[DS-2646]: Workflow Endpoints now need authenticated access + tests:

WorkflowDefinition, WorkflowActions & WorkflowSteps Endpoints

dspace-server-webapp/src/main/java/org/dspace/app/rest/WorkflowDefinitionController.java

@@ -23,6 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.ResourceNotFoundException;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -56,6 +57,7 @@ public class WorkflowDefinitionController {
      * @return List of collections mapped to the requested workflow
      */
     @RequestMapping(method = RequestMethod.GET, value = "/{workflowName}/collections")
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public Page<CollectionRest> getCollections(HttpServletRequest request, @PathVariable String workflowName,
                                                Pageable pageable) {
         if (xmlWorkflowFactory.workflowByThisNameExists(workflowName)) {

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkflowActionRestRepository.java

@@ -16,6 +16,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.ResourceNotFoundException;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;
 
 /**
@@ -30,6 +31,7 @@ public class WorkflowActionRestRepository extends DSpaceRestRepository<WorkflowA
     protected XmlWorkflowFactory xmlWorkflowFactory;
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public WorkflowActionRest findOne(Context context, String workflowActionName) {
         WorkflowActionConfig actionConfig = this.xmlWorkflowFactory.getActionByName(workflowActionName);
         if (actionConfig != null) {
@@ -41,6 +43,7 @@ public class WorkflowActionRestRepository extends DSpaceRestRepository<WorkflowA
     }
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public Page<WorkflowActionRest> findAll(Context context, Pageable pageable) {
         throw new RepositoryMethodNotImplementedException(WorkflowActionRest.NAME, "findAll");
     }

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkflowDefinitionRestRepository.java

@@ -24,6 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.ResourceNotFoundException;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;
 
 /**
@@ -41,6 +42,7 @@ public class WorkflowDefinitionRestRepository extends DSpaceRestRepository<Workf
     private CollectionService collectionService;
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public WorkflowDefinitionRest findOne(Context context, String workflowName) {
         if (xmlWorkflowFactory.workflowByThisNameExists(workflowName)) {
             try {
@@ -56,6 +58,7 @@ public class WorkflowDefinitionRestRepository extends DSpaceRestRepository<Workf
     }
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public Page<WorkflowDefinitionRest> findAll(Context context, Pageable pageable) {
         List<Workflow> workflows = xmlWorkflowFactory.getAllConfiguredWorkflows();
         return converter.toRestPage(utils.getPage(workflows, pageable), utils.obtainProjection(true));
@@ -69,6 +72,7 @@ public class WorkflowDefinitionRestRepository extends DSpaceRestRepository<Workf
      * @return the workflow definition for this collection
      */
     @SearchRestMethod(name = "findByCollection")
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public WorkflowDefinitionRest findByCollection(@Parameter(value = "uuid") UUID collectionId) throws SQLException {
         Context context = obtainContext();
         Collection collectionFromUuid = collectionService.find(context, collectionId);

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkflowStepRestRepository.java

@@ -16,6 +16,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.ResourceNotFoundException;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;
 
 /**
@@ -30,6 +31,7 @@ public class WorkflowStepRestRepository extends DSpaceRestRepository<WorkflowSte
     protected XmlWorkflowFactory xmlWorkflowFactory;
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public WorkflowStepRest findOne(Context context, String workflowStepName) {
         Step step = this.xmlWorkflowFactory.getStepByName(workflowStepName);
         if (step != null) {
@@ -41,6 +43,7 @@ public class WorkflowStepRestRepository extends DSpaceRestRepository<WorkflowSte
     }
 
     @Override
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public Page<WorkflowStepRest> findAll(Context context, Pageable pageable) {
         throw new RepositoryMethodNotImplementedException(WorkflowStepRest.NAME, "findAll");
     }

dspace-server-webapp/src/test/java/org/dspace/app/rest/WorkflowActionRestRepositoryIT.java

@@ -37,27 +37,47 @@ public class WorkflowActionRestRepositoryIT extends AbstractControllerIntegratio
 
     @Test
     public void getAllWorkflowActions_NonImplementedEndpoint() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT))
             //We expect a 405 Method not allowed status
             .andExpect(status().isMethodNotAllowed());
     }
 
+    @Test
+    public void getAllWorkflowActions_NonImplementedEndpoint_NonValidToken() throws Exception {
+        String token = "nonValidToken";
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getAllWorkflowActions_NonImplementedEndpoint_NoToken() throws Exception {
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
+
     @Test
     public void getWorkflowActionByName_NonExistentWorkflowAction() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nameNonExistentWorkflowActionName = "TestNameNonExistentWorkflowAction9999";
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameNonExistentWorkflowActionName))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameNonExistentWorkflowActionName))
             //We expect a 404 Not Found status
             .andExpect(status().isNotFound());
     }
 
     @Test
     public void getWorkflowActionByName_ExistentWithOptions_editaction() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nameActionWithOptions = "editaction";
         WorkflowActionConfig existentWorkflow = xmlWorkflowFactory.getActionByName(nameActionWithOptions);
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithOptions))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithOptions))
             //We expect a 200 is ok status
             .andExpect(status().isOk())
             // has options
@@ -70,10 +90,11 @@ public class WorkflowActionRestRepositoryIT extends AbstractControllerIntegratio
 
     @Test
     public void getWorkflowActionByName_ExistentWithoutOptions_claimaction() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nameActionWithoutOptions = "claimaction";
         WorkflowActionConfig existentWorkflowNoOptions = xmlWorkflowFactory.getActionByName(nameActionWithoutOptions);
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithoutOptions))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithoutOptions))
             //We expect a 200 is ok status
             .andExpect(status().isOk())
             // has no options
@@ -83,4 +104,25 @@ public class WorkflowActionRestRepositoryIT extends AbstractControllerIntegratio
                 WorkflowActionMatcher.matchWorkflowActionEntry(existentWorkflowNoOptions)
             )));
     }
+
+    @Test
+    public void getWorkflowActionByName_ExistentWithOptions_NonValidToken() throws Exception {
+        String token = "nonValidToken";
+        String nameActionWithOptions = "editaction";
+        WorkflowActionConfig existentWorkflow = xmlWorkflowFactory.getActionByName(nameActionWithOptions);
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithOptions))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getWorkflowActionByName_ExistentWithOptions_NoToken() throws Exception {
+        String nameActionWithOptions = "editaction";
+        WorkflowActionConfig existentWorkflow = xmlWorkflowFactory.getActionByName(nameActionWithOptions);
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameActionWithOptions))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
 }

dspace-server-webapp/src/test/java/org/dspace/app/rest/WorkflowDefinitionRestRepositoryIT.java

@@ -47,9 +47,10 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getAllWorkflowDefinitionsEndpoint() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         List<Workflow> allConfiguredWorkflows = xmlWorkflowFactory.getAllConfiguredWorkflows();
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT))
             //We expect a 200 OK status
             .andExpect(status().isOk())
             //Number of total workflows is equals to number of configured workflows
@@ -60,9 +61,10 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getAllWorkflowDefinitionsEndpoint_Pagination_Size1() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         List<Workflow> allConfiguredWorkflows = xmlWorkflowFactory.getAllConfiguredWorkflows();
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT)
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT)
             .param("size", "1"))
             //We expect a 200 OK status
             .andExpect(status().isOk())
@@ -86,9 +88,10 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getAllWorkflowDefinitionsEndpoint_Pagination_Size1_Page1() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         List<Workflow> allConfiguredWorkflows = xmlWorkflowFactory.getAllConfiguredWorkflows();
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT)
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT)
             .param("size", "1")
             .param("page", "1"))
             //We expect a 200 OK status
@@ -111,12 +114,30 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
             )));
     }
 
+    @Test
+    public void getAllWorkflowDefinitionsEndpoint_NonValidToken() throws Exception {
+        String token = "NonValidToken";
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getAllWorkflowDefinitionsEndpoint_NoToken() throws Exception {
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
+
     @Test
     public void getWorkflowDefinitionByName_DefaultWorkflow() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
         String workflowName = defaultWorkflow.getID();
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
             //We expect a 200 OK status
             .andExpect(status().isOk())
             //There needs to be a self link to this endpoint
@@ -129,6 +150,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getWorkflowDefinitionByName_NonDefaultWorkflow() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
         List<Workflow> allConfiguredWorkflows = xmlWorkflowFactory.getAllConfiguredWorkflows();
         String firstNonDefaultWorkflowName = "";
@@ -139,7 +161,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
         }
         if (StringUtils.isNotBlank(firstNonDefaultWorkflowName)) {
             //When we call this facets endpoint
-            getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + firstNonDefaultWorkflowName))
+            getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + firstNonDefaultWorkflowName))
                 //We expect a 200 OK status
                 .andExpect(status().isOk())
                 //There needs to be a self link to this endpoint
@@ -153,15 +175,38 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getWorkflowDefinitionByName_NonExistentWorkflow() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String workflowName = "TestNameNonExistentWorkflow9999";
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
             //We expect a 404 Not Found status
             .andExpect(status().isNotFound());
     }
 
+    @Test
+    public void getWorkflowDefinitionByName_DefaultWorkflow_NonValidToken() throws Exception {
+        String token = "UnvalidToken";
+        Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
+        String workflowName = defaultWorkflow.getID();
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getWorkflowDefinitionByName_DefaultWorkflow_NoToken() throws Exception {
+        Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
+        String workflowName = defaultWorkflow.getID();
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
+
     @Test
     public void getWorkflowDefinitionByCollectionId_ExistentCollection() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         //We turn off the authorization system in order to create the structure as defined below
         context.turnOffAuthorisationSystem();
         //** GIVEN **
@@ -178,7 +223,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
         Workflow workflowForThisCollection = xmlWorkflowFactory.getWorkflow(col1);
 
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid=" + col1.getID()))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid=" + col1.getID()))
             //We expect a 200 OK status
             .andExpect(status().isOk())
             // its name is name of corresponding workflow
@@ -187,20 +232,22 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getWorkflowDefinitionByCollectionId_nonValidUUID() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nonValidUUID = "TestNonValidUUID";
 
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid=" + nonValidUUID))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid=" + nonValidUUID))
             //We expect a 422 Unprocessable Entity status
             .andExpect(status().is(422));
     }
 
     @Test
     public void getWorkflowDefinitionByCollectionId_nonExistentCollection() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         UUID nonExistentCollectionUUID = UUID.randomUUID();
 
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid="
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/search/findByCollection?uuid="
             + nonExistentCollectionUUID))
             //We expect a 404 Not Found status
             .andExpect(status().isNotFound());
@@ -208,11 +255,12 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getCollectionsOfWorkflowByName_DefaultWorkflow_AllNonMappedCollections() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
         List<Collection> allNonMappedCollections = xmlWorkflowFactory.getAllNonMappedCollectionsHandles(context);
 
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
             + "/collections"))
             //We expect a 200 OK status
             .andExpect(status().isOk())
@@ -223,6 +271,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
     @Test
     public void getCollectionsOfWorkflowByName_DefaultWorkflow_AllNonMappedCollections_Paginated_Size1()
         throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         //We turn off the authorization system in order to create the structure as defined below
         context.turnOffAuthorisationSystem();
         //** GIVEN **
@@ -248,7 +297,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
             Collection firstNonMappedCollection = allNonMappedCollections.get(0);
 
             //When we call this facets endpoint
-            getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
+            getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
                 + "/collections")
                 .param("size", "1"))
                 //We expect a 200 OK status
@@ -269,6 +318,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getCollectionsOfWorkflowByName_NonDefaultWorkflow() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         //We turn off the authorization system in order to create the structure as defined below
         context.turnOffAuthorisationSystem();
         //** GIVEN **
@@ -302,7 +352,7 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
                 //returns array of collection jsons that are mapped to given workflow
                 //When we call this facets endpoint
                 Collection firstMappedCollection = mappedCollections.get(0);
-                getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + firstNonDefaultWorkflowName
+                getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + firstNonDefaultWorkflowName
                     + "/collections")
                     .param("size", "1"))
                     //We expect a 200 OK status
@@ -332,11 +382,37 @@ public class WorkflowDefinitionRestRepositoryIT extends AbstractControllerIntegr
 
     @Test
     public void getCollectionsOfWorkflowByName_NonExistentWorkflow() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String workflowName = "TestNameNonExistentWorkflow9999";
 
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName + "/collections"))
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + workflowName + "/collections"))
             //We expect a 404 Not Found status
             .andExpect(status().isNotFound());
     }
+
+    @Test
+    public void getCollectionsOfWorkflowByName_DefaultWorkflow_NoValidToken() throws Exception {
+        String token = "NonValidToken";
+        Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
+        List<Collection> allNonMappedCollections = xmlWorkflowFactory.getAllNonMappedCollectionsHandles(context);
+
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
+            + "/collections"))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getCollectionsOfWorkflowByName_DefaultWorkflow_NoToken() throws Exception {
+        Workflow defaultWorkflow = xmlWorkflowFactory.getDefaultWorkflow();
+        List<Collection> allNonMappedCollections = xmlWorkflowFactory.getAllNonMappedCollectionsHandles(context);
+
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_DEFINITIONS_ENDPOINT + "/" + defaultWorkflow.getID()
+            + "/collections"))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
 }

dspace-server-webapp/src/test/java/org/dspace/app/rest/WorkflowStepRestRepositoryIT.java

@@ -23,6 +23,7 @@ import org.junit.Test;
 
 /**
  * Integration tests for the {@link WorkflowStepRestRepository} controlled endpoints
+ *
  * @author Maria Verdonck (Atmire) on 13/01/2020
  */
 public class WorkflowStepRestRepositoryIT extends AbstractControllerIntegrationTest {
@@ -34,27 +35,47 @@ public class WorkflowStepRestRepositoryIT extends AbstractControllerIntegrationT
 
     @Test
     public void getAllWorkflowSteps_NonImplementedEndpoint() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT))
             //We expect a 405 Method not allowed status
             .andExpect(status().isMethodNotAllowed());
     }
 
+    @Test
+    public void getAllWorkflowSteps_NonImplementedEndpoint_NonValidToken() throws Exception {
+        String token = "NonValidToken";
+        //When we call this facets endpoint
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+            //We expect a 403 Forbidden status
+            .andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void getAllWorkflowSteps_NonImplementedEndpoint_NoToken() throws Exception {
+        //When we call this facets endpoint
+        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT))
+            //We expect a 401 Unauthorized
+            .andExpect(status().isUnauthorized());
+    }
+
     @Test
     public void getWorkflowStepByName_NonExistentWorkflowStep() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nameNonExistentWorkflowActionName = "TestNameNonExistentWorkflowStep9999";
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameNonExistentWorkflowActionName))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameNonExistentWorkflowActionName))
             //We expect a 404 Not Found status
             .andExpect(status().isNotFound());
     }
 
     @Test
     public void getWorkflowStepByName_ExistentStep_reviewstep() throws Exception {
+        String token = getAuthToken(eperson.getEmail(), password);
         String nameStep = "reviewstep";
         Step existentStep = xmlWorkflowFactory.getStepByName(nameStep);
         //When we call this facets endpoint
-        getClient().perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameStep))
+        getClient(token).perform(get(WORKFLOW_ACTIONS_ENDPOINT + "/" + nameStep))
             //We expect a 200 is ok status
             .andExpect(status().isOk())
             //Matches expected step