use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.
the class PolicyFailureFactory method createAuthorizationPolicyFailure.
private PolicyFailure createAuthorizationPolicyFailure(IPolicyContext context, int failureCode, String message) {
PolicyFailure pf = getFailureFactory(context).createFailure(PolicyFailureType.Authorization, failureCode, message);
pf.setResponseCode(HTTP_UNAUTHORIZED);
return pf;
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.
the class SoapAuthorizationPolicyTest method testAction.
@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"pass\"," + " \"rules\" : [\r\n" + " { \"action\" : \"reportIncident\", \"role\" : \"the-role\" }\r\n" + " ]\r\n" + "}")
public void testAction() throws Throwable {
HashSet<String> userRoles = new HashSet<>();
userRoles.add("other-role");
// Should Succeed
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
request.header("SOAPAction", "closeIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
// Should Fail
request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
try {
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
send(request);
Assert.fail("Expected a failure response!");
} catch (PolicyFailureError failure) {
PolicyFailure policyFailure = failure.getFailure();
Assert.assertNotNull(policyFailure);
Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
}
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.
the class SoapAuthorizationPolicyTest method testMultiple.
@Test
@Configuration("{\r\n" + " \"rules\" : [\r\n" + " { \"action\" : \"reportIncident\", \"role\" : \"user\" },\r\n" + " { \"action\" : \"resolveIncident\", \"role\" : \"admin\" }\r\n" + " ]\r\n" + "}")
public void testMultiple() throws Throwable {
HashSet<String> userRoles = new HashSet<>();
userRoles.add("user");
// Should Succeed
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/path/to/user/resource");
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
// Should Fail
request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/admin/path/to/admin/resource");
try {
request.header("SOAPAction", "resolveIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
send(request);
Assert.fail("Expected a failure response!");
} catch (PolicyFailureError failure) {
PolicyFailure policyFailure = failure.getFailure();
Assert.assertNotNull(policyFailure);
Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
}
//
userRoles.add("admin");
// Should Succeed
request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/path/to/user/resource");
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
response = send(request);
echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
// Should Succeed
request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/admin/path/to/admin/resource");
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
response = send(request);
echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.
the class SoapAuthorizationPolicyTest method testNoneMatchedFail.
@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"fail\"," + " \"rules\" : [\r\n" + " { \"action\" : \"reportIncident\", \"role\" : \"user\" },\r\n" + " { \"action\" : \"reportIncident\", \"role\" : \"admin\" }\r\n" + " ]\r\n" + "}")
public void testNoneMatchedFail() throws Throwable {
HashSet<String> userRoles = new HashSet<>();
// Should Fail
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/other/resource");
try {
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
send(request);
Assert.fail("Expected a failure response!");
} catch (PolicyFailureError failure) {
PolicyFailure policyFailure = failure.getFailure();
Assert.assertNotNull(policyFailure);
Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
}
// Should Fail
request = PolicyTestRequest.build(PolicyTestRequestType.POST, "/admin/resource");
try {
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
send(request);
Assert.fail("Expected a failure response!");
} catch (PolicyFailureError failure) {
PolicyFailure policyFailure = failure.getFailure();
Assert.assertNotNull(policyFailure);
}
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman-plugins by apiman.
the class UrlWhitelistPolicy method doApply.
/**
* @see io.apiman.gateway.engine.policies.AbstractMappedPolicy#doApply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)
*/
@Override
protected void doApply(ApiRequest request, IPolicyContext context, UrlWhitelistBean config, IPolicyChain<ApiRequest> chain) {
// normalise, for safety
final String normalisedPath;
try {
normalisedPath = getNormalisedPath(config, request);
} catch (Exception e) {
// $NON-NLS-1$
chain.throwError(new RuntimeException(MESSAGES.format("Error.NormalisingPath", request.getUrl()), e));
return;
}
final boolean requestPermitted;
try {
requestPermitted = isRequestPermitted(config, normalisedPath, request.getType());
} catch (Exception e) {
chain.throwError(new RuntimeException(MESSAGES.format("Error.CheckingRequest", request.getType(), normalisedPath), // $NON-NLS-1$
e));
return;
}
if (requestPermitted) {
chain.doApply(request);
} else {
chain.doFailure(new PolicyFailure(PolicyFailureType.Authorization, HttpURLConnection.HTTP_FORBIDDEN, // $NON-NLS-1$
MESSAGES.format("Failure.UrlNotPermitted", normalisedPath)));
}
}
Aggregations