2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pdp.rest.auth.test;
23 import static org.mockito.Mockito.mock;
24 import static org.mockito.Mockito.verify;
25 import static org.mockito.Mockito.when;
27 import java.io.IOException;
29 import javax.servlet.FilterChain;
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
34 import org.junit.Before;
35 import org.junit.Test;
36 import org.onap.policy.pdp.rest.restAuth.PDPAuthenticationFilter;
38 import com.att.research.xacml.util.XACMLProperties;
39 import com.mockrunner.mock.web.MockRequestDispatcher;
41 public class FilterTests {
43 private PDPAuthenticationFilter authenticationFilter = new PDPAuthenticationFilter();
44 private final String VALIDHEADERVALUE = "Basic dGVzdHBkcDphbHBoYTQ1Ng==";
47 public void setUp() throws Exception{
48 authenticationFilter.init(null);
49 XACMLProperties.reloadProperties();
50 System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "src/test/resources/pass.xacml.pdp.properties");
51 XACMLProperties.getProperties();
55 public void testDoFilterError() throws IOException, ServletException {
56 // create the objects to be mocked
57 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
58 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
59 FilterChain filterChain = mock(FilterChain.class);
61 when(httpServletRequest.getRequestURI()).thenReturn("error");
62 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
64 // verify if unauthorized
65 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
69 public void testDoFilterNotification() throws IOException, ServletException {
70 // create the objects to be mocked
71 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
72 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
73 FilterChain filterChain = mock(FilterChain.class);
75 when(httpServletRequest.getRequestURI()).thenReturn("notifications");
76 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
78 verify(filterChain).doFilter(httpServletRequest,httpServletResponse);
82 public void testDoFilterSwagger() throws Exception{
83 // create the objects to be mocked
84 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
85 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
86 FilterChain filterChain = mock(FilterChain.class);
88 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/swagger");
89 when(httpServletRequest.getRequestDispatcher("/api/swagger")).thenReturn(new MockRequestDispatcher());
90 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
92 verify(httpServletRequest).getRequestDispatcher("/api/swagger");
93 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api-docs/");
94 when(httpServletRequest.getRequestDispatcher("/api/api-docs/")).thenReturn(new MockRequestDispatcher());
95 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
97 verify(httpServletRequest).getRequestDispatcher("/api/api-docs/");
98 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/configuration");
99 when(httpServletRequest.getRequestDispatcher("/api/configuration")).thenReturn(new MockRequestDispatcher());
100 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
102 verify(httpServletRequest).getRequestDispatcher("/api/configuration");
106 public void newRequestAuthFailTest() throws Exception{
107 // create the objects to be mocked
108 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
109 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
110 FilterChain filterChain = mock(FilterChain.class);
112 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
113 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
114 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
116 // verify if unauthorized
117 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
121 public void tokenFailureTest() throws Exception{
122 // create the objects to be mocked
123 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
124 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
125 FilterChain filterChain = mock(FilterChain.class);
127 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
128 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
129 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
131 // verify if unauthorized
132 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
136 public void oldRequestAuthPassTest() throws Exception{
137 // create the objects to be mocked
138 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
139 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
140 FilterChain filterChain = mock(FilterChain.class);
141 // New request no environment header check
142 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
143 when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
144 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
145 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
147 // verify if authorized
148 verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
150 // Old Requests Checks
152 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
153 when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
154 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
155 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
157 // verify if authorized
158 verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
162 public void newRequestAuthPassTest() throws Exception{
163 // create the objects to be mocked
164 HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
165 HttpServletResponse httpServletResponse = mock(HttpServletResponse.class);
166 FilterChain filterChain = mock(FilterChain.class);
168 // Requests with Valid Environment Header values.
170 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
171 when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
172 when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
173 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
174 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
176 // verify if authorized
177 verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
178 // New request no environment header check
179 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
180 when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
181 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
182 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
184 // verify if authorized
185 verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
188 // Requests with InValid Environment Header
190 when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
191 when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
192 when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
193 when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
194 authenticationFilter.doFilter(httpServletRequest, httpServletResponse,
196 // verify if unauthorized
197 verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);