1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import org.apache.commons.lang3.reflect.FieldUtils;
26 import org.jetbrains.annotations.NotNull;
27 import org.json.JSONArray;
28 import org.json.JSONObject;
29 import org.junit.AfterClass;
30 import org.junit.Before;
31 import org.junit.BeforeClass;
32 import org.junit.Test;
33 import org.junit.runner.RunWith;
34 import org.mockito.Mock;
35 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
36 import org.onap.dmaap.datarouter.authz.Authorizer;
37 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
38 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
39 import org.onap.dmaap.datarouter.provisioning.utils.DB;
40 import org.powermock.modules.junit4.PowerMockRunner;
42 import javax.persistence.EntityManager;
43 import javax.persistence.EntityManagerFactory;
44 import javax.persistence.Persistence;
45 import javax.servlet.ServletInputStream;
46 import javax.servlet.ServletOutputStream;
47 import javax.servlet.http.HttpServletRequest;
48 import javax.servlet.http.HttpServletResponse;
49 import java.sql.SQLException;
50 import java.util.HashSet;
53 import static org.hamcrest.Matchers.notNullValue;
54 import static org.mockito.Mockito.*;
55 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
58 @RunWith(PowerMockRunner.class)
59 public class FeedServletTest extends DrServletTestBase {
61 private static FeedServlet feedServlet;
64 private HttpServletRequest request;
66 private HttpServletResponse response;
68 private static EntityManagerFactory emf;
69 private static EntityManager em;
73 public static void init() {
74 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
75 em = emf.createEntityManager();
77 "org.onap.dmaap.datarouter.provserver.properties",
78 "src/test/resources/h2Database.properties");
82 public static void tearDownClass() {
89 public void setUp() throws Exception {
90 feedServlet = new FeedServlet();
92 setAuthoriserToReturnRequestIsAuthorized();
93 setUpValidAuthorisedRequest();
94 setUpValidSecurityOnHttpRequest();
95 setUpValidContentHeadersAndJSONOnHttpRequest();
99 public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
101 when(request.isSecure()).thenReturn(false);
102 feedServlet.doDelete(request, response);
103 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
108 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
110 setBehalfHeader(null);
111 feedServlet.doDelete(request, response);
112 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
117 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
119 when(request.getPathInfo()).thenReturn(null);
120 feedServlet.doDelete(request, response);
121 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
126 public void Given_Request_Is_HTTP_DELETE_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
128 when(request.getPathInfo()).thenReturn("/123");
129 feedServlet.doDelete(request, response);
130 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
135 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
137 setAuthoriserToReturnRequestNotAuthorized();
138 feedServlet.doDelete(request, response);
139 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
144 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported()
146 FeedServlet feedServlet = new FeedServlet() {
147 protected boolean doUpdate(Updateable bean) {
151 feedServlet.doDelete(request, response);
153 .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
158 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated()
160 feedServlet.doDelete(request, response);
161 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
162 reinsertFeedIntoDb();
166 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
168 when(request.isSecure()).thenReturn(false);
169 feedServlet.doGet(request, response);
170 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
174 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
176 setBehalfHeader(null);
177 feedServlet.doGet(request, response);
178 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
183 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
185 when(request.getPathInfo()).thenReturn(null);
186 feedServlet.doGet(request, response);
187 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
192 public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
194 when(request.getPathInfo()).thenReturn("/123");
195 feedServlet.doGet(request, response);
196 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
201 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
203 setAuthoriserToReturnRequestNotAuthorized();
204 feedServlet.doGet(request, response);
205 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
210 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
211 ServletOutputStream outStream = mock(ServletOutputStream.class);
212 when(response.getOutputStream()).thenReturn(outStream);
213 feedServlet.doGet(request, response);
214 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
219 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
221 when(request.isSecure()).thenReturn(false);
222 feedServlet.doPut(request, response);
223 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
227 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
229 setBehalfHeader(null);
230 feedServlet.doPut(request, response);
231 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
236 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
238 when(request.getPathInfo()).thenReturn(null);
239 feedServlet.doPut(request, response);
240 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
245 public void Given_Request_Is_HTTP_PUT_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
247 when(request.getPathInfo()).thenReturn("/123");
248 feedServlet.doPut(request, response);
249 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
253 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
255 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed-fail; version=2.0");
256 when(request.getContentType()).thenReturn("stub_contentType");
257 feedServlet.doPut(request, response);
259 .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
263 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
265 ServletInputStream inStream = mock(ServletInputStream.class);
266 when(request.getInputStream()).thenReturn(inStream);
267 feedServlet.doPut(request, response);
268 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
272 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Invalid_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
273 FeedServlet feedServlet = new FeedServlet() {
274 protected JSONObject getJSONfromInput(HttpServletRequest req) {
275 return new JSONObject();
278 feedServlet.doPut(request, response);
279 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
283 public void Given_Request_Is_HTTP_PUT_And_Feed_Change_Is_Not_Publisher_Who_Requested_Feed_Bad_Request_Response_Is_Generated() throws Exception {
284 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
285 JSONObject JSObject = buildRequestJsonObject();
286 FeedServlet feedServlet = new FeedServlet() {
287 protected JSONObject getJSONfromInput(HttpServletRequest req) {
288 JSONObject jo = new JSONObject();
289 jo.put("name", "stub_name");
290 jo.put("version", "1.0");
291 jo.put("authorization", JSObject);
296 feedServlet.doPut(request, response);
297 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
301 public void Given_Request_Is_HTTP_PUT_And_Feed_Name_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
302 JSONObject JSObject = buildRequestJsonObject();
303 FeedServlet feedServlet = new FeedServlet() {
304 protected JSONObject getJSONfromInput(HttpServletRequest req) {
305 JSONObject jo = new JSONObject();
306 jo.put("name", "not_stub_name");
307 jo.put("version", "1.0");
308 jo.put("authorization", JSObject);
312 feedServlet.doPut(request, response);
313 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
317 public void Given_Request_Is_HTTP_PUT_And_Feed_Version_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
318 JSONObject JSObject = buildRequestJsonObject();
319 FeedServlet feedServlet = new FeedServlet() {
320 protected JSONObject getJSONfromInput(HttpServletRequest req) {
321 JSONObject jo = new JSONObject();
322 jo.put("name", "stub_name");
323 jo.put("version", "2.0");
324 jo.put("authorization", JSObject);
328 feedServlet.doPut(request, response);
329 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
333 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
334 JSONObject JSObject = buildRequestJsonObject();
335 FeedServlet feedServlet = new FeedServlet() {
336 protected JSONObject getJSONfromInput(HttpServletRequest req) {
337 JSONObject jo = new JSONObject();
338 jo.put("name", "Feed1");
339 jo.put("version", "v0.1");
340 jo.put("authorization", JSObject);
344 setAuthoriserToReturnRequestNotAuthorized();
345 feedServlet.doPut(request, response);
346 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
350 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Fails_An_Internal_Server_Error_Response_Is_Generated() throws Exception {
351 ServletOutputStream outStream = mock(ServletOutputStream.class);
352 when(response.getOutputStream()).thenReturn(outStream);
354 JSONObject JSObject = buildRequestJsonObject();
355 FeedServlet feedServlet = new FeedServlet() {
356 protected JSONObject getJSONfromInput(HttpServletRequest req) {
357 JSONObject jo = new JSONObject();
358 jo.put("name", "Feed1");
359 jo.put("version", "v0.1");
360 jo.put("authorization", JSObject);
365 protected boolean doUpdate(Updateable bean) {
369 feedServlet.doPut(request, response);
370 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
374 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Suceeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
375 ServletOutputStream outStream = mock(ServletOutputStream.class);
376 when(response.getOutputStream()).thenReturn(outStream);
377 JSONObject JSObject = buildRequestJsonObject();
378 FeedServlet feedServlet = new FeedServlet() {
379 protected JSONObject getJSONfromInput(HttpServletRequest req) {
380 JSONObject jo = new JSONObject();
381 jo.put("name", "Feed1");
382 jo.put("version", "v0.1");
383 jo.put("authorization", JSObject);
388 feedServlet.doPut(request, response);
389 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
393 public void Given_Request_Is_HTTP_POST_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
394 feedServlet.doPost(request, response);
395 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
399 private JSONObject buildRequestJsonObject() {
400 JSONObject JSObject = new JSONObject();
401 JSONArray endpointIDs = new JSONArray();
402 JSONObject JOEndpointIDs = new JSONObject();
403 JOEndpointIDs.put("id", "stub_endpoint_id");
404 JOEndpointIDs.put("password", "stub_endpoint_password");
405 endpointIDs.put(JOEndpointIDs);
407 JSONArray endpointAddresses = new JSONArray();
408 endpointAddresses.put("127.0.0.1");
410 JSObject.put("classification", "stub_classification");
411 JSObject.put("endpoint_ids", endpointIDs);
412 JSObject.put("endpoint_addrs", endpointAddresses);
416 private void setUpValidSecurityOnHttpRequest() throws Exception {
417 when(request.isSecure()).thenReturn(true);
418 Set<String> authAddressesAndNetworks = new HashSet<String>();
419 authAddressesAndNetworks.add(("127.0.0.1"));
421 .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
423 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
426 private void setBehalfHeader(String headerValue) {
427 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
430 private void setValidPathInfoInHttpHeader() {
431 when(request.getPathInfo()).thenReturn("/1");
434 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
435 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
436 Authorizer authorizer = mock(Authorizer.class);
437 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
438 when(authorizer.decide(request)).thenReturn(authResponse);
439 when(authResponse.isAuthorized()).thenReturn(false);
442 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
443 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
444 Authorizer authorizer = mock(Authorizer.class);
445 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
446 when(authorizer.decide(request)).thenReturn(authResponse);
447 when(authResponse.isAuthorized()).thenReturn(true);
450 private void setUpValidAuthorisedRequest() throws Exception {
451 setUpValidSecurityOnHttpRequest();
452 setBehalfHeader("Stub_Value");
453 setValidPathInfoInHttpHeader();
456 private void setUpValidContentHeadersAndJSONOnHttpRequest() {
457 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed; version=1.0");
458 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
461 private void reinsertFeedIntoDb() throws SQLException {
462 Feed feed = new Feed("Feed1","v0.1", "First Feed for testing", "First Feed for testing");
465 feed.setDeleted(false);
466 feed.doUpdate(db.getConnection());