use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.
the class JWTPolicyTest method shouldFailWhenTokenInvalid.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void shouldFailWhenTokenInvalid() throws Throwable {
PolicyFailure failure = null;
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer <Obviously invalid token>");
try {
send(request);
} catch (PolicyFailureError pfe) {
failure = pfe.getFailure();
}
Assert.assertNotNull(failure);
Assert.assertEquals(401, failure.getResponseCode());
Assert.assertEquals(12007, failure.getFailureCode());
Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}
use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.
the class JWTPolicyTest method shouldFailWithMissingClaim.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"will_not_match\" }]\n" + "}")
public void shouldFailWithMissingClaim() throws Throwable {
PolicyFailure failure = null;
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer " + Jwts.builder().claim("x", "x").compact());
try {
send(request);
} catch (PolicyFailureError pfe) {
failure = pfe.getFailure();
}
Assert.assertNotNull(failure);
Assert.assertEquals(401, failure.getResponseCode());
Assert.assertEquals(12009, failure.getFailureCode());
Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}
use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.
the class LogHeadersPolicyTest method testLogHeadersWithoutAnyRequestHeaders.
/**
* A simple happy flow test to verify the policy does not blow up in our face.
*/
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersWithoutAnyRequestHeaders() throws PolicyFailureError, Throwable {
PrintStream out = System.out;
ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
System.setOut(new PrintStream(testOutput));
try {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Assert.assertEquals(200, response.code());
String output = testOutput.toString("UTF-8");
output = redactDates(output);
output = normalize(output);
String expected = "INFO: Logging 0 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 167\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
Assert.assertEquals(expected, output);
} finally {
System.setOut(out);
}
}
use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.
the class HttpSecurityPolicyTest method test.
@Test
@Configuration("{\n" + "\"hsts\":\n" + "{ \"enabled\" : false, \"includeSubdomains\" : true, \"maxAge\" : 13, \"preload\" : true }\n" + ",\n" + "\"contentSecurityPolicy\":\n" + "{ \"mode\" : \"ENABLED\", \"csp\" : \"script-src 'self' https://apiman.io\" }\n" + ",\n" + "\"frameOptions\" : \"DENY\",\n" + "\"xssProtection\" : \"ON\",\n" + "\"contentTypeOptions\" : true\n" + "}")
public void test() throws Throwable {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Set<Entry<String, String>> expected = expected(ent("Content-Security-Policy", "script-src 'self' https://apiman.io"), ent("X-Content-Type-Options", "nosniff"), ent("X-XSS-Protection", "1"), ent("X-Frame-Options", "DENY"));
Set<Entry<String, String>> actual = toSet(response.headers().getEntries());
Assert.assertTrue(actual.containsAll(expected));
}
use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.
the class TestPolicyTest method testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest.
/**
* Test method for {@link io.apiman.plugins.test_policy.TestPolicy#apply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)}.
*/
@Test
@Configuration("{}")
public void testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest() throws Throwable {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Assert.assertEquals(200, response.code());
EchoResponse entity = response.entity(EchoResponse.class);
Assert.assertEquals("true", entity.getHeaders().get("Test-Policy"));
}
Aggregations