Search in sources :

Example 1 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method signedValidTokenStripAuth.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": true,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 2 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method unsignedValidTokenHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 3 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + "  \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
    String token = unsignedToken();
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 4 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class TestPolicyTest method testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest.

/**
 * Test method for {@link io.apiman.plugins.test_policy.TestPolicy#apply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)}.
 */
@Test
@Configuration("{}")
public void testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest() throws Throwable {
    PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
    Assert.assertEquals(200, response.code());
    EchoResponse entity = response.entity(EchoResponse.class);
    Assert.assertEquals("true", entity.getHeaders().get("Test-Policy"));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 5 with EchoResponse

use of io.apiman.test.common.mock.EchoResponse in project apiman-plugins by apiman.

the class SoapAuthorizationPolicyTest method testAction.

@Test
@Configuration("{\r\n" + " \"requestUnmatched\" : \"pass\"," + "  \"rules\" : [\r\n" + "    { \"action\" : \"reportIncident\", \"role\" : \"the-role\" }\r\n" + "  ]\r\n" + "}")
public void testAction() throws Throwable {
    HashSet<String> userRoles = new HashSet<>();
    userRoles.add("other-role");
    // Should Succeed
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
    request.header("SOAPAction", "closeIncident");
    request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    // Should Fail
    request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/auth/my-items");
    try {
        request.header("SOAPAction", "reportIncident");
        request.contextAttribute(SoapAuthorizationPolicy.AUTHENTICATED_USER_ROLES, userRoles);
        send(request);
        Assert.fail("Expected a failure response!");
    } catch (PolicyFailureError failure) {
        PolicyFailure policyFailure = failure.getFailure();
        Assert.assertNotNull(policyFailure);
        Assert.assertEquals(PolicyFailureType.Authorization, policyFailure.getType());
    }
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) HashSet(java.util.HashSet) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Aggregations

EchoResponse (io.apiman.test.common.mock.EchoResponse)25 ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)23 Configuration (io.apiman.test.policies.Configuration)23 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)23 Test (org.junit.Test)23 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)18 PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)7 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)7 HashSet (java.util.HashSet)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 PrintStream (java.io.PrintStream)3 ApiResponse (io.apiman.gateway.engine.beans.ApiResponse)1 IOException (java.io.IOException)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 Date (java.util.Date)1