Search in sources :

Example 11 with ContainerRequest

use of com.sun.jersey.spi.container.ContainerRequest in project ORCID-Source by ORCID.

the class TokenTargetFilterTest method tokenUsedOnTheWrongUser12ApiTest.

@Test(expected = AccessControlException.class)
public void tokenUsedOnTheWrongUser12ApiTest() {
    setUpSecurityContext(ORCID1, CLIENT_ID, ScopePathType.READ_LIMITED);
    ContainerRequest request = Mockito.mock(ContainerRequest.class);
    Mockito.when(request.getPath()).thenReturn("http://api.test.orcid.org/v1.2/" + ORCID2);
    Mockito.when(request.getHeaderValue(ApiVersionFilter.API_VERSION_REQUEST_ATTRIBUTE_NAME)).thenReturn("1.2");
    TokenTargetFilter filter = new TokenTargetFilter();
    filter.filter(request);
    fail();
}
Also used : ContainerRequest(com.sun.jersey.spi.container.ContainerRequest) Test(org.junit.Test)

Example 12 with ContainerRequest

use of com.sun.jersey.spi.container.ContainerRequest in project ORCID-Source by ORCID.

the class ApiVersionCheckFilterTest method api2_0_rc4VersionTest.

@Test
public void api2_0_rc4VersionTest() {
    MockHttpServletRequest mockReq = new MockHttpServletRequest();
    mockReq.setAttribute("X-Forwarded-Proto", "https");
    OrcidHttpServletRequestWrapper requestWrapper = new OrcidHttpServletRequestWrapper(mockReq);
    WebApplication webApp = Mockito.mock(WebApplication.class, Mockito.RETURNS_MOCKS);
    URI baseUri = URI.create("http://localhost:8443/orcid-api-web/");
    URI requestUri = URI.create("http://localhost:8443/orcid-api-web/v2.0_rc4/0000-0001-7510-9252/activities");
    InBoundHeaders headers = new InBoundHeaders();
    ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "POST", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "PUT", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "DELETE", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "GET", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
}
Also used : InBoundHeaders(com.sun.jersey.core.header.InBoundHeaders) ByteArrayInputStream(java.io.ByteArrayInputStream) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ContainerRequest(com.sun.jersey.spi.container.ContainerRequest) WebApplication(com.sun.jersey.spi.container.WebApplication) URI(java.net.URI) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) Test(org.junit.Test)

Example 13 with ContainerRequest

use of com.sun.jersey.spi.container.ContainerRequest in project ORCID-Source by ORCID.

the class ApiVersionCheckFilterTest method apiOauthTokenTest.

@Test
public void apiOauthTokenTest() {
    MockHttpServletRequest mockReq = new MockHttpServletRequest();
    mockReq.setAttribute("X-Forwarded-Proto", "https");
    OrcidHttpServletRequestWrapper requestWrapper = new OrcidHttpServletRequestWrapper(mockReq);
    WebApplication webApp = Mockito.mock(WebApplication.class, Mockito.RETURNS_MOCKS);
    URI baseUri = URI.create("http://localhost:8443/orcid-api-web/");
    URI requestUri = URI.create("http://localhost:8443/orcid-api-web/oauth/token");
    InBoundHeaders headers = new InBoundHeaders();
    ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "POST", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
}
Also used : InBoundHeaders(com.sun.jersey.core.header.InBoundHeaders) ByteArrayInputStream(java.io.ByteArrayInputStream) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ContainerRequest(com.sun.jersey.spi.container.ContainerRequest) WebApplication(com.sun.jersey.spi.container.WebApplication) URI(java.net.URI) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) Test(org.junit.Test)

Example 14 with ContainerRequest

use of com.sun.jersey.spi.container.ContainerRequest in project ORCID-Source by ORCID.

the class ApiVersionCheckFilterTest method api2_0VersionTest.

@Test
public void api2_0VersionTest() {
    MockHttpServletRequest mockReq = new MockHttpServletRequest();
    mockReq.setAttribute("X-Forwarded-Proto", "https");
    OrcidHttpServletRequestWrapper requestWrapper = new OrcidHttpServletRequestWrapper(mockReq);
    WebApplication webApp = Mockito.mock(WebApplication.class, Mockito.RETURNS_MOCKS);
    URI baseUri = URI.create("http://localhost:8443/orcid-api-web/");
    URI requestUri = URI.create("http://localhost:8443/orcid-api-web/v2.0/0000-0001-7510-9252/activities");
    InBoundHeaders headers = new InBoundHeaders();
    ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "POST", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "PUT", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "DELETE", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
    try {
        ContainerRequest containerRequest = new ContainerRequest(webApp, "GET", baseUri, requestUri, headers, inputStream);
        ApiVersionCheckFilter filter = new ApiVersionCheckFilter(requestWrapper);
        filter.filter(containerRequest);
    } catch (Exception e) {
        fail();
    }
}
Also used : InBoundHeaders(com.sun.jersey.core.header.InBoundHeaders) ByteArrayInputStream(java.io.ByteArrayInputStream) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ContainerRequest(com.sun.jersey.spi.container.ContainerRequest) WebApplication(com.sun.jersey.spi.container.WebApplication) URI(java.net.URI) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) Test(org.junit.Test)

Example 15 with ContainerRequest

use of com.sun.jersey.spi.container.ContainerRequest in project simba-os by cegeka.

the class SimbaAuthenticatedInjectable method getValue.

@Override
public P getValue(HttpContext httpContext) {
    SimbaCredentials credentials;
    try {
        final ContainerRequest containerRequest = (ContainerRequest) httpContext.getRequest();
        credentials = simbaCredentialsFactory.create(containerRequest);
        final Optional<SimbaPrincipal> result = authenticator.authenticate(credentials);
        if (result.isPresent()) {
            return domainProvider.lookUp(result.get());
        }
    } catch (AuthenticationException e) {
        log.error("Something went wrong in the authentication process", e);
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Something went wrong in the authentication process").type(MediaType.APPLICATION_JSON).build());
    }
    if (required) {
        log.warn("Error authenticating credentials: {}", credentials.getSsoToken());
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("You are not allowed to access this resource").type(MediaType.APPLICATION_JSON).build());
    }
    return null;
}
Also used : SimbaPrincipal(org.simbasecurity.dwclient.dropwizard.credentials.SimbaPrincipal) WebApplicationException(javax.ws.rs.WebApplicationException) SimbaCredentials(org.simbasecurity.dwclient.dropwizard.credentials.SimbaCredentials) AuthenticationException(com.yammer.dropwizard.auth.AuthenticationException) ContainerRequest(com.sun.jersey.spi.container.ContainerRequest)

Aggregations

ContainerRequest (com.sun.jersey.spi.container.ContainerRequest)43 Test (org.junit.Test)37 InBoundHeaders (com.sun.jersey.core.header.InBoundHeaders)16 WebApplication (com.sun.jersey.spi.container.WebApplication)10 ByteArrayInputStream (java.io.ByteArrayInputStream)10 URI (java.net.URI)9 OrcidBadRequestException (org.orcid.core.exception.OrcidBadRequestException)9 SimbaCredentials (org.simbasecurity.dwclient.dropwizard.credentials.SimbaCredentials)6 ContainerResponse (com.sun.jersey.spi.container.ContainerResponse)5 THttpClient (org.apache.thrift.transport.THttpClient)5 Client (org.simbasecurity.api.service.thrift.AuthenticationFilterService.Client)5 RequestData (org.simbasecurity.api.service.thrift.RequestData)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)4 XForwardFilter (org.neo4j.server.web.XForwardFilter)4 ActionDescriptor (org.simbasecurity.api.service.thrift.ActionDescriptor)4 ContainerRequestBuilderForTests (org.simbasecurity.dwclient.test.dropwizard.matchers.ContainerRequestBuilderForTests)4 ActionDescriptorBuilderForTests (org.simbasecurity.dwclient.test.stub.simba.ActionDescriptorBuilderForTests)4 Before (org.junit.Before)3 SimbaCredentialsBuilderForTests (org.simbasecurity.dwclient.dropwizard.credentials.SimbaCredentialsBuilderForTests)3