Search in sources :

Example 6 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.

the class PolicyFailureFactory method createAuthorizationPolicyFailure.

private PolicyFailure createAuthorizationPolicyFailure(IPolicyContext context, int failureCode, String message) {
    PolicyFailure pf = getFailureFactory(context).createFailure(PolicyFailureType.Authorization, failureCode, message);
    pf.setResponseCode(HTTP_UNAUTHORIZED);
    return pf;
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure)

Example 7 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.

the class SoapAuthorizationPolicyTest method testAction.

@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"pass\"," + "  \"rules\" : [\r\n" + "    { \"action\" : \"reportIncident\", \"role\" : \"the-role\" }\r\n" + "  ]\r\n" + "}")
public void testAction() throws Throwable {
    HashSet<String> userRoles = new HashSet<>();
    userRoles.add("other-role");
    // Should Succeed
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
    request.header("SOAPAction", "closeIncident");
    request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Should Fail
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
    try {
        request.header("SOAPAction", "reportIncident");
        request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
        send(request);
        Assert.fail("Expected a failure response!");
    } catch (PolicyFailureError failure) {
        PolicyFailure policyFailure = failure.getFailure();
        Assert.assertNotNull(policyFailure);
        Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
    }
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) HashSet(java.util.HashSet) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 8 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.

the class SoapAuthorizationPolicyTest method testMultiple.

@Test
@Configuration("{\r\n" + "  \"rules\" : [\r\n" + "    { \"action\" : \"reportIncident\", \"role\" : \"user\" },\r\n" + "    { \"action\" : \"resolveIncident\", \"role\" : \"admin\" }\r\n" + "  ]\r\n" + "}")
public void testMultiple() throws Throwable {
    HashSet<String> userRoles = new HashSet<>();
    userRoles.add("user");
    // Should Succeed
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/path/to/user/resource");
    request.header("SOAPAction", "reportIncident");
    request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Should Fail
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/admin/path/to/admin/resource");
    try {
        request.header("SOAPAction", "resolveIncident");
        request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
        send(request);
        Assert.fail("Expected a failure response!");
    } catch (PolicyFailureError failure) {
        PolicyFailure policyFailure = failure.getFailure();
        Assert.assertNotNull(policyFailure);
        Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
    }
    // 
    userRoles.add("admin");
    // Should Succeed
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/path/to/user/resource");
    request.header("SOAPAction", "reportIncident");
    request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
    response = send(request);
    echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Should Succeed
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/admin/path/to/admin/resource");
    request.header("SOAPAction", "reportIncident");
    request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
    response = send(request);
    echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) HashSet(java.util.HashSet) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 9 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.

the class SoapAuthorizationPolicyTest method testNoneMatchedFail.

@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"fail\"," + "  \"rules\" : [\r\n" + "    { \"action\" : \"reportIncident\", \"role\" : \"user\" },\r\n" + "    { \"action\" : \"reportIncident\", \"role\" : \"admin\" }\r\n" + "  ]\r\n" + "}")
public void testNoneMatchedFail() throws Throwable {
    HashSet<String> userRoles = new HashSet<>();
    // Should Fail
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/other/resource");
    try {
        request.header("SOAPAction", "reportIncident");
        request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
        send(request);
        Assert.fail("Expected a failure response!");
    } catch (PolicyFailureError failure) {
        PolicyFailure policyFailure = failure.getFailure();
        Assert.assertNotNull(policyFailure);
        Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
    }
    // Should Fail
    request = PolicyTestRequest.build(PolicyTestRequestType.POST, "/admin/resource");
    try {
        request.header("SOAPAction", "reportIncident");
        request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
        send(request);
        Assert.fail("Expected a failure response!");
    } catch (PolicyFailureError failure) {
        PolicyFailure policyFailure = failure.getFailure();
        Assert.assertNotNull(policyFailure);
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) HashSet(java.util.HashSet) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 10 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.

the class UrlWhitelistPolicy method doApply.

/**
 * @see io.apiman.gateway.engine.policies.AbstractMappedPolicy#doApply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)
 */
@Override
protected void doApply(ApiRequest request, IPolicyContext context, UrlWhitelistBean config, IPolicyChain<ApiRequest> chain) {
    // normalise, for safety
    final String normalisedPath;
    try {
        normalisedPath = getNormalisedPath(config, request);
    } catch (Exception e) {
        // $NON-NLS-1$
        chain.throwError(new RuntimeException(MESSAGES.format("Error.NormalisingPath", request.getUrl()), e));
        return;
    }
    final boolean requestPermitted;
    try {
        requestPermitted = isRequestPermitted(config, normalisedPath, request.getType());
    } catch (Exception e) {
        chain.throwError(new RuntimeException(MESSAGES.format("Error.CheckingRequest", request.getType(), normalisedPath), // $NON-NLS-1$
        e));
        return;
    }
    if (requestPermitted) {
        chain.doApply(request);
    } else {
        chain.doFailure(new PolicyFailure(PolicyFailureType.Authorization, HttpURLConnection.HTTP_FORBIDDEN, // $NON-NLS-1$
        MESSAGES.format("Failure.UrlNotPermitted", normalisedPath)));
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) URISyntaxException(java.net.URISyntaxException) ConfigurationParseException(io.apiman.gateway.engine.beans.exceptions.ConfigurationParseException)

Aggregations

PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)54 Test (org.junit.Test)26 IPolicyFailureFactoryComponent (io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent)19 ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)19 Configuration (io.apiman.test.policies.Configuration)19 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)19 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)19 ApiRequest (io.apiman.gateway.engine.beans.ApiRequest)11 IPolicyContext (io.apiman.gateway.engine.policy.IPolicyContext)11 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)11 PolicyFailureType (io.apiman.gateway.engine.beans.PolicyFailureType)9 IPolicyChain (io.apiman.gateway.engine.policy.IPolicyChain)8 EchoResponse (io.apiman.test.common.mock.EchoResponse)7 HashSet (java.util.HashSet)6 BackEndApi (io.apiman.test.policies.BackEndApi)4 IPolicyTestBackEndApi (io.apiman.test.policies.IPolicyTestBackEndApi)4 IRateLimiterComponent (io.apiman.gateway.engine.components.IRateLimiterComponent)2 RateLimitResponse (io.apiman.gateway.engine.components.rate.RateLimitResponse)2 BasicAuthenticationConfig (io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig)2 IPListConfig (io.apiman.gateway.engine.policies.config.IPListConfig)2