use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class ControllerAuthorizationFilterTest method createRequest.
private static DiscFilterRequest createRequest(Method method, String path, AthenzIdentity identity) {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getMethod()).thenReturn(method.name());
when(request.getRequestURI()).thenReturn(path);
when(request.getUserPrincipal()).thenReturn(new AthenzPrincipal(identity));
return request;
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method valid_ntoken_is_accepted.
@Test
public void valid_ntoken_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principal = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenReturn(principal);
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, new ResponseHandlerMock());
verify(request).setUserPrincipal(principal);
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method invalid_token_is_unauthorized.
@Test
public void invalid_token_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
String errorMessage = "Invalid token";
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, errorMessage);
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method missing_token_and_certificate_is_unauthorized.
@Test
public void missing_token_and_certificate_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
when(request.getClientCertificateChain()).thenReturn(emptyList());
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, "Unable to authenticate Athenz identity");
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method both_ntoken_and_certificate_is_accepted.
@Test
public void both_ntoken_and_certificate_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principalWithToken = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
when(validator.validate(NTOKEN)).thenReturn(principalWithToken);
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
verify(request).setUserPrincipal(principalWithToken);
}
Aggregations