1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import static org.mockito.ArgumentMatchers.anyString;
26 import static org.mockito.Mockito.contains;
27 import static org.mockito.Mockito.eq;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.verify;
30 import static org.mockito.Mockito.when;
31 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
33 import ch.qos.logback.classic.spi.ILoggingEvent;
34 import ch.qos.logback.core.read.ListAppender;
35 import java.util.HashSet;
37 import javax.persistence.EntityManager;
38 import javax.persistence.EntityManagerFactory;
39 import javax.persistence.Persistence;
40 import javax.servlet.ServletOutputStream;
41 import javax.servlet.http.HttpServletRequest;
42 import javax.servlet.http.HttpServletResponse;
43 import org.apache.commons.lang3.reflect.FieldUtils;
44 import org.jetbrains.annotations.NotNull;
45 import org.json.JSONObject;
46 import org.junit.AfterClass;
47 import org.junit.Before;
48 import org.junit.BeforeClass;
49 import org.junit.Test;
50 import org.junit.runner.RunWith;
51 import org.mockito.Mock;
52 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
53 import org.onap.dmaap.datarouter.authz.Authorizer;
54 import org.onap.dmaap.datarouter.provisioning.beans.Insertable;
55 import org.onap.dmaap.datarouter.provisioning.utils.Poker;
56 import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
57 import org.powermock.core.classloader.annotations.PowerMockIgnore;
58 import org.powermock.modules.junit4.PowerMockRunner;
61 @RunWith(PowerMockRunner.class)
62 @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.*"})
63 public class SubscribeServletTest extends DrServletTestBase {
64 private static SubscribeServlet subscribeServlet;
65 private static EntityManagerFactory emf;
66 private static EntityManager em;
69 private HttpServletRequest request;
71 private HttpServletResponse response;
73 private ListAppender<ILoggingEvent> listAppender;
76 public static void init() {
77 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
78 em = emf.createEntityManager();
80 "org.onap.dmaap.datarouter.provserver.properties",
81 "src/test/resources/h2Database.properties");
85 public static void tearDownClass() {
92 public void setUp() throws Exception {
93 ProvDbUtils.getInstance().initProvDB();
94 listAppender = setTestLogger(SubscribeServlet.class);
95 subscribeServlet = new SubscribeServlet();
96 setAuthoriserToReturnRequestIsAuthorized();
97 setPokerToNotCreateTimersWhenDeleteFeedIsCalled();
98 setupValidAuthorisedRequest();
99 setUpValidSecurityOnHttpRequest();
100 setUpValidContentHeadersAndJSONOnHttpRequest();
104 public void Given_Request_Is_HTTP_DELETE_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
105 subscribeServlet.doDelete(request, response);
106 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
107 verifyEnteringExitCalled(listAppender);
111 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
112 when(request.isSecure()).thenReturn(false);
113 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
114 subscribeServlet.doGet(request, response);
115 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
116 verifyEnteringExitCalled(listAppender);
120 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
121 setBehalfHeader(null);
122 subscribeServlet.doGet(request, response);
123 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
128 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
129 when(request.getPathInfo()).thenReturn(null);
130 subscribeServlet.doGet(request, response);
131 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
135 public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
136 when(request.getPathInfo()).thenReturn("/123");
137 subscribeServlet.doGet(request, response);
138 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
142 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
143 ServletOutputStream outStream = mock(ServletOutputStream.class);
144 when(response.getOutputStream()).thenReturn(outStream);
145 when(request.getPathInfo()).thenReturn("/1");
146 subscribeServlet.doGet(request, response);
147 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
148 verifyEnteringExitCalled(listAppender);
153 public void Given_Request_Is_HTTP_PUT_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
154 subscribeServlet.doPut(request, response);
155 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
156 verifyEnteringExitCalled(listAppender);
159 public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
160 when(request.isSecure()).thenReturn(false);
161 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
162 subscribeServlet.doPost(request, response);
163 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
164 verifyEnteringExitCalled(listAppender);
168 public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
169 setBehalfHeader(null);
170 subscribeServlet.doPost(request, response);
171 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
176 public void Given_Request_Is_HTTP_POST_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
177 when(request.getPathInfo()).thenReturn(null);
178 subscribeServlet.doPost(request, response);
179 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
184 public void Given_Request_Is_HTTP_POST_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
185 when(request.getPathInfo()).thenReturn("/123");
186 subscribeServlet.doPost(request, response);
187 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
191 public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
192 setAuthoriserToReturnRequestNotAuthorized();
193 when(request.getPathInfo()).thenReturn("/1");
194 JSONObject JSObject = buildRequestJsonObject();
195 SubscribeServlet subscribeServlet = new SubscribeServlet() {
196 public JSONObject getJSONfromInput(HttpServletRequest req) {
197 JSONObject jo = new JSONObject();
198 jo.put("name", "stub_name");
199 jo.put("version", "2.0");
200 jo.put("metadataOnly", true);
201 jo.put("suspend", true);
202 jo.put("delivery", JSObject);
203 jo.put("sync", false);
207 protected boolean doInsert(Insertable bean) {
211 subscribeServlet.doPost(request, response);
212 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
216 public void Given_Request_Is_HTTP_POST_And_AAF_Subscriber_Added_To_Legacy_Feed_Then_Forbidden_Response_Is_Generated() throws Exception {
217 when(request.getPathInfo()).thenReturn("/1");
218 JSONObject JSObject = buildRequestJsonObject();
219 SubscribeServlet subscribeServlet = new SubscribeServlet() {
220 public JSONObject getJSONfromInput(HttpServletRequest req) {
221 JSONObject jo = new JSONObject();
222 jo.put("name", "stub_name");
223 jo.put("version", "2.0");
224 jo.put("metadataOnly", true);
225 jo.put("suspend", true);
226 jo.put("delivery", JSObject);
227 jo.put("aaf_instance", "*");
228 jo.put("follow_redirect", false);
229 jo.put("sync", false);
233 protected boolean doInsert(Insertable bean) {
237 subscribeServlet.doPost(request, response);
238 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF Subscriber can not be added to legacy Feed"));
242 public void Given_Request_Is_HTTP_POST_And_Legacy_Subscriber_Added_To_AAF_Feed_And_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
243 setAuthoriserToReturnRequestNotAuthorized();
244 when(request.getPathInfo()).thenReturn("/2");
245 JSONObject JSObject = buildRequestJsonObject();
246 SubscribeServlet subscribeServlet = new SubscribeServlet() {
247 public JSONObject getJSONfromInput(HttpServletRequest req) {
248 JSONObject jo = new JSONObject();
249 jo.put("name", "stub_name");
250 jo.put("version", "2.0");
251 jo.put("metadataOnly", true);
252 jo.put("suspend", true);
253 jo.put("delivery", JSObject);
254 jo.put("aaf_instance", "legacy");
255 jo.put("follow_redirect", false);
256 jo.put("sync", false);
260 subscribeServlet.doPost(request, response);
261 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Policy Engine disallows access."));
265 public void Given_Request_Is_HTTP_POST_And_AAF_Subscriber_Added_To_AAF_Feed_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
266 when(request.getPathInfo()).thenReturn("/2");
267 JSONObject JSObject = buildRequestJsonObject();
268 SubscribeServlet subscribeServlet = new SubscribeServlet() {
269 public JSONObject getJSONfromInput(HttpServletRequest req) {
270 JSONObject jo = new JSONObject();
271 jo.put("name", "stub_name");
272 jo.put("version", "2.0");
273 jo.put("metadataOnly", true);
274 jo.put("suspend", true);
275 jo.put("delivery", JSObject);
276 jo.put("aaf_instance", "*");
277 jo.put("follow_redirect", false);
278 jo.put("sync", false);
282 subscribeServlet.doPost(request, response);
283 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
287 public void Given_Request_Is_HTTP_POST_And_AAF_Subscriber_Added_To_AAF_Feed_With_Permissions_Then_OK_Response_Is_Generated() throws Exception {
288 ServletOutputStream outStream = mock(ServletOutputStream.class);
289 when(response.getOutputStream()).thenReturn(outStream);
290 when(request.getPathInfo()).thenReturn("/2");
291 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|approveSub")).thenReturn(true);
292 JSONObject JSObject = buildRequestJsonObject();
293 SubscribeServlet subscribeServlet = new SubscribeServlet() {
294 public JSONObject getJSONfromInput(HttpServletRequest req) {
295 JSONObject jo = new JSONObject();
296 jo.put("name", "stub_name");
297 jo.put("version", "2.0");
298 jo.put("metadataOnly", true);
299 jo.put("suspend", true);
300 jo.put("delivery", JSObject);
301 jo.put("aaf_instance", "*");
302 jo.put("follow_redirect", false);
303 jo.put("sync", false);
308 protected boolean doInsert(Insertable bean) {
312 subscribeServlet.doPost(request, response);
313 verify(response).setStatus(eq(HttpServletResponse.SC_CREATED));
314 verifyEnteringExitCalled(listAppender);
318 public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
319 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.1");
320 when(request.getContentType()).thenReturn("stub_contentType");
321 when(request.getPathInfo()).thenReturn("/1");
322 subscribeServlet.doPost(request, response);
323 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), anyString());
327 public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
328 when(request.getPathInfo()).thenReturn("/1");
329 subscribeServlet.doPost(request, response);
330 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
334 public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated() throws Exception {
335 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxSubs", 0, true);
336 when(request.getPathInfo()).thenReturn("/1");
337 SubscribeServlet subscribeServlet = new SubscribeServlet() {
338 public JSONObject getJSONfromInput(HttpServletRequest req) {
339 return new JSONObject();
342 subscribeServlet.doPost(request, response);
343 verify(response).sendError(eq(HttpServletResponse.SC_CONFLICT), anyString());
347 public void Given_Request_Is_HTTP_POST_And_POST_Fails_Bad_Request_Response_Is_Generated() throws Exception {
348 when(request.getPathInfo()).thenReturn("/2");
349 JSONObject JSObject = buildRequestJsonObject();
350 SubscribeServlet subscribeServlet = new SubscribeServlet() {
351 public JSONObject getJSONfromInput(HttpServletRequest req) {
352 JSONObject jo = new JSONObject();
353 jo.put("name", "stub_name");
354 jo.put("version", "2.0");
355 jo.put("metadataOnly", true);
356 jo.put("suspend", true);
357 jo.put("delivery", JSObject);
358 jo.put("aaf_instance", "legacy");
359 jo.put("follow_redirect", false);
360 jo.put("sync", false);
365 protected boolean doInsert(Insertable bean) {
369 subscribeServlet.doPost(request, response);
370 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), anyString());
374 private JSONObject buildRequestJsonObject() {
375 JSONObject JSObject = new JSONObject();
376 JSObject.put("url", "https://stub_address");
377 JSObject.put("use100", "true");
378 JSObject.put("password", "stub_password");
379 JSObject.put("user", "stub_user");
383 private void setUpValidSecurityOnHttpRequest() throws Exception {
384 when(request.isSecure()).thenReturn(true);
385 Set<String> authAddressesAndNetworks = new HashSet<>();
386 authAddressesAndNetworks.add(("127.0.0.1"));
387 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
388 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
389 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxSubs", 100, true);
392 private void setBehalfHeader(String headerValue) {
393 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
396 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
397 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
398 Authorizer authorizer = mock(Authorizer.class);
399 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
400 when(authorizer.decide(request)).thenReturn(authResponse);
401 when(authResponse.isAuthorized()).thenReturn(false);
404 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
405 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
406 Authorizer authorizer = mock(Authorizer.class);
407 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
408 when(authorizer.decide(request)).thenReturn(authResponse);
409 when(authResponse.isAuthorized()).thenReturn(true);
412 private void setPokerToNotCreateTimersWhenDeleteFeedIsCalled() throws Exception {
413 Poker poker = mock(Poker.class);
414 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
417 private void setupValidAuthorisedRequest() throws Exception {
418 setUpValidSecurityOnHttpRequest();
419 setBehalfHeader("Stub_Value");
422 private void setUpValidContentHeadersAndJSONOnHttpRequest() {
423 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
424 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");