2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Modifications Copyright (C) 2019 Samsung
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.pdp.rest.auth.test;
25 import static org.mockito.Mockito.mock;
26 import static org.mockito.Mockito.verify;
27 import static org.mockito.Mockito.when;
28 import com.att.research.xacml.util.XACMLProperties;
29 import com.mockrunner.mock.web.MockRequestDispatcher;
30 import java.io.IOException;
31 import javax.servlet.FilterChain;
32 import javax.servlet.ServletException;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import org.junit.Before;
36 import org.junit.Test;
37 import org.onap.policy.pdp.rest.restauth.PdpAuthenticationFilter;
39 public class FilterTest {
40 private PdpAuthenticationFilter authenticationFilter = new PdpAuthenticationFilter();
41 private final String VALIDHEADERVALUE = "Basic cHl0aG9uOnRlc3Q=";
44 public void setUp() throws Exception {
45 authenticationFilter.init(null);
46 XACMLProperties.reloadProperties();
47 System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "src/test/resources/pass.xacml.pdp.properties");
48 XACMLProperties.getProperties();
52 public void testDoFilterError() throws IOException, ServletException {
53 // create the objects to be mocked
54 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
55 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
56 FilterChain filterChain = mock(FilterChain.class);
58 when(httpServletRequest.getRequestURI()).thenReturn("error");
59 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
60 // verify if unauthorized
61 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
65 public void testDoFilterNotification() throws IOException, ServletException {
66 // create the objects to be mocked
67 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
68 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
69 FilterChain filterChain = mock(FilterChain.class);
71 when(httpServletRequest.getRequestURI()).thenReturn("notifications");
72 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
73 verify(filterChain).doFilter(httpServletRequest, httpServletResponse);
77 public void testDoFilterSwagger() throws Exception {
78 // create the objects to be mocked
79 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
80 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
81 FilterChain filterChain = mock(FilterChain.class);
83 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/swagger");
84 when(httpServletRequest.getRequestDispatcher("/api/swagger")).thenReturn(new MockRequestDispatcher());
85 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
86 verify(httpServletRequest).getRequestDispatcher("/api/swagger");
87 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api-docs/");
88 when(httpServletRequest.getRequestDispatcher("/api/api-docs/")).thenReturn(new MockRequestDispatcher());
89 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
90 verify(httpServletRequest).getRequestDispatcher("/api/api-docs/");
91 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/configuration");
92 when(httpServletRequest.getRequestDispatcher("/api/configuration")).thenReturn(new MockRequestDispatcher());
93 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
94 verify(httpServletRequest).getRequestDispatcher("/api/configuration");
98 public void newRequestAuthFailTest() throws Exception {
99 // create the objects to be mocked
100 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
101 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
102 FilterChain filterChain = mock(FilterChain.class);
104 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
105 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
106 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
107 // verify if unauthorized
108 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
112 public void tokenFailureTest() throws Exception {
113 // create the objects to be mocked
114 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
115 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
116 FilterChain filterChain = mock(FilterChain.class);
118 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
119 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
120 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
121 // verify if unauthorized
122 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
126 public void oldRequestAuthPassTest() throws Exception {
127 // create the objects to be mocked
128 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
129 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
130 FilterChain filterChain = mock(FilterChain.class);
131 // New request no environment header check
132 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
133 when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
134 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
135 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
136 // verify if authorized
137 verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
139 // Old Requests Checks
141 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
142 when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
143 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
144 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
145 // verify if authorized
146 verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
150 public void newRequestAuthPassTest() throws Exception {
151 // create the objects to be mocked
152 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
153 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
154 FilterChain filterChain = mock(FilterChain.class);
156 // Requests with Valid Environment Header values.
158 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
159 when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
160 when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
161 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
162 when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
163 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
164 // verify if authorized
165 verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
166 // New request no environment header check
167 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
168 when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
169 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
170 when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
171 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
172 // verify if authorized
173 verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
176 // Requests with InValid Environment Header
178 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
179 when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
180 when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
181 when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
182 when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
183 authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
184 // verify if unauthorized
185 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);