1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import static org.hamcrest.Matchers.notNullValue;
26 import static org.mockito.Mockito.argThat;
27 import static org.mockito.Mockito.contains;
28 import static org.mockito.Mockito.eq;
29 import static org.mockito.Mockito.mock;
30 import static org.mockito.Mockito.verify;
31 import static org.mockito.Mockito.when;
32 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
34 import ch.qos.logback.classic.spi.ILoggingEvent;
35 import ch.qos.logback.core.read.ListAppender;
36 import java.sql.Connection;
37 import java.sql.SQLException;
38 import java.util.HashSet;
40 import javax.persistence.EntityManager;
41 import javax.persistence.EntityManagerFactory;
42 import javax.persistence.Persistence;
43 import javax.servlet.ServletInputStream;
44 import javax.servlet.ServletOutputStream;
45 import javax.servlet.http.HttpServletRequest;
46 import javax.servlet.http.HttpServletResponse;
47 import org.apache.commons.lang3.reflect.FieldUtils;
48 import org.jetbrains.annotations.NotNull;
49 import org.json.JSONArray;
50 import org.json.JSONObject;
51 import org.junit.AfterClass;
52 import org.junit.Before;
53 import org.junit.BeforeClass;
54 import org.junit.Test;
55 import org.junit.runner.RunWith;
56 import org.mockito.Mock;
57 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
58 import org.onap.dmaap.datarouter.authz.Authorizer;
59 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
60 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
61 import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
62 import org.powermock.modules.junit4.PowerMockRunner;
65 @RunWith(PowerMockRunner.class)
66 public class FeedServletTest extends DrServletTestBase {
68 private static FeedServlet feedServlet;
71 private HttpServletRequest request;
73 private HttpServletResponse response;
75 private static EntityManagerFactory emf;
76 private static EntityManager em;
78 private ListAppender<ILoggingEvent> listAppender;
81 public static void init() {
82 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
83 em = emf.createEntityManager();
85 "org.onap.dmaap.datarouter.provserver.properties",
86 "src/test/resources/h2Database.properties");
90 public static void tearDownClass() {
97 public void setUp() throws Exception {
98 listAppender = setTestLogger(FeedServlet.class);
99 feedServlet = new FeedServlet();
100 setAuthoriserToReturnRequestIsAuthorized();
101 setUpValidAuthorisedRequest();
102 setUpValidSecurityOnHttpRequest();
103 setUpValidContentHeadersAndJSONOnHttpRequest();
107 public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
109 when(request.isSecure()).thenReturn(false);
110 feedServlet.doDelete(request, response);
111 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
112 verifyEnteringExitCalled(listAppender);
116 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
118 setBehalfHeader(null);
119 feedServlet.doDelete(request, response);
120 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
124 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
125 when(request.getPathInfo()).thenReturn(null);
126 feedServlet.doDelete(request, response);
127 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
131 public void Given_Request_Is_HTTP_DELETE_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
132 when(request.getPathInfo()).thenReturn("/123");
133 feedServlet.doDelete(request, response);
134 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
138 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
139 setAuthoriserToReturnRequestNotAuthorized();
140 feedServlet.doDelete(request, response);
141 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
145 public void Given_Request_Is_HTTP_DELETE_And_AAF_Feed_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
146 when(request.getPathInfo()).thenReturn("/2");
147 feedServlet.doDelete(request, response);
148 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
152 public void Given_Request_Is_HTTP_DELETE_And_AAF_Feed_With_Permissions_Then_A_NO_CONTENT_Response_Is_Generated() {
153 when(request.getPathInfo()).thenReturn("/3");
154 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|delete")).thenReturn(true);
155 feedServlet.doDelete(request, response);
156 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
157 verifyEnteringExitCalled(listAppender);
161 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported()
163 FeedServlet feedServlet = new FeedServlet() {
164 protected boolean doUpdate(Updateable bean) {
168 feedServlet.doDelete(request, response);
170 .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
174 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated() throws Exception {
175 feedServlet.doDelete(request, response);
176 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
177 reinsertFeedIntoDb();
178 verifyEnteringExitCalled(listAppender);
182 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
184 when(request.isSecure()).thenReturn(false);
185 feedServlet.doGet(request, response);
186 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
187 verifyEnteringExitCalled(listAppender);
191 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
193 setBehalfHeader(null);
194 feedServlet.doGet(request, response);
195 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
199 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
201 when(request.getPathInfo()).thenReturn(null);
202 feedServlet.doGet(request, response);
203 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
207 public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
209 when(request.getPathInfo()).thenReturn("/123");
210 feedServlet.doGet(request, response);
211 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
215 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
217 setAuthoriserToReturnRequestNotAuthorized();
218 when(request.getPathInfo()).thenReturn("/2");
219 feedServlet.doGet(request, response);
220 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
224 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
225 ServletOutputStream outStream = mock(ServletOutputStream.class);
226 when(response.getOutputStream()).thenReturn(outStream);
227 when(request.getPathInfo()).thenReturn("/2");
228 feedServlet.doGet(request, response);
229 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
230 verifyEnteringExitCalled(listAppender);
234 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
236 when(request.isSecure()).thenReturn(false);
237 feedServlet.doPut(request, response);
238 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
239 verifyEnteringExitCalled(listAppender);
243 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
245 setBehalfHeader(null);
246 feedServlet.doPut(request, response);
247 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
251 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
253 when(request.getPathInfo()).thenReturn(null);
254 feedServlet.doPut(request, response);
255 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
259 public void Given_Request_Is_HTTP_PUT_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
261 when(request.getPathInfo()).thenReturn("/123");
262 feedServlet.doPut(request, response);
263 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
267 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
269 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed-fail; version=2.0");
270 when(request.getContentType()).thenReturn("stub_contentType");
271 when(request.getPathInfo()).thenReturn("/2");
272 feedServlet.doPut(request, response);
273 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
277 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
279 ServletInputStream inStream = mock(ServletInputStream.class);
280 when(request.getInputStream()).thenReturn(inStream);
281 when(request.getPathInfo()).thenReturn("/2");
282 FeedServlet feedServlet = new FeedServlet() {
283 public JSONObject getJSONfromInput(HttpServletRequest req) {
287 feedServlet.doPut(request, response);
288 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("Badly formed JSON"));
292 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Invalid_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
293 when(request.getPathInfo()).thenReturn("/2");
294 FeedServlet feedServlet = new FeedServlet() {
295 public JSONObject getJSONfromInput(HttpServletRequest req) {
296 return new JSONObject();
299 feedServlet.doPut(request, response);
300 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
304 public void Given_Request_Is_HTTP_PUT_And_Feed_Change_Is_Not_Publisher_Who_Requested_Feed_Bad_Request_Response_Is_Generated() throws Exception {
305 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
306 when(request.getPathInfo()).thenReturn("/2");
307 JSONObject JSObject = buildRequestJsonObject();
308 FeedServlet feedServlet = new FeedServlet() {
309 public JSONObject getJSONfromInput(HttpServletRequest req) {
310 JSONObject jo = new JSONObject();
311 jo.put("name", "stub_name");
312 jo.put("version", "1.0");
313 jo.put("authorization", JSObject);
317 feedServlet.doPut(request, response);
318 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("must be modified by the same publisher"));
322 public void Given_Request_Is_HTTP_PUT_And_Feed_Name_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
323 when(request.getPathInfo()).thenReturn("/2");
324 JSONObject JSObject = buildRequestJsonObject();
325 FeedServlet feedServlet = new FeedServlet() {
326 public JSONObject getJSONfromInput(HttpServletRequest req) {
327 JSONObject jo = new JSONObject();
328 jo.put("name", "not_stub_name");
329 jo.put("version", "1.0");
330 jo.put("authorization", JSObject);
334 feedServlet.doPut(request, response);
335 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("name of the feed may not be updated"));
339 public void Given_Request_Is_HTTP_PUT_And_Feed_Version_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
340 when(request.getPathInfo()).thenReturn("/2");
341 JSONObject JSObject = buildRequestJsonObject();
342 FeedServlet feedServlet = new FeedServlet() {
343 public JSONObject getJSONfromInput(HttpServletRequest req) {
344 JSONObject jo = new JSONObject();
345 jo.put("name", "AafFeed");
346 jo.put("version", "v0.2");
347 jo.put("authorization", JSObject);
351 feedServlet.doPut(request, response);
352 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("version of the feed may not be updated"));
356 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
357 setAuthoriserToReturnRequestNotAuthorized();
358 when(request.getPathInfo()).thenReturn("/2");
359 JSONObject JSObject = buildRequestJsonObject();
360 FeedServlet feedServlet = new FeedServlet() {
361 public JSONObject getJSONfromInput(HttpServletRequest req) {
362 JSONObject jo = new JSONObject();
363 jo.put("name", "AafFeed");
364 jo.put("version", "v0.1");
365 jo.put("authorization", JSObject);
369 feedServlet.doPut(request, response);
370 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Policy Engine disallows access"));
374 public void Given_Request_Is_HTTP_PUT_And_AAF_Feed_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
375 when(request.getPathInfo()).thenReturn("/2");
376 JSONObject JSObject = buildRequestJsonObject();
377 FeedServlet feedServlet = new FeedServlet() {
378 public JSONObject getJSONfromInput(HttpServletRequest req) {
379 JSONObject jo = new JSONObject();
380 jo.put("name", "AafFeed");
381 jo.put("version", "v0.1");
382 jo.put("authorization", JSObject);
383 jo.put("aaf_instance", "https://aaf-onap-test.osaaf.org:8095");
387 feedServlet.doPut(request, response);
388 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
392 public void Given_Request_Is_HTTP_PUT_And_AAF_Feed_With_Permissions_Then_STATUS_OK__Response_Is_Generated() throws Exception {
393 ServletOutputStream outStream = mock(ServletOutputStream.class);
394 when(response.getOutputStream()).thenReturn(outStream);
395 when(request.getPathInfo()).thenReturn("/2");
396 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|edit")).thenReturn(true);
397 JSONObject JSObject = buildRequestJsonObject();
398 FeedServlet feedServlet = new FeedServlet() {
399 public JSONObject getJSONfromInput(HttpServletRequest req) {
400 JSONObject jo = new JSONObject();
401 jo.put("name", "AafFeed");
402 jo.put("version", "v0.1");
403 jo.put("authorization", JSObject);
404 jo.put("aaf_instance", "*");
408 protected boolean doUpdate(Updateable bean) {
413 feedServlet.doPut(request, response);
414 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
415 verifyEnteringExitCalled(listAppender);
419 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Fails_An_Internal_Server_Error_Response_Is_Generated() throws Exception {
420 ServletOutputStream outStream = mock(ServletOutputStream.class);
421 when(response.getOutputStream()).thenReturn(outStream);
422 when(request.getPathInfo()).thenReturn("/2");
423 JSONObject JSObject = buildRequestJsonObject();
424 FeedServlet feedServlet = new FeedServlet() {
425 public JSONObject getJSONfromInput(HttpServletRequest req) {
426 JSONObject jo = new JSONObject();
427 jo.put("name", "AafFeed");
428 jo.put("version", "v0.1");
429 jo.put("authorization", JSObject);
434 protected boolean doUpdate(Updateable bean) {
438 feedServlet.doPut(request, response);
439 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
443 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Suceeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
444 ServletOutputStream outStream = mock(ServletOutputStream.class);
445 when(response.getOutputStream()).thenReturn(outStream);
446 when(request.getPathInfo()).thenReturn("/2");
447 JSONObject JSObject = buildRequestJsonObject();
448 FeedServlet feedServlet = new FeedServlet() {
449 public JSONObject getJSONfromInput(HttpServletRequest req) {
450 JSONObject jo = new JSONObject();
451 jo.put("name", "AafFeed");
452 jo.put("version", "v0.1");
453 jo.put("authorization", JSObject);
457 protected boolean doUpdate(Updateable bean) {
462 feedServlet.doPut(request, response);
463 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
464 verifyEnteringExitCalled(listAppender);
468 public void Given_Request_Is_HTTP_POST_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
469 feedServlet.doPost(request, response);
470 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
471 verifyEnteringExitCalled(listAppender);
475 private JSONObject buildRequestJsonObject() {
476 JSONObject JSObject = new JSONObject();
477 JSONArray endpointIDs = new JSONArray();
478 JSONObject JOEndpointIDs = new JSONObject();
479 JOEndpointIDs.put("id", "stub_endpoint_id");
480 JOEndpointIDs.put("password", "stub_endpoint_password");
481 endpointIDs.put(JOEndpointIDs);
483 JSONArray endpointAddresses = new JSONArray();
484 endpointAddresses.put("127.0.0.1");
486 JSObject.put("classification", "stub_classification");
487 JSObject.put("endpoint_ids", endpointIDs);
488 JSObject.put("endpoint_addrs", endpointAddresses);
492 private void setUpValidSecurityOnHttpRequest() throws Exception {
493 when(request.isSecure()).thenReturn(true);
494 Set<String> authAddressesAndNetworks = new HashSet<>();
495 authAddressesAndNetworks.add(("127.0.0.1"));
496 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,true);
497 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
500 private void setBehalfHeader(String headerValue) {
501 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
504 private void setValidPathInfoInHttpHeader() {
505 when(request.getPathInfo()).thenReturn("/1");
508 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
509 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
510 Authorizer authorizer = mock(Authorizer.class);
511 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
512 when(authorizer.decide(request)).thenReturn(authResponse);
513 when(authResponse.isAuthorized()).thenReturn(false);
516 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
517 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
518 Authorizer authorizer = mock(Authorizer.class);
519 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
520 when(authorizer.decide(request)).thenReturn(authResponse);
521 when(authResponse.isAuthorized()).thenReturn(true);
524 private void setUpValidAuthorisedRequest() throws Exception {
525 setUpValidSecurityOnHttpRequest();
526 setBehalfHeader("Stub_Value");
527 setValidPathInfoInHttpHeader();
530 private void setUpValidContentHeadersAndJSONOnHttpRequest() {
531 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.0");
532 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
535 private void reinsertFeedIntoDb() throws SQLException {
536 Feed feed = new Feed("Feed1","v0.1", "First Feed for testing", "First Feed for testing");
539 feed.setDeleted(false);
540 try (Connection conn = ProvDbUtils.getInstance().getConnection()) {