use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.
the class TimeRestrictedAccessPolicyTest method testApply.
// @Test
public void testApply() throws Exception {
TimeRestrictedAccessPolicy policy = new TimeRestrictedAccessPolicy();
ApiRequest request = new ApiRequest();
request.setApiKey("12345");
request.setRemoteAddr("1.2.3.4");
request.setDestination(path);
IPolicyContext context = Mockito.mock(IPolicyContext.class);
IPolicyChain<ApiRequest> chain = Mockito.mock(IPolicyChain.class);
final PolicyFailure failure = createFailurePolicyObject(context);
TimeRestrictedAccess rule = new TimeRestrictedAccess();
ArrayList<TimeRestrictedAccess> elements = new ArrayList<>(2);
TimeRestrictedAccessConfig configObj = new TimeRestrictedAccessConfig();
elements.add(rule);
configObj.setRules(elements);
int dayOfWeek = new DateTime().getDayOfWeek();
rule.setDayEnd(7);
rule.setDayStart(dayOfWeek);
rule.setTimeEnd(new DateTime().plusHours(2).toDate());
rule.setTimeStart(new DateTime().minusHours(2).toDate());
rule.setPathPattern("PathNotListed");
configObj.setRules(elements);
Object config = updateConfig(policy, configObj);
// Successful requests
policy.apply(request, context, config, chain);
rule.setPathPattern(path);
config = updateConfig(policy, configObj);
policy.apply(request, context, config, chain);
Mockito.verify(chain, Mockito.times(2)).doApply(request);
Mockito.verify(chain, Mockito.never()).doFailure(Mockito.<PolicyFailure>any());
chain = Mockito.mock(IPolicyChain.class);
// Failed requests
rule.setDayEnd(dayOfWeek + 1);
rule.setDayStart(dayOfWeek - 1);
rule.setPathPattern(path);
rule.setTimeEnd(new DateTime().plusHours(1).toDate());
rule.setTimeStart(new Date());
request.setDestination(path);
config = updateConfig(policy, configObj);
policy.apply(request, context, config, chain);
rule.setDayEnd(1);
rule.setDayStart(7);
rule.setTimeEnd(new DateTime().plusHours(2).toDate());
rule.setTimeStart(new DateTime().plusHours(1).toDate());
config = updateConfig(policy, configObj);
policy.apply(request, context, config, chain);
Mockito.verify(chain, Mockito.times(2)).doFailure(failure);
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.
the class AuthorizationPolicy method doApply.
/**
* @see io.apiman.gateway.engine.policies.AbstractMappedPolicy#doApply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)
*/
@Override
protected void doApply(ApiRequest request, IPolicyContext context, AuthorizationConfig config, IPolicyChain<ApiRequest> chain) {
Set<String> userRoles = context.getAttribute(AUTHENTICATED_USER_ROLES, (HashSet<String>) null);
String verb = request.getType();
String resource = request.getDestination();
// If no roles are set in the context - then fail with a configuration error
if (userRoles == null) {
// $NON-NLS-1$
String msg = Messages.i18n.format("AuthorizationPolicy.MissingRoles");
PolicyFailure failure = context.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Other, PolicyFailureCodes.CONFIGURATION_ERROR, msg);
chain.doFailure(failure);
return;
}
if (isAuthorized(config, verb, resource, userRoles)) {
chain.doApply(request);
} else {
// $NON-NLS-1$
String msg = Messages.i18n.format("AuthorizationPolicy.Unauthorized");
PolicyFailure failure = context.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Authorization, PolicyFailureCodes.USER_NOT_AUTHORIZED, msg);
chain.doFailure(failure);
}
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.
the class IPWhitelistPolicy method doApply.
@Override
protected void doApply(ApiRequest request, IPolicyContext context, IPListConfig config, IPolicyChain<ApiRequest> chain) {
String remoteAddr = getRemoteAddr(request, config);
if (isMatch(config, remoteAddr)) {
super.doApply(request, context, config, chain);
} else {
IPolicyFailureFactoryComponent ffactory = context.getComponent(IPolicyFailureFactoryComponent.class);
// $NON-NLS-1$
String msg = Messages.i18n.format("IPWhitelistPolicy.NotWhitelisted", remoteAddr);
PolicyFailure failure = ffactory.createFailure(PolicyFailureType.Other, PolicyFailureCodes.IP_NOT_WHITELISTED, msg);
failure.setResponseCode(config.getResponseCode());
if (config.getResponseCode() == 404) {
failure.setType(PolicyFailureType.NotFound);
} else if (config.getResponseCode() == 403) {
failure.setType(PolicyFailureType.Authorization);
} else if (config.getResponseCode() == 0) {
failure.setResponseCode(500);
}
chain.doFailure(failure);
}
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.
the class IgnoredResourcesPolicy method doApply.
@Override
protected void doApply(ApiRequest request, IPolicyContext context, IgnoredResourcesConfig config, IPolicyChain<ApiRequest> chain) {
if (!satisfiesAnyPath(config, request.getDestination(), request.getType())) {
super.doApply(request, context, config, chain);
} else {
IPolicyFailureFactoryComponent ffactory = context.getComponent(IPolicyFailureFactoryComponent.class);
String msg = // $NON-NLS-1$
Messages.i18n.format(// $NON-NLS-1$
"IgnoredResourcesPolicy.PathIgnored", request.getDestination());
PolicyFailure failure = ffactory.createFailure(PolicyFailureType.NotFound, PolicyFailureCodes.PATHS_TO_IGNORE, msg);
chain.doFailure(failure);
}
}
use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.
the class TransferQuotaPolicyTest method testDownloadLimitNoHeaderConfig.
@Test
@Configuration("{" + " \"limit\" : 1000," + " \"direction\" : \"download\"," + " \"granularity\" : \"Api\"," + " \"period\" : \"Minute\"" + "}")
@BackEndApi(DownloadTestBackEndApi.class)
public void testDownloadLimitNoHeaderConfig() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource");
request.header("X-Payload-Size", "389");
PolicyTestResponse response = send(request);
Assert.assertNotNull(response.body());
Assert.assertEquals("1000", response.header("X-TransferQuota-Remaining"));
Assert.assertEquals("1000", response.header("X-TransferQuota-Limit"));
send(request);
send(request);
// Now if we try it one more time, we'll get a failure!
try {
send(request);
Assert.fail("Expected a policy failure!");
} catch (PolicyFailureError e) {
PolicyFailure failure = e.getFailure();
Assert.assertEquals(PolicyFailureCodes.BYTE_QUOTA_EXCEEDED, failure.getFailureCode());
Assert.assertEquals("Transfer quota exceeded.", failure.getMessage());
Assert.assertEquals(429, failure.getResponseCode());
}
}
Aggregations