2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.dmaap.dbcapi.resources;
22 import static org.junit.Assert.assertEquals;
23 import static org.junit.Assert.assertNotNull;
24 import static org.junit.Assert.assertNull;
25 import static org.mockito.Matchers.anyString;
26 import static org.mockito.Matchers.eq;
27 import static org.mockito.Mockito.doReturn;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.verify;
30 import static org.mockito.Mockito.verifyNoMoreInteractions;
31 import static org.mockito.Mockito.verifyZeroInteractions;
32 import static org.mockito.Mockito.when;
34 import java.io.PrintWriter;
35 import java.io.StringWriter;
36 import javax.servlet.FilterChain;
37 import javax.servlet.FilterConfig;
38 import javax.servlet.http.HttpServletRequest;
39 import javax.servlet.http.HttpServletResponse;
40 import org.junit.Before;
41 import org.junit.Test;
42 import org.junit.runner.RunWith;
43 import org.mockito.Mock;
44 import org.mockito.Spy;
45 import org.mockito.runners.MockitoJUnitRunner;
46 import org.onap.dmaap.dbcapi.model.Dmaap;
47 import org.onap.dmaap.dbcapi.service.DmaapService;
48 import org.onap.dmaap.dbcapi.util.DmaapConfig;
49 import org.onap.dmaap.dbcapi.util.PermissionBuilder;
50 import sun.security.acl.PrincipalImpl;
52 @RunWith(MockitoJUnitRunner.class)
53 public class AAFAuthorizationFilterTest {
56 private AAFAuthorizationFilter filter;
58 private FilterConfig filterConfig;
60 private HttpServletRequest servletRequest;
62 private HttpServletResponse servletResponse;
64 private FilterChain filterChain;
66 private DmaapConfig dmaapConfig;
68 private PermissionBuilder permissionBuilder;
70 private DmaapService dmaapService;
73 public void setUp() throws Exception {
74 filter.setPermissionBuilder(permissionBuilder);
75 doReturn(dmaapConfig).when(filter).getConfig();
76 doReturn(dmaapService).when(filter).getDmaapService();
80 public void init_shouldNotInitializePermissionBuilder_whenAAFnotUsed() throws Exception {
82 filter.setPermissionBuilder(null);
83 configureAAFUsage(false);
86 filter.init(filterConfig);
89 assertNull(filter.getPermissionBuilder());
93 public void init_shouldInitializePermissionBuilder_whenAAFisUsed() throws Exception {
95 filter.setPermissionBuilder(null);
96 configureAAFUsage(true);
97 //doReturn(provideEmptyInstance()).when(dmaapService).getDmaap();
98 when(dmaapService.getDmaap()).thenReturn(mock(Dmaap.class));
101 filter.init(filterConfig);
104 assertNotNull(permissionBuilder);
108 public void doFilter_shouldSkipAuthorization_whenAAFnotUsed() throws Exception {
110 filter.setAafEnabled(false);
113 filter.doFilter(servletRequest,servletResponse,filterChain);
116 verify(filterChain).doFilter(servletRequest,servletResponse);
117 verifyNoMoreInteractions(filterChain);
118 verifyZeroInteractions(permissionBuilder, servletRequest, servletResponse);
122 public void doFilter_shouldPass_whenUserHasPermissionToResourceEndpoint() throws Exception {
124 String user = "johnny";
125 String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
126 when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
127 configureServletRequest(permission, user, true);
128 filter.setAafEnabled(true);
131 filter.doFilter(servletRequest,servletResponse,filterChain);
134 verify(filterChain).doFilter(servletRequest,servletResponse);
135 verify(permissionBuilder).updateDmaapInstance();
136 verifyZeroInteractions(servletResponse);
140 public void doFilter_shouldReturnError_whenUserDontHavePermissionToResourceEndpoint() throws Exception {
142 String user = "jack";
143 String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
144 when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
145 configureServletRequest(permission, user, false);
146 filter.setAafEnabled(true);
148 String errorMsgJson = "{\"code\":403,\"message\":\"User "+user+" does not have permission "
149 + permission +"\",\"fields\":\"Authorization\",\"2xx\":false}";
150 StringWriter sw = new StringWriter();
151 PrintWriter pw = new PrintWriter(sw);
152 when(servletResponse.getWriter()).thenReturn(pw);
155 filter.doFilter(servletRequest,servletResponse,filterChain);
158 verifyZeroInteractions(filterChain);
159 verify(permissionBuilder).updateDmaapInstance();
160 verify(servletResponse).setStatus(403);
161 assertEquals(errorMsgJson, sw.toString());
164 private void configureServletRequest(String permission, String user, boolean isUserInRole) {
165 when(servletRequest.getUserPrincipal()).thenReturn(new PrincipalImpl(user));
166 when(servletRequest.isUserInRole(permission)).thenReturn(isUserInRole);
169 private void configureAAFUsage(Boolean isUsed) {
170 doReturn(isUsed.toString()).when(dmaapConfig).getProperty(eq(AAFAuthorizationFilter.AAF_AUTHZ_FLAG), anyString());