2 * ============LICENSE_START=======================================================
3 * org.onap.dcaegen2.collectors.ves
4 * ================================================================================
5 * Copyright (C) 2018 - 2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dcae.restapi;
23 import org.junit.Test;
24 import org.junit.runner.RunWith;
25 import org.mockito.InjectMocks;
26 import org.mockito.Mock;
27 import org.mockito.junit.MockitoJUnitRunner;
28 import org.onap.dcae.ApplicationSettings;
29 import org.onap.dcae.common.configuration.AuthMethodType;
30 import org.slf4j.Logger;
31 import org.springframework.http.HttpStatus;
32 import org.springframework.mock.web.MockHttpServletRequest;
33 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
35 import javax.servlet.http.HttpServletRequest;
36 import javax.servlet.http.HttpServletResponse;
37 import java.io.IOException;
38 import java.io.PrintWriter;
40 import static org.junit.Assert.assertFalse;
41 import static org.junit.Assert.assertTrue;
42 import static org.mockito.Mockito.verify;
43 import static org.mockito.Mockito.when;
45 @RunWith(MockitoJUnitRunner.Silent.class)
46 public class ApiAuthInterceptionTest {
47 private static final int HTTP_PORT = 8080;
48 private static final int OUTSIDE_PORT = 30235;
49 private static final String HEALTHCHECK_URL = "/healthcheck";
55 private ApplicationSettings settings;
58 private HttpServletResponse response;
64 private PrintWriter writer;
67 private ApiAuthInterceptor sut;
71 public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException {
73 final HttpServletRequest request = createEmptyRequest();
75 when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value());
78 final boolean isAuthorized = sut.preHandle(request, response, obj);
81 assertTrue(isAuthorized);
85 public void shouldSucceedForHealthcheckOnHealthcheckPortWhenRequestFromInsideCluster() throws IOException {
87 final HttpServletRequest request = createRequestWithPorts(HTTP_PORT, HTTP_PORT, HEALTHCHECK_URL);
89 when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
90 when(settings.httpPort()).thenReturn(HTTP_PORT);
92 final boolean isAuthorized = sut.preHandle(request, response, obj);
95 assertTrue(isAuthorized);
99 public void shouldFailForHealthcheckOnHealthcheckPortWhenRequestFromOutsideCluster() throws IOException {
101 final HttpServletRequest request = createRequestWithPorts(HTTP_PORT, OUTSIDE_PORT, HEALTHCHECK_URL);
103 when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
104 when(settings.httpPort()).thenReturn(HTTP_PORT);
105 when(response.getWriter()).thenReturn(writer);
108 final boolean isAuthorized = sut.preHandle(request, response, obj);
111 assertFalse(isAuthorized);
112 verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
116 public void shouldFailDueToNotPermittedOperationOnHealthcheckPort() throws IOException {
118 final HttpServletRequest request = createRequestWithPorts(HTTP_PORT, HTTP_PORT, "/");
120 when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value());
121 when(settings.httpPort()).thenReturn(HTTP_PORT);
122 when(response.getWriter()).thenReturn(writer);
125 final boolean isAuthorized = sut.preHandle(request, response, obj);
128 assertFalse(isAuthorized);
129 verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
132 private HttpServletRequest createEmptyRequest() {
133 return MockMvcRequestBuilders
138 private HttpServletRequest createRequestWithPorts(int localPort, int serverPort, String urlTemplate) {
139 MockHttpServletRequest healthcheckRequest = MockMvcRequestBuilders
142 healthcheckRequest.setLocalPort(localPort);
143 healthcheckRequest.setServerPort(serverPort);
144 return healthcheckRequest;