use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method signedValidTokenStripAuth.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": true,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method unsignedValidTokenHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
}
use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + " \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
String token = unsignedToken();
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.
the class TestPolicyTest method testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest.
/**
* Test method for {@link io.apiman.plugins.test_policy.TestPolicy#apply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)}.
*/
@Test
@Configuration("{}")
public void testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest() throws Throwable {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Assert.assertEquals(200, response.code());
EchoResponse entity = response.entity(EchoResponse.class);
Assert.assertEquals("true", entity.getHeaders().get("Test-Policy"));
}
use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.
the class SoapAuthorizationPolicyTest method testAction.
@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"pass\"," + " \"rules\" : [\r\n" + " { \"action\" : \"reportIncident\", \"role\" : \"the-role\" }\r\n" + " ]\r\n" + "}")
public void testAction() throws Throwable {
HashSet<String> userRoles = new HashSet<>();
userRoles.add("other-role");
// Should Succeed
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
request.header("SOAPAction", "closeIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
// Should Fail
request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
try {
request.header("SOAPAction", "reportIncident");
request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
send(request);
Assert.fail("Expected a failure response!");
} catch (PolicyFailureError failure) {
PolicyFailure policyFailure = failure.getFailure();
Assert.assertNotNull(policyFailure);
Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
}
}
Aggregations