2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2018 European Software Marketing Ltd.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.aaf.cadi.sidecar.rproxy.test;
22 import static org.hamcrest.Matchers.equalTo;
23 import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
24 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
25 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
26 import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
27 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
28 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
29 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
31 import javax.annotation.Resource;
33 import org.eclipse.jetty.util.security.Password;
34 import org.junit.Before;
35 import org.junit.Test;
36 import org.junit.runner.RunWith;
37 import org.onap.aaf.cadi.sidecar.rproxy.config.ForwardProxyProperties;
38 import org.onap.aaf.cadi.sidecar.rproxy.config.PrimaryServiceProperties;
39 import org.springframework.beans.factory.annotation.Autowired;
40 import org.springframework.beans.factory.annotation.Value;
41 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
42 import org.springframework.boot.test.context.SpringBootTest;
43 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
44 import org.springframework.http.HttpMethod;
45 import org.springframework.http.MediaType;
46 import org.springframework.test.context.ContextConfiguration;
47 import org.springframework.test.context.TestPropertySource;
48 import org.springframework.test.context.junit4.SpringRunner;
49 import org.springframework.test.web.client.MockRestServiceServer;
50 import org.springframework.test.web.servlet.MockMvc;
51 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
52 import org.springframework.web.client.RestTemplate;
55 @RunWith(SpringRunner.class)
56 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
59 @TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"})
61 @ContextConfiguration(classes = ReverseProxyTestConfig.class)
62 public class PermissionMatchingTest {
65 System.setProperty("server.ssl.key-store-password",
66 Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
69 @Value("${transactionid.header.name}")
70 private String transactionIdHeaderName;
72 @Resource(name = "PrimaryServiceProperties")
73 private PrimaryServiceProperties primaryServiceProps;
75 @Resource(name = "ForwardProxyProperties")
76 private ForwardProxyProperties forwardProxyProps;
79 private MockMvc mockMvc;
82 private RestTemplate restTemplate;
84 private MockRestServiceServer mockServer;
86 private String primaryServiceBaseUrl;
89 public void setUp() throws Exception {
90 mockServer = MockRestServiceServer.createServer(restTemplate);
91 primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":"
92 + primaryServiceProps.getPort();
96 public void testURIMismatch() throws Exception {
98 String testUrl = "/uri/does/not/exist";
99 String testResponse = "Sorry, the request is not allowed";
102 .perform(get(testUrl))
103 .andExpect(status().isForbidden())
104 .andExpect(status().reason(testResponse));
109 public void testURINoPermission() throws Exception {
111 String testUrl = "/not/allowed/at/all";
112 String testResponse = "Sorry, the request is not allowed";
115 .perform(get(testUrl))
116 .andExpect(status().isForbidden())
117 .andExpect(status().reason(testResponse));
122 public void testURIMatchSinglePermissionMatch() throws Exception {
124 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
125 String testUrl = "/single/permission/required";
126 String testResponse = "Response from MockRestService";
129 .expect(requestTo(primaryServiceBaseUrl + testUrl))
130 .andExpect(method(HttpMethod.GET))
131 .andExpect(header(transactionIdHeaderName, transactionId))
132 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
134 // Send request to mock server with transaction Id
136 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
137 .andExpect(status().isOk())
138 .andExpect(content().string(equalTo(testResponse)));
145 public void testURIPUTMatchSinglePermissionMatch() throws Exception {
147 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
148 String testUrl = "/single/permission/required";
149 String testResponse = "Response from MockRestService";
152 .expect(requestTo(primaryServiceBaseUrl + testUrl))
153 .andExpect(method(HttpMethod.PUT))
154 .andExpect(header(transactionIdHeaderName, transactionId))
155 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
157 // Send request to mock server with transaction Id
159 .perform(MockMvcRequestBuilders.put(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
160 .andExpect(status().isOk())
161 .andExpect(content().string(equalTo(testResponse)));
169 public void testURIPATCHMatchSinglePermissionMatch() throws Exception {
171 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
172 String testUrl = "/single/permission/required";
173 String testResponse = "Sorry, the request is not allowed";
175 // Send request to mock server with transaction Id
177 .perform(MockMvcRequestBuilders.patch(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
178 .andExpect(status().isForbidden())
179 .andExpect(status().reason(testResponse));
186 public void testURIMatchMultiplePermissionMatch() throws Exception {
188 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
189 String testUrl = "/multiple/permissions/required";
190 String testResponse = "Response from MockRestService";
193 .expect(requestTo(primaryServiceBaseUrl + testUrl))
194 .andExpect(method(HttpMethod.GET))
195 .andExpect(header(transactionIdHeaderName, transactionId))
196 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
198 // Send request to mock server with transaction Id
200 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
201 .andExpect(status().isOk())
202 .andExpect(content().string(equalTo(testResponse)));
209 public void testURIMatchMultipleMissingOnePermissionMatch() throws Exception {
211 String testUrl = "/multiple/permissions/required/one/missing";
212 String testResponse = "Sorry, the request is not allowed";
215 .perform(get(testUrl))
216 .andExpect(status().isForbidden())
217 .andExpect(status().reason(testResponse));
221 public void testURIInstanceActionWildCardPermissionMatch() throws Exception {
223 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
224 String testUrl = "/wildcard/permission/granted";
225 String testResponse = "Response from MockRestService";
228 .expect(requestTo(primaryServiceBaseUrl + testUrl))
229 .andExpect(method(HttpMethod.GET))
230 .andExpect(header(transactionIdHeaderName, transactionId))
231 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
233 // Send request to mock server with transaction Id
235 .perform(MockMvcRequestBuilders
237 .accept(MediaType.APPLICATION_JSON)
238 .header(transactionIdHeaderName, transactionId)
239 .header("PermissionsUser", "UserWithInstanceActionWildcardPermissionGranted")
241 .andExpect(status().isOk())
242 .andExpect(content().string(equalTo(testResponse)));
249 public void testURIInstanceWildCardPermissionMatch() throws Exception {
251 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
252 String testUrl = "/instance/wildcard/permission/granted";
253 String testResponse = "Response from MockRestService";
256 .expect(requestTo(primaryServiceBaseUrl + testUrl))
257 .andExpect(method(HttpMethod.GET))
258 .andExpect(header(transactionIdHeaderName, transactionId))
259 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
261 // Send request to mock server with transaction Id
263 .perform(MockMvcRequestBuilders
265 .accept(MediaType.APPLICATION_JSON)
266 .header(transactionIdHeaderName, transactionId)
267 .header("PermissionsUser", "UserWithInstanceWildcardPermissionGranted")
269 .andExpect(status().isOk())
270 .andExpect(content().string(equalTo(testResponse)));
277 public void testURIActionWildCardPermissionMatch() throws Exception {
279 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
280 String testUrl = "/action/wildcard/permission/granted";
281 String testResponse = "Response from MockRestService";
284 .expect(requestTo(primaryServiceBaseUrl + testUrl))
285 .andExpect(method(HttpMethod.GET))
286 .andExpect(header(transactionIdHeaderName, transactionId))
287 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
289 // Send request to mock server with transaction Id
291 .perform(MockMvcRequestBuilders
293 .accept(MediaType.APPLICATION_JSON)
294 .header(transactionIdHeaderName, transactionId)
295 .header("PermissionsUser", "UserWithActionWildcardPermissionGranted")
297 .andExpect(status().isOk())
298 .andExpect(content().string(equalTo(testResponse)));