use of io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig in project apiman by apiman.
the class BasicAuthJDBCTest method testApplyJdbcWithRoles.
public void testApplyJdbcWithRoles(String json) throws Exception {
// A live LDAP server is required to run this test!
BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy();
BasicAuthenticationConfig config = policy.parseConfiguration(json);
ApiRequest request = new ApiRequest();
request.setType("GET");
request.setApiKey("12345");
request.setRemoteAddr("1.2.3.4");
request.setDestination("/");
IPolicyContext context = Mockito.mock(IPolicyContext.class);
Mockito.when(context.getComponent(IJdbcComponent.class)).thenReturn(new DefaultJdbcComponent());
IPolicyChain<ApiRequest> chain = Mockito.mock(IPolicyChain.class);
// Success
request.getHeaders().put("Authorization", createBasicAuthorization(JDBC_USER, JDBC_PASSWORD));
chain = Mockito.mock(IPolicyChain.class);
policy.apply(request, context, config, chain);
Mockito.verify(chain).doApply(request);
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("admin");
expectedRoles.add("user");
Mockito.verify(context).setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, expectedRoles);
}
use of io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig in project apiman by apiman.
the class BasicAuthenticationConfigTest method testParseConfiguration.
/**
* Test method for {@link io.apiman.gateway.engine.policies.BasicAuthenticationPolicy#parseConfiguration(java.lang.String)}.
*/
@Test
public void testParseConfiguration() {
BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy();
// Basic properties
String config = "{\r\n" + " \"realm\" : \"TestRealm\",\r\n" + " \"forwardIdentityHttpHeader\" : \"X-Authenticated-Identity\",\r\n" + " \"requireTransportSecurity\" : true,\r\n" + " \"requireBasicAuth\" : true\r\n" + "}";
Object parsed = policy.parseConfiguration(config);
Assert.assertNotNull(parsed);
Assert.assertEquals(BasicAuthenticationConfig.class, parsed.getClass());
BasicAuthenticationConfig parsedConfig = (BasicAuthenticationConfig) parsed;
Assert.assertEquals("TestRealm", parsedConfig.getRealm());
Assert.assertEquals("X-Authenticated-Identity", parsedConfig.getForwardIdentityHttpHeader());
Assert.assertEquals(Boolean.TRUE, parsedConfig.isRequireTransportSecurity());
Assert.assertEquals(Boolean.TRUE, parsedConfig.getRequireBasicAuth());
// Static identities
config = "{\r\n" + " \"realm\" : \"TestRealm\",\r\n" + " \"forwardIdentityHttpHeader\" : \"X-Authenticated-Identity\",\r\n" + " \"staticIdentity\" : {\r\n" + " \"identities\" : [\r\n" + " { \"username\" : \"ckent\", \"password\" : \"ckent123!\" },\r\n" + " { \"username\" : \"bwayne\", \"password\" : \"bwayne123!\" },\r\n" + " { \"username\" : \"dprince\", \"password\" : \"dprince123!\" }\r\n" + " ]\r\n" + " }\r\n" + "}";
parsed = policy.parseConfiguration(config);
parsedConfig = (BasicAuthenticationConfig) parsed;
Assert.assertNotNull(parsedConfig.getStaticIdentity());
Assert.assertEquals(3, parsedConfig.getStaticIdentity().getIdentities().size());
Assert.assertEquals("bwayne", parsedConfig.getStaticIdentity().getIdentities().get(1).getUsername());
Assert.assertEquals("bwayne123!", parsedConfig.getStaticIdentity().getIdentities().get(1).getPassword());
// Multiple IP addresses
config = "{\r\n" + " \"realm\" : \"TestRealm\",\r\n" + " \"forwardIdentityHttpHeader\" : \"X-Authenticated-Identity\",\r\n" + " \"ldapIdentity\" : {\r\n" + " \"url\" : \"ldap://example.org:389\",\r\n" + " \"dnPattern\" : \"cn=${username},dc=overlord,dc=org\"\r\n" + " }\r\n" + "}";
parsed = policy.parseConfiguration(config);
parsedConfig = (BasicAuthenticationConfig) parsed;
Assert.assertNotNull(parsedConfig.getLdapIdentity());
Assert.assertEquals("ldap://example.org:389", parsedConfig.getLdapIdentity().getUrl());
Assert.assertEquals("cn=${username},dc=overlord,dc=org", parsedConfig.getLdapIdentity().getDnPattern());
// Multiple IP addresses
config = "{\r\n" + " \"realm\" : \"TestRealm\",\r\n" + " \"jdbcIdentity\" : {\r\n" + " \"datasourcePath\" : \"jdbc/TestAuthDS\",\r\n" + " \"query\" : \"SELECT * FROM users WHERE username = ? AND password = ?\",\r\n" + " \"hashAlgorithm\" : \"SHA1\"\r\n" + " }\r\n" + "}";
parsed = policy.parseConfiguration(config);
parsedConfig = (BasicAuthenticationConfig) parsed;
Assert.assertNotNull(parsedConfig.getJdbcIdentity());
Assert.assertEquals("jdbc/TestAuthDS", parsedConfig.getJdbcIdentity().getDatasourcePath());
Assert.assertEquals("SELECT * FROM users WHERE username = ? AND password = ?", parsedConfig.getJdbcIdentity().getQuery());
Assert.assertEquals(PasswordHashAlgorithmType.SHA1, parsedConfig.getJdbcIdentity().getHashAlgorithm());
}
use of io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig in project apiman by apiman.
the class LdapTestMixin method doTest.
// pass null if you expect success
default void doTest(String json, String username, String password, Integer expectedFailureCode, Set<String> expectedRoles, ILdapComponent ldapComponentUnderTest) {
BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy();
BasicAuthenticationConfig config = policy.parseConfiguration(json);
ApiRequest request = new ApiRequest();
request.setType("GET");
request.setApiKey("12345");
request.setRemoteAddr("1.2.3.4");
request.setDestination("/");
IPolicyContext context = Mockito.mock(IPolicyContext.class);
final PolicyFailure failure = new PolicyFailure();
Mockito.when(context.getComponent(IPolicyFailureFactoryComponent.class)).thenReturn((PolicyFailureType type, int failureCode, String message) -> {
failure.setType(type);
failure.setFailureCode(failureCode);
failure.setMessage(message);
return failure;
});
// The LDAP stuff we're testing!
Mockito.when(context.getComponent(ILdapComponent.class)).thenReturn(ldapComponentUnderTest);
IPolicyChain<ApiRequest> chain = Mockito.mock(IPolicyChain.class);
if (username != null) {
request.getHeaders().put("Authorization", createBasicAuthorization(username, password));
}
if (expectedFailureCode == null) {
policy.apply(request, context, config, chain);
Mockito.verify(chain).doApply(request);
} else {
policy.apply(request, context, config, chain);
Mockito.verify(chain).doFailure(failure);
Assert.assertEquals(expectedFailureCode.intValue(), failure.getFailureCode());
}
if (expectedRoles != null && expectedFailureCode == null) {
Mockito.verify(context).setAttribute(AuthorizationPolicy.AUTHENTICATED_USER_ROLES, expectedRoles);
}
}
use of io.apiman.gateway.engine.policies.config.BasicAuthenticationConfig in project apiman by apiman.
the class BasicAuthJDBCTest method testApplyJdbcNoRoles.
/**
* @param json
* @throws Exception
*/
public void testApplyJdbcNoRoles(String json) throws Exception {
// A live LDAP server is required to run this test!
BasicAuthenticationPolicy policy = new BasicAuthenticationPolicy();
BasicAuthenticationConfig config = policy.parseConfiguration(json);
ApiRequest request = new ApiRequest();
request.setType("GET");
request.setApiKey("12345");
request.setRemoteAddr("1.2.3.4");
request.setDestination("/");
IPolicyContext context = Mockito.mock(IPolicyContext.class);
final PolicyFailure failure = new PolicyFailure();
Mockito.when(context.getComponent(IPolicyFailureFactoryComponent.class)).thenReturn(new IPolicyFailureFactoryComponent() {
@Override
public PolicyFailure createFailure(PolicyFailureType type, int failureCode, String message) {
return failure;
}
});
Mockito.when(context.getComponent(IJdbcComponent.class)).thenReturn(new DefaultJdbcComponent());
IPolicyChain<ApiRequest> chain = Mockito.mock(IPolicyChain.class);
// Failure
policy.apply(request, context, config, chain);
Mockito.verify(chain).doFailure(failure);
// Failure
request.getHeaders().put("Authorization", createBasicAuthorization(JDBC_USER, "invalid_password"));
chain = Mockito.mock(IPolicyChain.class);
policy.apply(request, context, config, chain);
Mockito.verify(chain).doFailure(failure);
// Success
request.getHeaders().put("Authorization", createBasicAuthorization(JDBC_USER, JDBC_PASSWORD));
chain = Mockito.mock(IPolicyChain.class);
policy.apply(request, context, config, chain);
Mockito.verify(chain).doApply(request);
}
Aggregations