2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.fe.servlets;
23 import org.glassfish.jersey.internal.inject.AbstractBinder;
24 import org.glassfish.jersey.server.ResourceConfig;
25 import org.glassfish.jersey.test.JerseyTest;
26 import org.junit.After;
27 import org.junit.BeforeClass;
28 import org.junit.Test;
29 import org.mockito.Mockito;
30 import org.mockito.stubbing.Answer;
31 import org.onap.sdc.security.CipherUtil;
32 import org.openecomp.sdc.common.api.Constants;
33 import org.openecomp.sdc.fe.config.Configuration;
34 import org.openecomp.sdc.fe.config.ConfigurationManager;
36 import javax.servlet.RequestDispatcher;
37 import javax.servlet.ServletContext;
38 import javax.servlet.ServletException;
39 import javax.servlet.ServletRequest;
40 import javax.servlet.ServletResponse;
41 import javax.servlet.http.Cookie;
42 import javax.servlet.http.HttpServletRequest;
43 import javax.servlet.http.HttpServletResponse;
44 import javax.servlet.http.HttpSession;
45 import javax.ws.rs.core.Application;
46 import java.io.IOException;
47 import java.util.ArrayList;
48 import java.util.List;
50 import static org.glassfish.jersey.test.TestProperties.CONTAINER_PORT;
51 import static org.junit.Assert.assertFalse;
52 import static org.junit.Assert.assertTrue;
53 import static org.mockito.Mockito.times;
54 import static org.mockito.Mockito.verify;
55 import static org.mockito.Mockito.when;
58 public class PortalServletTest extends JerseyTest {
60 private final static HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
61 private final static HttpSession httpSession = Mockito.mock(HttpSession.class);
62 private final static ServletContext servletContext = Mockito.mock(ServletContext.class);
63 private final static ConfigurationManager configurationManager = Mockito.mock(ConfigurationManager.class);
64 private final static Configuration configuration = Mockito.mock(Configuration.class);
65 private final static HttpServletResponse response = Mockito.spy(HttpServletResponse.class);
66 private final static RequestDispatcher rd = Mockito.spy(RequestDispatcher.class);
67 private static CipherUtil cipherUtil = Mockito.mock(CipherUtil.class);
68 final static Configuration.CookieConfig cookieConfiguration = Mockito.mock(Configuration.CookieConfig.class);
70 @SuppressWarnings("serial")
72 public static void setUpTests() {
73 when(request.getRequestDispatcher(Mockito.anyString())).thenReturn(rd);
74 when(request.getSession()).thenReturn(httpSession);
75 when(httpSession.getServletContext()).thenReturn(servletContext);
76 when(servletContext.getAttribute(Constants.CONFIGURATION_MANAGER_ATTR)).thenReturn(configurationManager);
77 when(configurationManager.getConfiguration()).thenReturn(configuration);
78 when(configuration.getAuthCookie()).thenReturn(cookieConfiguration);
79 List<List<String>> mandatoryHeaders = new ArrayList<>();
80 mandatoryHeaders.add(new ArrayList<String>() {
86 mandatoryHeaders.add(new ArrayList<String>() {
88 add("HTTP_CSP_ATTUID");
92 mandatoryHeaders.add(new ArrayList<String>() {
98 mandatoryHeaders.add(new ArrayList<String>() {
100 add("HTTP_CSP_WSTYPE");
101 add("csp-wstype csp-wstype");
105 List<List<String>> optionalHeaders = new ArrayList<>();
106 optionalHeaders.add(new ArrayList<String>() {
108 add("HTTP_CSP_FIRSTNAME");
109 add("csp-firstname");
112 optionalHeaders.add(new ArrayList<String>() {
114 add("HTTP_CSP_LASTNAME");
118 optionalHeaders.add(new ArrayList<String>() {
120 add("HTTP_IV_REMOTE_ADDRESS");
121 add("iv-remote-address");
125 when(configuration.getIdentificationHeaderFields()).thenReturn(mandatoryHeaders);
126 when(configuration.getOptionalHeaderFields()).thenReturn(optionalHeaders);
131 public void tearDown() {
132 Mockito.reset(response, rd);
136 public void testMissingHeadersRequest() throws IOException {
137 when(request.getHeader(Mockito.anyString())).thenReturn(null);
138 when(request.getCookies()).thenReturn(getCookies());
139 target().path("/portal").request().get();
140 Mockito.verify(response, times(1)).sendError(HttpServletResponse.SC_USE_PROXY, PortalServlet.MISSING_HEADERS_MSG);
144 public void testSuccessfulRequest() throws IOException, ServletException {
145 ConfigurationManager.setTestInstance(configurationManager);
146 when(configuration.getAuthCookie().getCookieName()).thenReturn("cookieName");
147 when(configuration.getAuthCookie().getPath()).thenReturn("/");
148 when(configuration.getAuthCookie().getDomain()).thenReturn("");
149 when(configuration.getAuthCookie().getSecurityKey()).thenReturn("");
150 Mockito.doAnswer((Answer<Object>) invocation -> {
151 Object[] args = invocation.getArguments();
152 return (String) args[0];
153 }).when(request).getHeader(Mockito.anyString());
154 target().path("/portal").request().get();
155 verify(rd).forward(Mockito.any(ServletRequest.class), Mockito.any(ServletResponse.class));
160 public void testSuccessfullAddofAuthCookie() throws IOException, ServletException {
161 ConfigurationManager.setTestInstance(configurationManager);
162 when(configuration.getAuthCookie().getCookieName()).thenReturn("cookieName");
163 when(configuration.getAuthCookie().getPath()).thenReturn("/");
164 when(configuration.getAuthCookie().getDomain()).thenReturn("");
165 when(configuration.getAuthCookie().getSecurityKey()).thenReturn("AGLDdG4D04BKm2IxIWEr8o==");
166 PortalServlet pp = new PortalServlet();
167 assertTrue(pp.addAuthCookie(response,"user", "test" ,"User"));
171 public void testFailureMissingCookieConfiguration() throws IOException {
173 //missing configuration mock therefore will fail
174 PortalServlet pp = new PortalServlet();
175 pp.doGet(request,response);
176 assertFalse(pp.addAuthCookie(response,"user", "test" ,"User"));
183 protected Application configure() {
184 // Use any available port - this allows us to run the BE tests in parallel with this one.
185 forceSet(CONTAINER_PORT, "0");
186 ResourceConfig resourceConfig = new ResourceConfig(PortalServlet.class);
188 resourceConfig.register(new AbstractBinder() {
190 protected void configure() {
191 bind(request).to(HttpServletRequest.class);
192 bind(response).to(HttpServletResponse.class);
198 return resourceConfig;
201 private Cookie[] getCookies() {
202 Cookie[] cookies = new Cookie [1];
203 cookies[0] = new Cookie("someName", "aaa");