dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * org.onap.dmaap
   4  * ================================================================================
   5  * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20 package org.onap.dmaap.dbcapi.resources;
  21
  22 import static org.junit.Assert.assertEquals;
  23 import static org.junit.Assert.assertNotNull;
  24 import static org.junit.Assert.assertNull;
  25 import static org.mockito.Matchers.anyString;
  26 import static org.mockito.Matchers.eq;
  27 import static org.mockito.Mockito.doReturn;
  28 import static org.mockito.Mockito.mock;
  29 import static org.mockito.Mockito.verify;
  30 import static org.mockito.Mockito.verifyNoMoreInteractions;
  31 import static org.mockito.Mockito.verifyZeroInteractions;
  32 import static org.mockito.Mockito.when;
  33
  34 import java.io.PrintWriter;
  35 import java.io.StringWriter;
  36 import com.sun.security.auth.UserPrincipal;
  37 import javax.servlet.FilterChain;
  38 import javax.servlet.FilterConfig;
  39 import javax.servlet.http.HttpServletRequest;
  40 import javax.servlet.http.HttpServletResponse;
  41 import org.junit.Before;
  42 import org.junit.BeforeClass;
  43 import org.junit.Test;
  44 import org.junit.runner.RunWith;
  45 import org.mockito.Mock;
  46 import org.mockito.Spy;
  47 import org.mockito.runners.MockitoJUnitRunner;
  48 import org.onap.dmaap.dbcapi.model.Dmaap;
  49 import org.onap.dmaap.dbcapi.service.DmaapService;
  50 import org.onap.dmaap.dbcapi.util.DmaapConfig;
  51 import org.onap.dmaap.dbcapi.util.PermissionBuilder;
  52
  53 @RunWith(MockitoJUnitRunner.class)
  54 public class AAFAuthorizationFilterTest {
  55
  56     @Spy
  57     private AAFAuthorizationFilter filter;
  58     @Mock
  59     private FilterConfig filterConfig;
  60     @Mock
  61     private HttpServletRequest servletRequest;
  62     @Mock
  63     private HttpServletResponse servletResponse;
  64     @Mock
  65     private FilterChain filterChain;
  66     @Mock
  67     private DmaapConfig dmaapConfig;
  68     @Mock
  69     private PermissionBuilder permissionBuilder;
  70     @Mock
  71     private DmaapService dmaapService;
  72
  73     @BeforeClass
  74     public static void setUpClass(){
  75         System.setProperty("ConfigFile", "src/test/resources/dmaapbc.properties");
  76     }
  77     @Before
  78     public void setUp() throws Exception {
  79         filter.setPermissionBuilder(permissionBuilder);
  80         doReturn(dmaapConfig).when(filter).getConfig();
  81         doReturn(dmaapService).when(filter).getDmaapService();
  82     }
  83
  84     @Test
  85     public void init_shouldNotInitializePermissionBuilder_whenAAFnotUsed() throws Exception {
  86         //given
  87         filter.setPermissionBuilder(null);
  88         configureAAFUsage(false);
  89
  90         //when
  91         filter.init(filterConfig);
  92
  93         //then
  94         assertNull(filter.getPermissionBuilder());
  95     }
  96
  97     @Test
  98     public void init_shouldInitializePermissionBuilder_whenAAFisUsed() throws Exception {
  99         //given
 100         filter.setPermissionBuilder(null);
 101         configureAAFUsage(true);
 102         //doReturn(provideEmptyInstance()).when(dmaapService).getDmaap();
 103         when(dmaapService.getDmaap()).thenReturn(mock(Dmaap.class));
 104
 105         //when
 106         filter.init(filterConfig);
 107
 108         //then
 109         assertNotNull(permissionBuilder);
 110     }
 111
 112     @Test
 113     public void doFilter_shouldSkipAuthorization_whenAAFnotUsed() throws Exception {
 114         //given
 115         filter.setCadiEnabled(false);
 116
 117         //when
 118         filter.doFilter(servletRequest,servletResponse,filterChain);
 119
 120         //then
 121         verify(filterChain).doFilter(servletRequest,servletResponse);
 122         verifyNoMoreInteractions(filterChain);
 123         verifyZeroInteractions(permissionBuilder, servletRequest, servletResponse);
 124     }
 125
 126     @Test
 127     public void doFilter_shouldPass_whenUserHasPermissionToResourceEndpoint() throws Exception {
 128         //given
 129         String user = "johnny";
 130         String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
 131         when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
 132         configureServletRequest(permission, user, true);
 133         filter.setCadiEnabled(true);
 134
 135         //when
 136         filter.doFilter(servletRequest,servletResponse,filterChain);
 137
 138         //then
 139         verify(filterChain).doFilter(servletRequest,servletResponse);
 140         verify(permissionBuilder).updateDmaapInstance();
 141         verifyZeroInteractions(servletResponse);
 142     }
 143
 144     @Test
 145     public void doFilter_shouldReturnError_whenUserDontHavePermissionToResourceEndpoint() throws Exception {
 146         //given
 147         String user = "jack";
 148         String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
 149         when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
 150         configureServletRequest(permission, user, false);
 151         filter.setCadiEnabled(true);
 152
 153         String errorMsgJson = "{\"code\":403,\"message\":\"User "+user+" does not have permission "
 154             + permission +"\",\"fields\":\"Authorization\",\"2xx\":false}";
 155         StringWriter sw = new StringWriter();
 156         PrintWriter pw = new PrintWriter(sw);
 157         when(servletResponse.getWriter()).thenReturn(pw);
 158
 159         //when
 160         filter.doFilter(servletRequest,servletResponse,filterChain);
 161
 162         //then
 163         verifyZeroInteractions(filterChain);
 164         verify(permissionBuilder).updateDmaapInstance();
 165         verify(servletResponse).setStatus(403);
 166         assertEquals(errorMsgJson, sw.toString());
 167     }
 168
 169     private void configureServletRequest(String permission, String user, boolean isUserInRole) {
 170         when(servletRequest.getUserPrincipal()).thenReturn(new UserPrincipal(user));
 171         when(servletRequest.isUserInRole(permission)).thenReturn(isUserInRole);
 172     }
 173
 174     private void configureAAFUsage(Boolean isUsed) {
 175         doReturn(isUsed.toString()).when(dmaapConfig).getProperty(eq(AAFAuthorizationFilter.CADI_AUTHZ_FLAG), anyString());
 176     }
 177 }