* ============LICENSE_START=======================================================
* org.onap.aai
* ================================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017 European Software Marketing Ltd.
+ * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2017-2019 European Software Marketing Ltd.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
- *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
+
package org.onap.aai.babel;
-import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
+import java.util.concurrent.TimeUnit;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
+import org.junit.Before;
import org.junit.Test;
import org.onap.aai.auth.AAIAuthException;
import org.onap.aai.auth.AAIMicroServiceAuth;
import org.springframework.mock.web.MockHttpServletRequest;
/**
- * Tests @{link AAIMicroServiceAuth}
+ * Tests @{link AAIMicroServiceAuth}.
*/
public class MicroServiceAuthTest {
private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us";
private static final String authPolicyFile = "auth_policy.json";
- static {
- System.setProperty("CONFIG_HOME",
- System.getProperty("user.dir") + File.separator + "src/test/resources");
+ @Before
+ public void setup() {
+ System.setProperty("CONFIG_HOME", "src/test/resources");
+ }
+
+ /**
+ * Test authorization of a request when authentication is disabled.
+ *
+ * @throws AAIAuthException
+ * if the test creates invalid Auth Policy roles
+ */
+ @Test
+ public void testAuthenticationDisabled() throws AAIAuthException {
+ BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
+ babelAuthConfig.setAuthenticationDisable(true);
+ AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelAuthConfig);
+ assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "any/uri"), is(true));
}
/**
- * Temporarily invalidate the default policy file and then try to initialise the authorisation class using the name
+ * Temporarily invalidate the default policy file and then try to initialize the authorization class using the name
* of a policy file that does not exist.
- *
+ *
* @throws AAIAuthException
- * @throws IOException
+ * if the Auth policy file cannot be loaded
*/
@Test(expected = AAIAuthException.class)
- public void missingPolicyFile() throws AAIAuthException, IOException {
+ public void missingPolicyFile() throws AAIAuthException {
String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
try {
AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
- BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig();
- gapServiceAuthConfig.setAuthPolicyFile("invalid.file.name");
- new AAIMicroServiceAuth(gapServiceAuthConfig);
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile("invalid.file.name");
+ new AAIMicroServiceAuth(babelServiceAuthConfig);
} finally {
AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
}
}
/**
- * Test loading of a temporary file created with the specified roles
- *
+ * Temporarily invalidate the default policy file and then try to initialize the authorization class using a null
+ * policy file name.
+ *
+ * @throws AAIAuthException
+ * if the Auth policy file cannot be loaded
+ */
+ @Test(expected = AAIAuthException.class)
+ public void testNullPolicyFile() throws AAIAuthException {
+ String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
+ try {
+ AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile(null);
+ new AAIMicroServiceAuth(babelServiceAuthConfig);
+ } finally {
+ AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
+ }
+ }
+
+ /**
+ * Test loading of a temporary file created with the specified roles.
+ *
* @throws AAIAuthException
+ * if the test creates invalid Auth Policy roles
* @throws IOException
+ * for I/O failures
* @throws JSONException
+ * if this test creates an invalid JSON object
*/
@Test
- public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException {
+ public void createLocalAuthFile() throws JSONException, AAIAuthException, IOException {
JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
- AAIMicroServiceAuth auth = createAuthService(roles);
- assertThat(auth.authorize("nosuchuser", "method:func"), is(false));
- assertThat(auth.authorize("user", "method:func"), is(true));
+ createAuthService(roles);
+ assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false));
+ assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true));
}
/**
- * Test that the default policy file is loaded when a non-existent file is passed to the authorisation clas.
- *
+ * Test re-loading of users by changing the contents of a temporary file.
+ *
+ * @throws JSONException
+ * if this test creates an invalid JSON object
* @throws AAIAuthException
+ * if the test creates invalid Auth Policy roles
+ * @throws IOException
+ * for I/O failures
+ * @throws InterruptedException
+ * if interrupted while sleeping
+ */
+ @Test
+ public void createLocalAuthFileOnChange()
+ throws JSONException, AAIAuthException, IOException, InterruptedException {
+ JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
+ File file = createTempPolicyFile(roles);
+
+ BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
+ babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
+ new AAIMicroServiceAuth(babelAuthConfig);
+
+ // Make changes to the temp file
+ FileWriter fileWriter = new FileWriter(file);
+ fileWriter.write("");
+ fileWriter.flush();
+ fileWriter.close();
+
+ // Wait for the file to be reloaded
+ TimeUnit.SECONDS.sleep(3);
+
+ AAIMicroServiceAuthCore.cleanup();
+ }
+
+ /**
+ * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class.
+ *
+ * @throws AAIAuthException
+ * if the Auth Policy cannot be loaded
*/
@Test
public void createAuthFromDefaultFile() throws AAIAuthException {
- BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig();
- gapServiceAuthConfig.setAuthPolicyFile("non-existent-file");
- AAIMicroServiceAuth auth = new AAIMicroServiceAuth(gapServiceAuthConfig);
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile("non-existent-file");
+ AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelServiceAuthConfig);
// The default policy will have been loaded
assertAdminUserAuthorisation(auth, VALID_ADMIN_USER);
}
/**
- * Test loading of the policy file relative to CONFIG_HOME
- *
+ * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class and
+ * CONFIG_HOME is not set.
+ *
+ * @throws AAIAuthException
+ * if the Auth Policy cannot be loaded
+ */
+ @Test
+ public void createAuthFromDefaultFileAppHome() throws AAIAuthException {
+ System.clearProperty("CONFIG_HOME");
+ System.setProperty("APP_HOME", "src/test/resources");
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile("non-existent-file");
+ new AAIMicroServiceAuth(babelServiceAuthConfig);
+ // The default policy will have been loaded from APP_HOME/appconfig
+ }
+
+ /**
+ * Test loading of the policy file relative to CONFIG_HOME.
+ *
* @throws AAIAuthException
+ * if the Auth Policy cannot be loaded
*/
@Test
public void createAuth() throws AAIAuthException {
@Test
public void testAuthUser() throws AAIAuthException {
- AAIMicroServiceAuth auth = createStandardAuth();
- assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK")));
- assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101")));
+ createStandardAuth();
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false));
}
-
-
@Test
public void testValidateRequest() throws AAIAuthException {
AAIMicroServiceAuth auth = createStandardAuth();
- assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/gap"), is(false));
+ assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/babel"), is(false));
}
private AAIMicroServiceAuth createStandardAuth() throws AAIAuthException {
- BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig();
- gapServiceAuthConfig.setAuthPolicyFile(authPolicyFile);
- return new AAIMicroServiceAuth(gapServiceAuthConfig);
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile(authPolicyFile);
+ return new AAIMicroServiceAuth(babelServiceAuthConfig);
}
/**
- * @param rolesJson
- * @return
+ * Create a test Auth policy JSON file and pass this to the Auth Service.
+ *
+ * @param roles
+ * the Auth policy JSON content
+ * @return a new Auth Service configured with the supplied roles
* @throws IOException
+ * for I/O failures
* @throws AAIAuthException
+ * if the auth policy file cannot be loaded
*/
- private AAIMicroServiceAuth createAuthService(JSONObject roles) throws IOException, AAIAuthException {
+ private AAIMicroServiceAuth createAuthService(JSONObject roles) throws AAIAuthException, IOException {
+ File file = createTempPolicyFile(roles);
BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
+ babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
+ return new AAIMicroServiceAuth(babelAuthConfig);
+ }
+
+ /**
+ * Create a temporary JSON file using the supplied roles.
+ *
+ * @param roles
+ * the roles to use to populate the new file
+ * @return the new temporary file
+ * @throws IOException
+ * for I/O errors
+ */
+ private File createTempPolicyFile(JSONObject roles) throws IOException {
File file = File.createTempFile("auth-policy", "json");
file.deleteOnExit();
FileWriter fileWriter = new FileWriter(file);
fileWriter.write(roles.toString());
fileWriter.flush();
fileWriter.close();
-
- babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
- return new AAIMicroServiceAuth(babelAuthConfig);
+ return file;
}
/**
- * Assert authorisation results for an admin user based on the test policy file
- *
+ * Assert authorisation results for an admin user based on the test policy file.
+ *
* @param auth
+ * the Auth Service to test
* @param adminUser
+ * admin username
* @throws AAIAuthException
+ * if the Auth Service is not initialized
*/
private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
- assertThat(auth.authorize(adminUser, "GET:actions"), is(true));
- assertThat(auth.authorize(adminUser, "POST:actions"), is(true));
- assertThat(auth.authorize(adminUser, "PUT:actions"), is(true));
- assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true));
}
private JSONArray createFunctionObject(String functionName) throws JSONException {
private JSONObject createRoleObject(String roleName, JSONArray usersArray, JSONArray functionsArray)
throws JSONException {
- JSONObject roles = new JSONObject();
-
JSONObject role = new JSONObject();
role.put("name", roleName);
role.put("functions", functionsArray);
JSONArray rolesArray = new JSONArray();
rolesArray.put(role);
- roles.put("roles", rolesArray);
+ JSONObject roles = new JSONObject();
+ roles.put("roles", rolesArray);
return roles;
}