2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.dmaap.dbcapi.resources;
22 import static org.junit.Assert.assertEquals;
23 import static org.junit.Assert.assertFalse;
24 import static org.junit.Assert.assertNotNull;
25 import static org.junit.Assert.assertNull;
26 import static org.junit.Assert.assertTrue;
27 import static org.mockito.Matchers.anyString;
28 import static org.mockito.Matchers.eq;
29 import static org.mockito.Mockito.doReturn;
30 import static org.mockito.Mockito.verify;
31 import static org.mockito.Mockito.verifyNoMoreInteractions;
32 import static org.mockito.Mockito.verifyZeroInteractions;
34 import java.io.PrintWriter;
35 import java.io.StringWriter;
36 import javax.servlet.FilterChain;
37 import javax.servlet.FilterConfig;
38 import javax.servlet.ServletException;
39 import javax.servlet.http.HttpServletRequest;
40 import javax.servlet.http.HttpServletResponse;
41 import org.junit.Before;
42 import org.junit.Rule;
43 import org.junit.Test;
44 import org.junit.rules.ExpectedException;
45 import org.junit.runner.RunWith;
46 import org.mockito.Mock;
47 import org.mockito.Spy;
48 import org.mockito.runners.MockitoJUnitRunner;
49 import org.onap.aaf.cadi.filter.CadiFilter;
50 import org.onap.dmaap.dbcapi.util.DmaapConfig;
52 @RunWith(MockitoJUnitRunner.class)
53 public class AAFAuthenticationFilterTest {
56 private AAFAuthenticationFilter filter;
58 private FilterConfig filterConfig;
60 private CadiFilter cadiFilterMock;
62 private HttpServletRequest servletRequest;
64 private HttpServletResponse servletResponse;
66 private FilterChain filterChain;
68 private DmaapConfig dmaapConfig;
71 public ExpectedException thrown = ExpectedException.none();
74 public void setUp() throws Exception {
75 doReturn(dmaapConfig).when(filter).getConfig();
79 public void init_shouldNotInitializeCADI_whenAafIsNotUsed() throws Exception {
81 doReturn("false").when(dmaapConfig).getProperty(eq(AAFAuthenticationFilter.AAF_AUTHN_FLAG), anyString());
84 filter.init(filterConfig);
87 assertFalse(filter.isAafEnabled());
88 assertNull(filter.getCadiFilter());
92 public void doFilter_shouldSkipCADI_whenAafIsNotUsed() throws Exception {
94 doReturn("false").when(dmaapConfig).getProperty(eq(AAFAuthenticationFilter.AAF_AUTHN_FLAG), anyString());
95 filter.init(filterConfig);
96 filter.setCadiFilter(cadiFilterMock);
99 filter.doFilter(servletRequest, servletResponse, filterChain);
102 verify(filterChain).doFilter(servletRequest,servletResponse);
103 verifyZeroInteractions(cadiFilterMock,servletRequest,servletResponse);
107 public void init_shouldFail_whenAafIsUsed_andCadiPropertiesHasNotBeenSet() throws Exception {
109 doReturn("true").when(dmaapConfig).getProperty(eq(AAFAuthenticationFilter.AAF_AUTHN_FLAG), anyString());
110 doReturn("").when(dmaapConfig).getProperty(AAFAuthenticationFilter.CADI_PROPERTIES);
113 thrown.expect(ServletException.class);
114 thrown.expectMessage("Cannot initialize CADI filter.CADI properties not available.");
117 filter.init(filterConfig);
121 public void init_shouldInitializeCADI_whenAafIsUsed_andCadiPropertiesSet() throws Exception {
123 doReturn("true").when(dmaapConfig).getProperty(eq(AAFAuthenticationFilter.AAF_AUTHN_FLAG), anyString());
124 doReturn("cadi.properties").when(dmaapConfig).getProperty(AAFAuthenticationFilter.CADI_PROPERTIES);
127 filter.init(filterConfig);
130 assertTrue(filter.isAafEnabled());
131 assertNotNull(filter.getCadiFilter());
135 public void doFilter_shouldUseCADIfilter_andAuthenticateUser_whenAAFisUsed_andUserIsValid() throws Exception{
138 doReturn(200).when(servletResponse).getStatus();
141 filter.doFilter(servletRequest,servletResponse,filterChain);
144 verify(cadiFilterMock).doFilter(servletRequest,servletResponse,filterChain);
145 verify(servletResponse).getStatus();
146 verifyNoMoreInteractions(servletResponse);
147 verifyZeroInteractions(filterChain, servletRequest);
151 public void doFilter_shouldUseCADIfilter_andReturnAuthenticationError_whenAAFisUsed_andUserInvalid() throws Exception{
153 String errorResponseJson = "{\"code\":401,\"message\":\"invalid or no credentials provided\",\"fields\":\"Authentication\",\"2xx\":false}";
155 doReturn(401).when(servletResponse).getStatus();
156 StringWriter sw = new StringWriter();
157 PrintWriter pw = new PrintWriter(sw);
158 doReturn(pw).when(servletResponse).getWriter();
161 filter.doFilter(servletRequest,servletResponse,filterChain);
164 verify(cadiFilterMock).doFilter(servletRequest,servletResponse,filterChain);
165 verify(servletResponse).getStatus();
166 verify(servletResponse).setContentType("application/json");
167 verifyZeroInteractions(filterChain, servletRequest);
168 assertEquals(errorResponseJson, sw.toString());
171 private void initCADIFilter() throws Exception{
172 doReturn("true").when(dmaapConfig).getProperty(eq(AAFAuthenticationFilter.AAF_AUTHN_FLAG), anyString());
173 doReturn("cadi.properties").when(dmaapConfig).getProperty(AAFAuthenticationFilter.CADI_PROPERTIES);
174 filter.init(filterConfig);
175 filter.setCadiFilter(cadiFilterMock);