Examples with Configuration io.apiman.test.policies.Configuration used on opensource projects

Example 6 with Configuration

use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldFailWhenTokenInvalid.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void shouldFailWhenTokenInvalid() throws Throwable {
    PolicyFailure failure = null;
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer <Obviously invalid token>");
    try {
        send(request);
    } catch (PolicyFailureError pfe) {
        failure = pfe.getFailure();
    }
    Assert.assertNotNull(failure);
    Assert.assertEquals(401, failure.getResponseCode());
    Assert.assertEquals(12007, failure.getFailureCode());
    Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}

Example 7 with Configuration

use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldFailWithMissingClaim.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"will_not_match\" }]\n" + "}")
public void shouldFailWithMissingClaim() throws Throwable {
    PolicyFailure failure = null;
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer " + Jwts.builder().claim("x", "x").compact());
    try {
        send(request);
    } catch (PolicyFailureError pfe) {
        failure = pfe.getFailure();
    }
    Assert.assertNotNull(failure);
    Assert.assertEquals(401, failure.getResponseCode());
    Assert.assertEquals(12009, failure.getFailureCode());
    Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}

Example 8 with Configuration

use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.

the class LogHeadersPolicyTest method testLogHeadersWithoutAnyRequestHeaders.

/**
 * A simple happy flow test to verify the policy does not blow up in our face.
 */
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersWithoutAnyRequestHeaders() throws PolicyFailureError, Throwable {
    PrintStream out = System.out;
    ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
    System.setOut(new PrintStream(testOutput));
    try {
        PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
        Assert.assertEquals(200, response.code());
        String output = testOutput.toString("UTF-8");
        output = redactDates(output);
        output = normalize(output);
        String expected = "INFO: Logging 0 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 167\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
        Assert.assertEquals(expected, output);
    } finally {
        System.setOut(out);
    }
}

Example 9 with Configuration

use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.

the class HttpSecurityPolicyTest method test.

@Test
@Configuration("{\n" + "\"hsts\":\n" + "{ \"enabled\" : false, \"includeSubdomains\" : true, \"maxAge\" : 13, \"preload\" : true }\n" + ",\n" + "\"contentSecurityPolicy\":\n" + "{ \"mode\" : \"ENABLED\", \"csp\" : \"script-src 'self' https://apiman.io\" }\n" + ",\n" + "\"frameOptions\" : \"DENY\",\n" + "\"xssProtection\" : \"ON\",\n" + "\"contentTypeOptions\" : true\n" + "}")
public void test() throws Throwable {
    PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
    Set<Entry<String, String>> expected = expected(ent("Content-Security-Policy", "script-src 'self' https://apiman.io"), ent("X-Content-Type-Options", "nosniff"), ent("X-XSS-Protection", "1"), ent("X-Frame-Options", "DENY"));
    Set<Entry<String, String>> actual = toSet(response.headers().getEntries());
    Assert.assertTrue(actual.containsAll(expected));
}

Example 10 with Configuration

use of io.apiman.test.policies.Configuration in project apiman-plugins by apiman.

the class TestPolicyTest method testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest.

/**
 * Test method for {@link io.apiman.plugins.test_policy.TestPolicy#apply(io.apiman.gateway.engine.beans.ApiRequest, io.apiman.gateway.engine.policy.IPolicyContext, java.lang.Object, io.apiman.gateway.engine.policy.IPolicyChain)}.
 */
@Test
@Configuration("{}")
public void testApplyApiRequestIPolicyContextObjectIPolicyChainOfApiRequest() throws Throwable {
    PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
    Assert.assertEquals(200, response.code());
    EchoResponse entity = response.entity(EchoResponse.class);
    Assert.assertEquals("true", entity.getHeaders().get("Test-Policy"));
}