2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2018 European Software Marketing Ltd.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.aaf.cadi.sidecar.rproxy.test;
22 import static org.hamcrest.Matchers.equalTo;
23 import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
24 import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
25 import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
26 import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
27 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
28 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
29 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
31 import javax.annotation.Resource;
32 import org.eclipse.jetty.util.security.Password;
33 import org.junit.Before;
34 import org.junit.Test;
35 import org.junit.runner.RunWith;
36 import org.onap.aaf.cadi.sidecar.rproxy.config.ForwardProxyProperties;
37 import org.onap.aaf.cadi.sidecar.rproxy.config.PrimaryServiceProperties;
38 import org.springframework.beans.factory.annotation.Autowired;
39 import org.springframework.beans.factory.annotation.Value;
40 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
41 import org.springframework.boot.test.context.SpringBootTest;
42 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
43 import org.springframework.http.HttpMethod;
44 import org.springframework.http.MediaType;
45 import org.springframework.test.context.ContextConfiguration;
46 import org.springframework.test.context.TestPropertySource;
47 import org.springframework.test.context.junit4.SpringRunner;
48 import org.springframework.test.web.client.MockRestServiceServer;
49 import org.springframework.test.web.servlet.MockMvc;
50 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
51 import org.springframework.web.client.RestTemplate;
54 @RunWith(SpringRunner.class)
55 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
58 @TestPropertySource(locations = {"classpath:primary-service.properties", "classpath:forward-proxy.properties"})
60 @ContextConfiguration(classes = ReverseProxyTestConfig.class)
61 public class PermissionMatchingTest {
64 System.setProperty("server.ssl.key-store-password",
65 Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
68 @Value("${transactionid.header.name}")
69 private String transactionIdHeaderName;
71 @Resource(name = "PrimaryServiceProperties")
72 private PrimaryServiceProperties primaryServiceProps;
74 @Resource(name = "ForwardProxyProperties")
75 private ForwardProxyProperties forwardProxyProps;
78 private MockMvc mockMvc;
81 private RestTemplate restTemplate;
83 private MockRestServiceServer mockServer;
85 private String primaryServiceBaseUrl;
88 public void setUp() throws Exception {
89 mockServer = MockRestServiceServer.createServer(restTemplate);
90 primaryServiceBaseUrl = primaryServiceProps.getProtocol() + "://" + primaryServiceProps.getHost() + ":"
91 + primaryServiceProps.getPort();
95 public void testURIMismatch() throws Exception {
97 String testUrl = "/uri/does/not/exist";
98 String testResponse = "Sorry, the request is not allowed";
101 .perform(get(testUrl))
102 .andExpect(status().isForbidden())
103 .andExpect(status().reason(testResponse));
108 public void testURINoPermission() throws Exception {
110 String testUrl = "/not/allowed/at/all";
111 String testResponse = "Sorry, the request is not allowed";
114 .perform(get(testUrl))
115 .andExpect(status().isForbidden())
116 .andExpect(status().reason(testResponse));
121 public void testURIMatchSinglePermissionMatch() throws Exception {
123 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
124 String testUrl = "/single/permission/required";
125 String testResponse = "Response from MockRestService";
128 .expect(requestTo(primaryServiceBaseUrl + testUrl))
129 .andExpect(method(HttpMethod.GET))
130 .andExpect(header(transactionIdHeaderName, transactionId))
131 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
133 // Send request to mock server with transaction Id
135 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
136 .andExpect(status().isOk())
137 .andExpect(content().string(equalTo(testResponse)));
144 public void testURIMatchMultiplePermissionMatch() throws Exception {
146 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
147 String testUrl = "/multiple/permissions/required";
148 String testResponse = "Response from MockRestService";
151 .expect(requestTo(primaryServiceBaseUrl + testUrl))
152 .andExpect(method(HttpMethod.GET))
153 .andExpect(header(transactionIdHeaderName, transactionId))
154 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
156 // Send request to mock server with transaction Id
158 .perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId))
159 .andExpect(status().isOk())
160 .andExpect(content().string(equalTo(testResponse)));
167 public void testURIMatchMultipleMissingOnePermissionMatch() throws Exception {
169 String testUrl = "/multiple/permissions/required/one/missing";
170 String testResponse = "Sorry, the request is not allowed";
173 .perform(get(testUrl))
174 .andExpect(status().isForbidden())
175 .andExpect(status().reason(testResponse));
179 public void testURIInstanceActionWildCardPermissionMatch() throws Exception {
181 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
182 String testUrl = "/wildcard/permission/granted";
183 String testResponse = "Response from MockRestService";
186 .expect(requestTo(primaryServiceBaseUrl + testUrl))
187 .andExpect(method(HttpMethod.GET))
188 .andExpect(header(transactionIdHeaderName, transactionId))
189 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
191 // Send request to mock server with transaction Id
193 .perform(MockMvcRequestBuilders
195 .accept(MediaType.APPLICATION_JSON)
196 .header(transactionIdHeaderName, transactionId)
197 .header("PermissionsUser", "UserWithInstanceActionWildcardPermissionGranted")
199 .andExpect(status().isOk())
200 .andExpect(content().string(equalTo(testResponse)));
207 public void testURIInstanceWildCardPermissionMatch() throws Exception {
209 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
210 String testUrl = "/instance/wildcard/permission/granted";
211 String testResponse = "Response from MockRestService";
214 .expect(requestTo(primaryServiceBaseUrl + testUrl))
215 .andExpect(method(HttpMethod.GET))
216 .andExpect(header(transactionIdHeaderName, transactionId))
217 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
219 // Send request to mock server with transaction Id
221 .perform(MockMvcRequestBuilders
223 .accept(MediaType.APPLICATION_JSON)
224 .header(transactionIdHeaderName, transactionId)
225 .header("PermissionsUser", "UserWithInstanceWildcardPermissionGranted")
227 .andExpect(status().isOk())
228 .andExpect(content().string(equalTo(testResponse)));
235 public void testURIActionWildCardPermissionMatch() throws Exception {
237 String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4";
238 String testUrl = "/action/wildcard/permission/granted";
239 String testResponse = "Response from MockRestService";
242 .expect(requestTo(primaryServiceBaseUrl + testUrl))
243 .andExpect(method(HttpMethod.GET))
244 .andExpect(header(transactionIdHeaderName, transactionId))
245 .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
247 // Send request to mock server with transaction Id
249 .perform(MockMvcRequestBuilders
251 .accept(MediaType.APPLICATION_JSON)
252 .header(transactionIdHeaderName, transactionId)
253 .header("PermissionsUser", "UserWithActionWildcardPermissionGranted")
255 .andExpect(status().isOk())
256 .andExpect(content().string(equalTo(testResponse)));