {
         super(username, password, authorities);
         this.nickName = nickName;
     }

spring-security-core/src/main/java/org/baeldung/methodsecurity/repository/UserRoleRepository.java

@@ -0,0 +1,57 @@
+package org.baeldung.methodsecurity.repository;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.baeldung.methodsecurity.entity.CustomUser;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserRoleRepository {
+
+    static Map<String, CustomUser> DB_BASED_USER_MAPPING;
+
+    static {
+        DB_BASED_USER_MAPPING = new LinkedHashMap<>();
+        DB_BASED_USER_MAPPING.put("jane", new CustomUser("jane", "1234", getGrantedAuthorities("ROLE_USER", "ROLE_VIEWER"), "jane"));
+        DB_BASED_USER_MAPPING.put("john", new CustomUser("john", "1234", getGrantedAuthorities("ROLE_EDITOR", "ROLE_ADMIN"), "jane"));
+        DB_BASED_USER_MAPPING.put("jack", new CustomUser("jack", "1234", getGrantedAuthorities("ROLE_USER", "ROLE_REVIEWER"), "jane"));
+    }
+
+    private static List<GrantedAuthority> getGrantedAuthorities(String... roles) {
+        ArrayList<GrantedAuthority> authorities = new ArrayList<>();
+        for (String role : roles) {
+            authorities.add(new SimpleGrantedAuthority(role));
+        }
+        return authorities;
+    }
+
+    public CustomUser loadUserByUserName(String username) {
+        if (DB_BASED_USER_MAPPING.containsKey(username)) {
+            return DB_BASED_USER_MAPPING.get(username);
+        }
+        throw new UsernameNotFoundException("User " + username + " cannot be found");
+    }
+
+    public boolean isValidUsername(String username) {
+        return DB_BASED_USER_MAPPING.containsKey(username);
+    }
+
+    public boolean isValidRole(String roleName) {
+        return roleName.startsWith("ROLE_");
+    }
+
+    public List<String> getAllUsernames() {
+        List<String> usernames = new ArrayList<>();
+        usernames.add("jane");
+        usernames.add("john");
+        usernames.add("jack");
+        return usernames;
+    }
+
+}

spring-security-core/src/main/java/org/baeldung/methodsecurity/service/CustomUserDetailsService.java

@@ -1,6 +1,6 @@
-package org.baeldung.testmethodsecurity.service;
+package org.baeldung.methodsecurity.service;
 
-import org.baeldung.testmethodsecurity.repository.UserRoleRepository;
+import org.baeldung.methodsecurity.repository.UserRoleRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;

spring-security-core/src/main/java/org/baeldung/methodsecurity/service/SystemService.java

@@ -0,0 +1,18 @@
+package org.baeldung.methodsecurity.service;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+@Service
+@PreAuthorize("hasRole('ROLE_ADMIN')")
+public class SystemService {
+    
+    public String getSystemYear(){
+        return "2017";
+    }
+    
+    public String getSystemDate(){
+        return "31-12-2017";
+    }
+    
+}

spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java

@@ -0,0 +1,108 @@
+package org.baeldung.methodsecurity.service;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.annotation.security.RolesAllowed;
+
+import org.baeldung.methodsecurity.annotation.IsViewer;
+import org.baeldung.methodsecurity.entity.CustomUser;
+import org.baeldung.methodsecurity.repository.UserRoleRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PostAuthorize;
+import org.springframework.security.access.prepost.PostFilter;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreFilter;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserRoleService {
+
+    @Autowired
+    UserRoleRepository userRoleRepository;
+
+    @Secured("ROLE_VIEWER")
+    public String getUsername() {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getName();
+    }
+
+    @Secured({ "ROLE_VIEWER", "ROLE_EDITOR" })
+    public boolean isValidUsername(String username) {
+        return userRoleRepository.isValidUsername(username);
+    }
+
+    @RolesAllowed("ROLE_VIEWER")
+    public String getUsername2() {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getName();
+    }
+
+    @RolesAllowed({ "ROLE_VIEWER", "ROLE_EDITOR" })
+    public boolean isValidUsername2(String username) {
+        return userRoleRepository.isValidUsername(username);
+    }
+
+    @PreAuthorize("hasRole('ROLE_VIEWER')")
+    public String getUsernameInUpperCase() {
+        return getUsername().toUpperCase();
+    }
+
+    @PreAuthorize("hasAuthority('SYS_ADMIN')")
+    public String getUsernameLC() {
+        return getUsername().toLowerCase();
+    }
+
+    @PreAuthorize("hasRole('ROLE_VIEWER') or hasRole('ROLE_EDITOR')")
+    public boolean isValidUsername3(String username) {
+        return userRoleRepository.isValidUsername(username);
+    }
+
+    @PreAuthorize("#username == authentication.principal.username")
+    public String getMyRoles(String username) {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+    }
+
+    @PostAuthorize("#username == authentication.principal.username")
+    public String getMyRoles2(String username) {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+    }
+
+    @PostAuthorize("returnObject.username == authentication.principal.nickName")
+    public CustomUser loadUserDetail(String username) {
+        return userRoleRepository.loadUserByUserName(username);
+    }
+
+    @PreFilter("filterObject != authentication.principal.username")
+    public String joinUsernames(List<String> usernames) {
+        return usernames.stream().collect(Collectors.joining(";"));
+    }
+
+    @PreFilter(value = "filterObject != authentication.principal.username", filterTarget = "usernames")
+    public String joinUsernamesAndRoles(List<String> usernames, List<String> roles) {
+        return usernames.stream().collect(Collectors.joining(";")) + ":" + roles.stream().collect(Collectors.joining(";"));
+    }
+
+    @PostFilter("filterObject != authentication.principal.username")
+    public List<String> getAllUsernamesExceptCurrent() {
+        return userRoleRepository.getAllUsernames();
+    }
+
+    @IsViewer
+    public String getUsername4() {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getName();
+    }
+
+    @PreAuthorize("#username == authentication.principal.username")
+    @PostAuthorize("returnObject.username == authentication.principal.nickName")
+    public CustomUser securedLoadUserDetail(String username) {
+        return userRoleRepository.loadUserByUserName(username);
+    }
+
+}

spring-security-core/src/main/java/org/baeldung/testmethodsecurity/repository/UserRoleRepository.java

@@ -1,41 +0,0 @@
-package org.baeldung.testmethodsecurity.repository;
-
-import java.util.ArrayList;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.baeldung.testmethodsecurity.entity.CustomUser;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Service;
-
-@Service
-public class UserRoleRepository {
-    
-    static Map<String,CustomUser> DB_BASED_USER_MAPPING;
-    
-    static{
-        DB_BASED_USER_MAPPING = new LinkedHashMap<>();
-        DB_BASED_USER_MAPPING.put("jane", new CustomUser("jane","1234", getGrantedAuthorities("ROLE_USER","ROLE_VIEWER"),"jane"));
-        DB_BASED_USER_MAPPING.put("john", new CustomUser("john","1234", getGrantedAuthorities("ROLE_EDITOR","ROLE_ADMIN"),"jane"));
-        DB_BASED_USER_MAPPING.put("jack", new CustomUser("jack","1234", getGrantedAuthorities("ROLE_USER","ROLE_REVIEWER"),"jane"));
-    }
-    
-    private static List<GrantedAuthority> getGrantedAuthorities(String...roles){
-        ArrayList<GrantedAuthority> authorities = new ArrayList<>();
-        for (String role : roles){
-            authorities.add(new SimpleGrantedAuthority(role));
-        }
-        return authorities;
-    }
-    
-    public CustomUser loadUserByUserName(String username){
-        if (DB_BASED_USER_MAPPING.containsKey(username)){
-            return DB_BASED_USER_MAPPING.get(username);
-        }
-       throw new UsernameNotFoundException("User "+username+" cannot be found");
-    }
-    
-}

spring-security-core/src/main/java/org/baeldung/testmethodsecurity/service/UserRoleService.java

@@ -1,29 +0,0 @@
-package org.baeldung.testmethodsecurity.service;
-
-import org.baeldung.testmethodsecurity.entity.CustomUser;
-import org.baeldung.testmethodsecurity.repository.UserRoleRepository;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PostAuthorize;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Service;
-
-@Service
-public class UserRoleService {
-    
-    @Autowired
-    UserRoleRepository userRoleRepository;
-    
-    @PreAuthorize("hasRole('ROLE_VIEWER') or hasAuthority('SYS_ADMIN')")
-    public String getUsername(){
-        SecurityContext securityContext = SecurityContextHolder.getContext();
-        return securityContext.getAuthentication().getName();
-    }
-    
-    @PostAuthorize("returnObject.username == authentication.principal.nickName")
-    public CustomUser loadUserDetail(String username){
-        return userRoleRepository.loadUserByUserName(username);
-    }
-    
-}

spring-security-core/src/test/java/org/baeldung/methodsecurity/TestClassLevelSecurity.java

@@ -0,0 +1,49 @@
+package org.baeldung.methodsecurity;
+
+import static org.junit.Assert.*;
+
+import org.baeldung.methodsecurity.service.SystemService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@ContextConfiguration
+public class TestClassLevelSecurity {
+    
+    @Autowired
+    SystemService systemService;
+    
+    @Configuration
+    @ComponentScan("org.baeldung.methodsecurity.*")
+    public static class SpringConfig {
+
+    }
+    
+    @Test
+    @WithMockUser(username="john",roles={"ADMIN"})
+    public void givenRoleAdmin_whenCallGetSystemYear_return2017(){
+        String systemYear = systemService.getSystemYear();
+        assertEquals("2017",systemYear);
+    }
+    
+    @Test(expected=AccessDeniedException.class)
+    @WithMockUser(username="john",roles={"VIEWER"})
+    public void givenRoleViewer_whenCallGetSystemYear_returnAccessDenied(){
+        String systemYear = systemService.getSystemYear();
+        assertEquals("2017",systemYear);
+    }
+    
+    @Test
+    @WithMockUser(username="john",roles={"ADMIN"})
+    public void givenRoleAdmin_whenCallGetSystemDate_returnDate(){
+        String systemYear = systemService.getSystemDate();
+        assertEquals("31-12-2017",systemYear);
+    }
+}

spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java

@@ -0,0 +1,176 @@
+package org.baeldung.methodsecurity;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.baeldung.methodsecurity.service.UserRoleService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.test.context.support.WithAnonymousUser;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@ContextConfiguration
+public class TestMethodSecurity {
+
+    @Autowired
+    UserRoleService userRoleService;
+
+    @Configuration
+    @ComponentScan("org.baeldung.methodsecurity.*")
+    public static class SpringConfig {
+
+    }
+
+    @Test(expected = AuthenticationCredentialsNotFoundException.class)
+    public void givenNoSecurity_whenCallGetUsername_thenReturnException() {
+        String userName = userRoleService.getUsername();
+        assertEquals("john", userName);
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "VIEWER" })
+    public void givenRoleViewer_whenCallGetUsername_thenReturnUsername() {
+        String userName = userRoleService.getUsername();
+        assertEquals("john", userName);
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "EDITOR" })
+    public void givenUsernameJohn_whenCallIsValidUsername_thenReturnTrue() {
+        boolean isValid = userRoleService.isValidUsername("john");
+        assertEquals(true, isValid);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "ADMIN" })
+    public void givenRoleAdmin_whenCallGetUsername_thenReturnAccessDenied() {
+        userRoleService.getUsername();
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "USER" })
+    public void givenRoleUser_whenCallGetUsername2_thenReturnAccessDenied() {
+        userRoleService.getUsername2();
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "VIEWER", "EDITOR" })
+    public void givenRoleViewer_whenCallGetUsername2_thenReturnUsername() {
+        String userName = userRoleService.getUsername2();
+        assertEquals("john", userName);
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "VIEWER" })
+    public void givenUsernameJerry_whenCallIsValidUsername2_thenReturnFalse() {
+        boolean isValid = userRoleService.isValidUsername2("jerry");
+        assertEquals(false, isValid);
+    }
+
+    @Test
+    @WithMockUser(username = "JOHN", authorities = { "SYS_ADMIN" })
+    public void givenAuthoritySysAdmin_whenCallGetUsernameInLowerCase_thenReturnUsername() {
+        String username = userRoleService.getUsernameLC();
+        assertEquals("john", username);
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJohn_whenCallGetMyRolesWithJohn_thenReturnRoles() {
+        String roles = userRoleService.getMyRoles("john");
+        assertEquals("ROLE_ADMIN,ROLE_USER,ROLE_VIEWER", roles);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJane_whenCallGetMyRolesWithJane_thenAccessDenied() {
+        userRoleService.getMyRoles("jane");
+    }
+    
+    @Test
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJohn_whenCallGetMyRoles2WithJohn_thenReturnRoles() {
+        String roles = userRoleService.getMyRoles2("john");
+        assertEquals("ROLE_ADMIN,ROLE_USER,ROLE_VIEWER", roles);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJane_whenCallGetMyRoles2WithJane_thenAccessDenied() {
+        userRoleService.getMyRoles2("jane");
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithAnonymousUser
+    public void givenAnomynousUser_whenCallGetUsername_thenAccessDenied() {
+        userRoleService.getUsername();
+    }
+
+    @Test
+    @WithMockJohnViewer
+    public void givenMockedJohnViewer_whenCallGetUsername_thenReturnUsername() {
+        String userName = userRoleService.getUsername();
+        assertEquals("john", userName);
+    }
+
+    @Test
+    @WithMockUser(username = "jane")
+    public void givenListContainCurrentUsername_whenJoinUsernames_thenReturnUsernames() {
+        List<String> usernames = new ArrayList<>();
+        usernames.add("jane");
+        usernames.add("john");
+        usernames.add("jack");
+        String containCurrentUser = userRoleService.joinUsernames(usernames);
+        assertEquals("john;jack", containCurrentUser);
+    }
+
+    @Test
+    @WithMockUser(username = "john")
+    public void givenListContainCurrentUsername_whenCallJoinUsernamesAndRoles_thenReturnUsernameAndRoles() {
+        List<String> usernames = new ArrayList<>();
+        usernames.add("jane");
+        usernames.add("john");
+        usernames.add("jack");
+
+        List<String> roles = new ArrayList<>();
+        roles.add("ROLE_ADMIN");
+        roles.add("ROLE_TEST");
+
+        String containCurrentUser = userRoleService.joinUsernamesAndRoles(usernames, roles);
+        assertEquals("jane;jack:ROLE_ADMIN;ROLE_TEST", containCurrentUser);
+    }
+
+    @Test
+    @WithMockUser(username = "john")
+    public void givenUserJohn_whenCallGetAllUsernamesExceptCurrent_thenReturnOtherusernames() {
+        List<String> others = userRoleService.getAllUsernamesExceptCurrent();
+        assertEquals(2, others.size());
+        assertTrue(others.contains("jane"));
+        assertTrue(others.contains("jack"));
+    }
+
+    @Test
+    @WithMockUser(username = "john", roles = { "VIEWER" })
+    public void givenRoleViewer_whenCallGetUsername4_thenReturnUsername() {
+        String userName = userRoleService.getUsername4();
+        assertEquals("john", userName);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john")
+    public void givenDefaultRole_whenCallGetUsername4_thenAccessDenied() {
+        userRoleService.getUsername4();
+    }
+
+}

spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithMockUserAtClassLevel.java

@@ -1,8 +1,8 @@
-package org.baeldung.testmethodsecurity;
+package org.baeldung.methodsecurity;
 
 import static org.junit.Assert.assertEquals;
 
-import org.baeldung.testmethodsecurity.service.UserRoleService;
+import org.baeldung.methodsecurity.service.UserRoleService;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,20 +14,20 @@ import org.springframework.test.context.junit4.SpringRunner;
 
 @RunWith(SpringRunner.class)
 @ContextConfiguration
-@WithMockUser(username="john",roles={"VIEWER"})
+@WithMockUser(username = "john", roles = { "VIEWER" })
 public class TestWithMockUserAtClassLevel {
-    
+
     @Test
-    public void givenRoleViewer_whenCallGetUsername_thenReturnUsername(){
+    public void givenRoleViewer_whenCallGetUsername_thenReturnUsername() {
         String currentUserName = userService.getUsername();
-        assertEquals("john",currentUserName);
+        assertEquals("john", currentUserName);
     }
-    
+
     @Autowired
     UserRoleService userService;
-    
+
     @Configuration
-    @ComponentScan("org.baeldung.testmethodsecurity.*")
+    @ComponentScan("org.baeldung.methodsecurity.*")
     public static class SpringConfig {
 
     }

spring-security-core/src/test/java/org/baeldung/methodsecurity/TestWithUserDetails.java

@@ -0,0 +1,56 @@
+package org.baeldung.methodsecurity;
+
+import static org.junit.Assert.assertEquals;
+
+import org.baeldung.methodsecurity.entity.CustomUser;
+import org.baeldung.methodsecurity.service.UserRoleService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.test.context.support.WithUserDetails;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@ContextConfiguration
+public class TestWithUserDetails {
+
+    @Autowired
+    UserRoleService userService;
+
+    @Configuration
+    @ComponentScan("org.baeldung.methodsecurity.*")
+    public static class SpringConfig {
+
+    }
+
+    @Test
+    @WithUserDetails(value = "john", userDetailsServiceBeanName = "userDetailService")
+    public void whenJohn_callLoadUserDetail_thenOK() {
+        CustomUser user = userService.loadUserDetail("jane");
+        assertEquals("jane", user.getNickName());
+    }
+
+    @Test
+    @WithUserDetails(value = "jane", userDetailsServiceBeanName = "userDetailService")
+    public void givenJane_callSecuredLoadUserDetailWithJane_thenOK() {
+        CustomUser user = userService.securedLoadUserDetail("jane");
+        assertEquals("jane", user.getNickName());
+        assertEquals("jane", user.getUsername());
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithUserDetails(value = "john", userDetailsServiceBeanName = "userDetailService")
+    public void givenJohn_callSecuredLoadUserDetailWithJane_thenAccessDenied() {
+        userService.securedLoadUserDetail("jane");
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithUserDetails(value = "john", userDetailsServiceBeanName = "userDetailService")
+    public void givenJohn_callSecuredLoadUserDetailWithJohn_thenAccessDenied() {
+        userService.securedLoadUserDetail("john");
+    }
+}

spring-security-core/src/test/java/org/baeldung/methodsecurity/WithMockJohnViewer.java

@@ -1,4 +1,4 @@
-package org.baeldung.testmethodsecurity;
+package org.baeldung.methodsecurity;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;

spring-security-core/src/test/java/org/baeldung/testmethodsecurity/TestMethodSecurity.java

@@ -1,57 +0,0 @@
-package org.baeldung.testmethodsecurity;
-
-import static org.junit.Assert.assertEquals;
-
-import org.baeldung.testmethodsecurity.service.UserRoleService;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.test.context.support.WithAnonymousUser;
-import org.springframework.security.test.context.support.WithMockUser;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
-
-@RunWith(SpringRunner.class)
-@ContextConfiguration
-public class TestMethodSecurity{
-    
-    @Autowired
-    UserRoleService userRoleService;
-    
-    @Configuration
-    @ComponentScan("org.baeldung.testmethodsecurity.*")
-    public static class SpringConfig {
-
-    }
-    
-    @Test
-    @WithMockUser(username="john",roles={"VIEWER"})
-    public void givenRoleViewer_whenCallGetUsername_thenReturnUsername(){
-        String userName = userRoleService.getUsername();
-        assertEquals("john", userName);
-    }
-    
-    @Test
-    @WithMockUser(username="john",authorities={"SYS_ADMIN"})
-    public void givenAuthoritySysAdmin_whenCallGetUsername_thenReturnUsername(){
-        String userName = userRoleService.getUsername();
-        assertEquals("john", userName);
-    }
-    
-    @Test(expected=AccessDeniedException.class)
-    @WithAnonymousUser
-    public void givenAnomynousUser_whenCallGetUsername_thenAccessDenied(){
-        userRoleService.getUsername();
-    }
-    
-    @Test
-    @WithMockJohnViewer
-    public void givenMockedJohnViewer_whenCallGetUsername_thenReturnUsername(){
-        String userName = userRoleService.getUsername();
-        assertEquals("john", userName);
-    }
-    
-}

spring-security-core/src/test/java/org/baeldung/testmethodsecurity/TestWithUserDetails.java

@@ -1,35 +0,0 @@
-package org.baeldung.testmethodsecurity;
-
-import static org.junit.Assert.assertEquals;
-
-import org.baeldung.testmethodsecurity.entity.CustomUser;
-import org.baeldung.testmethodsecurity.service.UserRoleService;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.test.context.support.WithUserDetails;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringRunner;
-
-@RunWith(SpringRunner.class)
-@ContextConfiguration
-public class TestWithUserDetails {
-    
-    @Autowired
-    UserRoleService userService;
-    
-    @Configuration
-    @ComponentScan("org.baeldung.testmethodsecurity.*")
-    public static class SpringConfig {
-
-    }
-    
-    @Test
-    @WithUserDetails(value="john",userDetailsServiceBeanName="userDetailService")
-    public void whenJohn_callLoadUserDetail_thenOK(){
-        CustomUser user = userService.loadUserDetail("jane");
-        assertEquals("jane",user.getNickName());
-    }
-}