1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import ch.qos.logback.classic.spi.ILoggingEvent;
26 import ch.qos.logback.core.read.ListAppender;
27 import org.apache.commons.lang3.reflect.FieldUtils;
28 import org.jetbrains.annotations.NotNull;
29 import org.json.JSONArray;
30 import org.json.JSONObject;
31 import org.junit.AfterClass;
32 import org.junit.Before;
33 import org.junit.BeforeClass;
34 import org.junit.Test;
35 import org.junit.runner.RunWith;
36 import org.mockito.Mock;
37 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
38 import org.onap.dmaap.datarouter.authz.Authorizer;
39 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
40 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
41 import org.onap.dmaap.datarouter.provisioning.utils.DB;
42 import org.powermock.modules.junit4.PowerMockRunner;
44 import javax.persistence.EntityManager;
45 import javax.persistence.EntityManagerFactory;
46 import javax.persistence.Persistence;
47 import javax.servlet.ServletInputStream;
48 import javax.servlet.ServletOutputStream;
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpServletResponse;
51 import java.sql.SQLException;
52 import java.util.HashSet;
55 import static org.hamcrest.Matchers.notNullValue;
56 import static org.mockito.Mockito.*;
57 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
60 @RunWith(PowerMockRunner.class)
61 public class FeedServletTest extends DrServletTestBase {
63 private static FeedServlet feedServlet;
66 private HttpServletRequest request;
68 private HttpServletResponse response;
70 private static EntityManagerFactory emf;
71 private static EntityManager em;
74 private ListAppender<ILoggingEvent> listAppender;
77 public static void init() {
78 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
79 em = emf.createEntityManager();
81 "org.onap.dmaap.datarouter.provserver.properties",
82 "src/test/resources/h2Database.properties");
86 public static void tearDownClass() {
93 public void setUp() throws Exception {
94 listAppender = setTestLogger(FeedServlet.class);
95 feedServlet = new FeedServlet();
97 setAuthoriserToReturnRequestIsAuthorized();
98 setUpValidAuthorisedRequest();
99 setUpValidSecurityOnHttpRequest();
100 setUpValidContentHeadersAndJSONOnHttpRequest();
104 public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
106 when(request.isSecure()).thenReturn(false);
107 feedServlet.doDelete(request, response);
108 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
109 verifyEnteringExitCalled(listAppender);
114 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
116 setBehalfHeader(null);
117 feedServlet.doDelete(request, response);
118 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
123 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
124 when(request.getPathInfo()).thenReturn(null);
125 feedServlet.doDelete(request, response);
126 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
131 public void Given_Request_Is_HTTP_DELETE_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
132 when(request.getPathInfo()).thenReturn("/123");
133 feedServlet.doDelete(request, response);
134 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
139 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
140 setAuthoriserToReturnRequestNotAuthorized();
141 feedServlet.doDelete(request, response);
142 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
146 public void Given_Request_Is_HTTP_DELETE_And_AAF_Feed_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
147 when(request.getPathInfo()).thenReturn("/2");
148 feedServlet.doDelete(request, response);
149 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
153 public void Given_Request_Is_HTTP_DELETE_And_AAF_Feed_With_Permissions_Then_A_NO_CONTENT_Response_Is_Generated() {
154 when(request.getPathInfo()).thenReturn("/3");
155 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|delete")).thenReturn(true);
156 feedServlet.doDelete(request, response);
157 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
158 verifyEnteringExitCalled(listAppender);
163 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported()
165 FeedServlet feedServlet = new FeedServlet() {
166 protected boolean doUpdate(Updateable bean) {
170 feedServlet.doDelete(request, response);
172 .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
177 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated() throws Exception {
178 feedServlet.doDelete(request, response);
179 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
180 reinsertFeedIntoDb();
181 verifyEnteringExitCalled(listAppender);
185 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
187 when(request.isSecure()).thenReturn(false);
188 feedServlet.doGet(request, response);
189 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
190 verifyEnteringExitCalled(listAppender);
194 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
196 setBehalfHeader(null);
197 feedServlet.doGet(request, response);
198 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
203 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
205 when(request.getPathInfo()).thenReturn(null);
206 feedServlet.doGet(request, response);
207 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
212 public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
214 when(request.getPathInfo()).thenReturn("/123");
215 feedServlet.doGet(request, response);
216 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
221 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
223 setAuthoriserToReturnRequestNotAuthorized();
224 when(request.getPathInfo()).thenReturn("/2");
225 feedServlet.doGet(request, response);
226 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
231 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
232 ServletOutputStream outStream = mock(ServletOutputStream.class);
233 when(response.getOutputStream()).thenReturn(outStream);
234 when(request.getPathInfo()).thenReturn("/2");
235 feedServlet.doGet(request, response);
236 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
237 verifyEnteringExitCalled(listAppender);
242 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
244 when(request.isSecure()).thenReturn(false);
245 feedServlet.doPut(request, response);
246 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
247 verifyEnteringExitCalled(listAppender);
251 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
253 setBehalfHeader(null);
254 feedServlet.doPut(request, response);
255 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
260 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
262 when(request.getPathInfo()).thenReturn(null);
263 feedServlet.doPut(request, response);
264 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
269 public void Given_Request_Is_HTTP_PUT_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
271 when(request.getPathInfo()).thenReturn("/123");
272 feedServlet.doPut(request, response);
273 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
277 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
279 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed-fail; version=2.0");
280 when(request.getContentType()).thenReturn("stub_contentType");
281 when(request.getPathInfo()).thenReturn("/2");
282 feedServlet.doPut(request, response);
283 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
287 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
289 ServletInputStream inStream = mock(ServletInputStream.class);
290 when(request.getInputStream()).thenReturn(inStream);
291 when(request.getPathInfo()).thenReturn("/2");
292 FeedServlet feedServlet = new FeedServlet() {
293 protected JSONObject getJSONfromInput(HttpServletRequest req) {
297 feedServlet.doPut(request, response);
298 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("Badly formed JSON"));
302 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Invalid_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
303 when(request.getPathInfo()).thenReturn("/2");
304 FeedServlet feedServlet = new FeedServlet() {
305 protected JSONObject getJSONfromInput(HttpServletRequest req) {
306 return new JSONObject();
309 feedServlet.doPut(request, response);
310 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
314 public void Given_Request_Is_HTTP_PUT_And_Feed_Change_Is_Not_Publisher_Who_Requested_Feed_Bad_Request_Response_Is_Generated() throws Exception {
315 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
316 when(request.getPathInfo()).thenReturn("/2");
317 JSONObject JSObject = buildRequestJsonObject();
318 FeedServlet feedServlet = new FeedServlet() {
319 protected JSONObject getJSONfromInput(HttpServletRequest req) {
320 JSONObject jo = new JSONObject();
321 jo.put("name", "stub_name");
322 jo.put("version", "1.0");
323 jo.put("authorization", JSObject);
327 feedServlet.doPut(request, response);
328 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("must be modified by the same publisher"));
332 public void Given_Request_Is_HTTP_PUT_And_Feed_Name_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
333 when(request.getPathInfo()).thenReturn("/2");
334 JSONObject JSObject = buildRequestJsonObject();
335 FeedServlet feedServlet = new FeedServlet() {
336 protected JSONObject getJSONfromInput(HttpServletRequest req) {
337 JSONObject jo = new JSONObject();
338 jo.put("name", "not_stub_name");
339 jo.put("version", "1.0");
340 jo.put("authorization", JSObject);
344 feedServlet.doPut(request, response);
345 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("name of the feed may not be updated"));
349 public void Given_Request_Is_HTTP_PUT_And_Feed_Version_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
350 when(request.getPathInfo()).thenReturn("/2");
351 JSONObject JSObject = buildRequestJsonObject();
352 FeedServlet feedServlet = new FeedServlet() {
353 protected JSONObject getJSONfromInput(HttpServletRequest req) {
354 JSONObject jo = new JSONObject();
355 jo.put("name", "AafFeed");
356 jo.put("version", "v0.2");
357 jo.put("authorization", JSObject);
361 feedServlet.doPut(request, response);
362 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("version of the feed may not be updated"));
366 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
367 setAuthoriserToReturnRequestNotAuthorized();
368 when(request.getPathInfo()).thenReturn("/2");
369 JSONObject JSObject = buildRequestJsonObject();
370 FeedServlet feedServlet = new FeedServlet() {
371 protected JSONObject getJSONfromInput(HttpServletRequest req) {
372 JSONObject jo = new JSONObject();
373 jo.put("name", "AafFeed");
374 jo.put("version", "v0.1");
375 jo.put("authorization", JSObject);
379 feedServlet.doPut(request, response);
380 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Policy Engine disallows access"));
384 public void Given_Request_Is_HTTP_PUT_And_AAF_Feed_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
385 when(request.getPathInfo()).thenReturn("/2");
386 JSONObject JSObject = buildRequestJsonObject();
387 FeedServlet feedServlet = new FeedServlet() {
388 protected JSONObject getJSONfromInput(HttpServletRequest req) {
389 JSONObject jo = new JSONObject();
390 jo.put("name", "AafFeed");
391 jo.put("version", "v0.1");
392 jo.put("authorization", JSObject);
393 jo.put("aaf_instance", "https://aaf-onap-test.osaaf.org:8095");
397 feedServlet.doPut(request, response);
398 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
402 public void Given_Request_Is_HTTP_PUT_And_AAF_Feed_With_Permissions_Then_STATUS_OK__Response_Is_Generated() throws Exception {
403 ServletOutputStream outStream = mock(ServletOutputStream.class);
404 when(response.getOutputStream()).thenReturn(outStream);
405 when(request.getPathInfo()).thenReturn("/2");
406 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|edit")).thenReturn(true);
407 JSONObject JSObject = buildRequestJsonObject();
408 FeedServlet feedServlet = new FeedServlet() {
409 protected JSONObject getJSONfromInput(HttpServletRequest req) {
410 JSONObject jo = new JSONObject();
411 jo.put("name", "AafFeed");
412 jo.put("version", "v0.1");
413 jo.put("authorization", JSObject);
414 jo.put("aaf_instance", "*");
418 protected boolean doUpdate(Updateable bean) {
423 feedServlet.doPut(request, response);
424 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
425 verifyEnteringExitCalled(listAppender);
429 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Fails_An_Internal_Server_Error_Response_Is_Generated() throws Exception {
430 ServletOutputStream outStream = mock(ServletOutputStream.class);
431 when(response.getOutputStream()).thenReturn(outStream);
432 when(request.getPathInfo()).thenReturn("/2");
433 JSONObject JSObject = buildRequestJsonObject();
434 FeedServlet feedServlet = new FeedServlet() {
435 protected JSONObject getJSONfromInput(HttpServletRequest req) {
436 JSONObject jo = new JSONObject();
437 jo.put("name", "AafFeed");
438 jo.put("version", "v0.1");
439 jo.put("authorization", JSObject);
444 protected boolean doUpdate(Updateable bean) {
448 feedServlet.doPut(request, response);
449 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
453 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Suceeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
454 ServletOutputStream outStream = mock(ServletOutputStream.class);
455 when(response.getOutputStream()).thenReturn(outStream);
456 when(request.getPathInfo()).thenReturn("/2");
457 JSONObject JSObject = buildRequestJsonObject();
458 FeedServlet feedServlet = new FeedServlet() {
459 protected JSONObject getJSONfromInput(HttpServletRequest req) {
460 JSONObject jo = new JSONObject();
461 jo.put("name", "AafFeed");
462 jo.put("version", "v0.1");
463 jo.put("authorization", JSObject);
467 protected boolean doUpdate(Updateable bean) {
472 feedServlet.doPut(request, response);
473 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
474 verifyEnteringExitCalled(listAppender);
478 public void Given_Request_Is_HTTP_POST_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
479 feedServlet.doPost(request, response);
480 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
481 verifyEnteringExitCalled(listAppender);
485 private JSONObject buildRequestJsonObject() {
486 JSONObject JSObject = new JSONObject();
487 JSONArray endpointIDs = new JSONArray();
488 JSONObject JOEndpointIDs = new JSONObject();
489 JOEndpointIDs.put("id", "stub_endpoint_id");
490 JOEndpointIDs.put("password", "stub_endpoint_password");
491 endpointIDs.put(JOEndpointIDs);
493 JSONArray endpointAddresses = new JSONArray();
494 endpointAddresses.put("127.0.0.1");
496 JSObject.put("classification", "stub_classification");
497 JSObject.put("endpoint_ids", endpointIDs);
498 JSObject.put("endpoint_addrs", endpointAddresses);
502 private void setUpValidSecurityOnHttpRequest() throws Exception {
503 when(request.isSecure()).thenReturn(true);
504 Set<String> authAddressesAndNetworks = new HashSet<>();
505 authAddressesAndNetworks.add(("127.0.0.1"));
506 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,true);
507 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
510 private void setBehalfHeader(String headerValue) {
511 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
514 private void setValidPathInfoInHttpHeader() {
515 when(request.getPathInfo()).thenReturn("/1");
518 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
519 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
520 Authorizer authorizer = mock(Authorizer.class);
521 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
522 when(authorizer.decide(request)).thenReturn(authResponse);
523 when(authResponse.isAuthorized()).thenReturn(false);
526 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
527 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
528 Authorizer authorizer = mock(Authorizer.class);
529 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
530 when(authorizer.decide(request)).thenReturn(authResponse);
531 when(authResponse.isAuthorized()).thenReturn(true);
534 private void setUpValidAuthorisedRequest() throws Exception {
535 setUpValidSecurityOnHttpRequest();
536 setBehalfHeader("Stub_Value");
537 setValidPathInfoInHttpHeader();
540 private void setUpValidContentHeadersAndJSONOnHttpRequest() {
541 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.0");
542 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
545 private void reinsertFeedIntoDb() throws SQLException {
546 Feed feed = new Feed("Feed1","v0.1", "First Feed for testing", "First Feed for testing");
549 feed.setDeleted(false);
550 feed.doUpdate(db.getConnection());