Search in sources :

Example 21 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.

the class TimeRestrictedAccessPolicyTest method testApply.

// @Test
public void testApply() throws Exception {
    TimeRestrictedAccessPolicy policy = new TimeRestrictedAccessPolicy();
    ApiRequest request = new ApiRequest();
    request.setApiKey("12345");
    request.setRemoteAddr("1.2.3.4");
    request.setDestination(path);
    IPolicyContext context = Mockito.mock(IPolicyContext.class);
    IPolicyChain<ApiRequest> chain = Mockito.mock(IPolicyChain.class);
    final PolicyFailure failure = createFailurePolicyObject(context);
    TimeRestrictedAccess rule = new TimeRestrictedAccess();
    ArrayList<TimeRestrictedAccess> elements = new ArrayList<>(2);
    TimeRestrictedAccessConfig configObj = new TimeRestrictedAccessConfig();
    elements.add(rule);
    configObj.setRules(elements);
    int dayOfWeek = new DateTime().getDayOfWeek();
    rule.setDayEnd(7);
    rule.setDayStart(dayOfWeek);
    rule.setTimeEnd(new DateTime().plusHours(2).toDate());
    rule.setTimeStart(new DateTime().minusHours(2).toDate());
    rule.setPathPattern("PathNotListed");
    configObj.setRules(elements);
    Object config = updateConfig(policy, configObj);
    // Successful requests
    policy.apply(request, context, config, chain);
    rule.setPathPattern(path);
    config = updateConfig(policy, configObj);
    policy.apply(request, context, config, chain);
    Mockito.verify(chain, Mockito.times(2)).doApply(request);
    Mockito.verify(chain, Mockito.never()).doFailure(Mockito.<PolicyFailure>any());
    chain = Mockito.mock(IPolicyChain.class);
    // Failed requests
    rule.setDayEnd(dayOfWeek + 1);
    rule.setDayStart(dayOfWeek - 1);
    rule.setPathPattern(path);
    rule.setTimeEnd(new DateTime().plusHours(1).toDate());
    rule.setTimeStart(new Date());
    request.setDestination(path);
    config = updateConfig(policy, configObj);
    policy.apply(request, context, config, chain);
    rule.setDayEnd(1);
    rule.setDayStart(7);
    rule.setTimeEnd(new DateTime().plusHours(2).toDate());
    rule.setTimeStart(new DateTime().plusHours(1).toDate());
    config = updateConfig(policy, configObj);
    policy.apply(request, context, config, chain);
    Mockito.verify(chain, Mockito.times(2)).doFailure(failure);
}
Also used : TimeRestrictedAccess(io.apiman.gateway.engine.policies.config.TimeRestrictedAccess) ArrayList(java.util.ArrayList) ApiRequest(io.apiman.gateway.engine.beans.ApiRequest) TimeRestrictedAccessConfig(io.apiman.gateway.engine.policies.config.TimeRestrictedAccessConfig) DateTime(org.joda.time.DateTime) Date(java.util.Date) IPolicyChain(io.apiman.gateway.engine.policy.IPolicyChain) IPolicyContext(io.apiman.gateway.engine.policy.IPolicyContext) PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure)

Example 22 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.

the class AuthorizationPolicy method doApply.

/**
 * @see io.apiman.gateway.engine.policies.AbstractMappedPolicy#doApply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)
 */
@Override
protected void doApply(ApiRequest request, IPolicyContext context, AuthorizationConfig config, IPolicyChain<ApiRequest> chain) {
    Set<String> userRoles = context.getAttribute(AUTHENTICATED_USER_ROLES, (HashSet<String>) null);
    String verb = request.getType();
    String resource = request.getDestination();
    // If no roles are set in the context - then fail with a configuration error
    if (userRoles == null) {
        // $NON-NLS-1$
        String msg = Messages.i18n.format("AuthorizationPolicy.MissingRoles");
        PolicyFailure failure = context.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Other, PolicyFailureCodes.CONFIGURATION_ERROR, msg);
        chain.doFailure(failure);
        return;
    }
    if (isAuthorized(config, verb, resource, userRoles)) {
        chain.doApply(request);
    } else {
        // $NON-NLS-1$
        String msg = Messages.i18n.format("AuthorizationPolicy.Unauthorized");
        PolicyFailure failure = context.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Authorization, PolicyFailureCodes.USER_NOT_AUTHORIZED, msg);
        chain.doFailure(failure);
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) IPolicyFailureFactoryComponent(io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent)

Example 23 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.

the class IPWhitelistPolicy method doApply.

@Override
protected void doApply(ApiRequest request, IPolicyContext context, IPListConfig config, IPolicyChain<ApiRequest> chain) {
    String remoteAddr = getRemoteAddr(request, config);
    if (isMatch(config, remoteAddr)) {
        super.doApply(request, context, config, chain);
    } else {
        IPolicyFailureFactoryComponent ffactory = context.getComponent(IPolicyFailureFactoryComponent.class);
        // $NON-NLS-1$
        String msg = Messages.i18n.format("IPWhitelistPolicy.NotWhitelisted", remoteAddr);
        PolicyFailure failure = ffactory.createFailure(PolicyFailureType.Other, PolicyFailureCodes.IP_NOT_WHITELISTED, msg);
        failure.setResponseCode(config.getResponseCode());
        if (config.getResponseCode() == 404) {
            failure.setType(PolicyFailureType.NotFound);
        } else if (config.getResponseCode() == 403) {
            failure.setType(PolicyFailureType.Authorization);
        } else if (config.getResponseCode() == 0) {
            failure.setResponseCode(500);
        }
        chain.doFailure(failure);
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) IPolicyFailureFactoryComponent(io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent)

Example 24 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.

the class IgnoredResourcesPolicy method doApply.

@Override
protected void doApply(ApiRequest request, IPolicyContext context, IgnoredResourcesConfig config, IPolicyChain<ApiRequest> chain) {
    if (!satisfiesAnyPath(config, request.getDestination(), request.getType())) {
        super.doApply(request, context, config, chain);
    } else {
        IPolicyFailureFactoryComponent ffactory = context.getComponent(IPolicyFailureFactoryComponent.class);
        String msg = // $NON-NLS-1$
        Messages.i18n.format(// $NON-NLS-1$
        "IgnoredResourcesPolicy.PathIgnored", request.getDestination());
        PolicyFailure failure = ffactory.createFailure(PolicyFailureType.NotFound, PolicyFailureCodes.PATHS_TO_IGNORE, msg);
        chain.doFailure(failure);
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) IPolicyFailureFactoryComponent(io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent)

Example 25 with PolicyFailure

use of io.apiman.gateway.engine.beans.PolicyFailure in project apiman by apiman.

the class TransferQuotaPolicyTest method testDownloadLimitNoHeaderConfig.

@Test
@Configuration("{" + "  \"limit\" : 1000," + "  \"direction\" : \"download\"," + "  \"granularity\" : \"Api\"," + "  \"period\" : \"Minute\"" + "}")
@BackEndApi(DownloadTestBackEndApi.class)
public void testDownloadLimitNoHeaderConfig() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource");
    request.header("X-Payload-Size", "389");
    PolicyTestResponse response = send(request);
    Assert.assertNotNull(response.body());
    Assert.assertEquals("1000", response.header("X-TransferQuota-Remaining"));
    Assert.assertEquals("1000", response.header("X-TransferQuota-Limit"));
    send(request);
    send(request);
    // Now if we try it one more time, we'll get a failure!
    try {
        send(request);
        Assert.fail("Expected a policy failure!");
    } catch (PolicyFailureError e) {
        PolicyFailure failure = e.getFailure();
        Assert.assertEquals(PolicyFailureCodes.BYTE_QUOTA_EXCEEDED, failure.getFailureCode());
        Assert.assertEquals("Transfer quota exceeded.", failure.getMessage());
        Assert.assertEquals(429, failure.getResponseCode());
    }
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) IPolicyTestBackEndApi(io.apiman.test.policies.IPolicyTestBackEndApi) BackEndApi(io.apiman.test.policies.BackEndApi) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Aggregations

PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)54 Test (org.junit.Test)26 IPolicyFailureFactoryComponent (io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent)19 ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)19 Configuration (io.apiman.test.policies.Configuration)19 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)19 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)19 ApiRequest (io.apiman.gateway.engine.beans.ApiRequest)11 IPolicyContext (io.apiman.gateway.engine.policy.IPolicyContext)11 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)11 PolicyFailureType (io.apiman.gateway.engine.beans.PolicyFailureType)9 IPolicyChain (io.apiman.gateway.engine.policy.IPolicyChain)8 EchoResponse (io.apiman.test.common.mock.EchoResponse)7 HashSet (java.util.HashSet)6 BackEndApi (io.apiman.test.policies.BackEndApi)4 IPolicyTestBackEndApi (io.apiman.test.policies.IPolicyTestBackEndApi)4 IRateLimiterComponent (io.apiman.gateway.engine.components.IRateLimiterComponent)2 RateLimitResponse (io.apiman.gateway.engine.components.rate.RateLimitResponse)2 BasicAuthenticationConfig (io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig)2 IPListConfig (io.apiman.gateway.engine.policies.config.IPListConfig)2