Search in sources :

Example 1 with PolicyTestRequest

use of io.apiman.test.policies.PolicyTestRequest in project apiman-plugins by apiman.

the class JWTPolicyTest method signedValidTokenStripAuth.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": true,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 2 with PolicyTestRequest

use of io.apiman.test.policies.PolicyTestRequest in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldFailWithNoTls.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"will_not_match\" }]\n" + "}")
public void shouldFailWithNoTls() throws Throwable {
    PolicyFailure failure = null;
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer " + Jwts.builder().claim("x", "x").compact());
    try {
        send(request);
    } catch (PolicyFailureError pfe) {
        failure = pfe.getFailure();
    }
    Assert.assertNotNull(failure);
    Assert.assertEquals(401, failure.getResponseCode());
    Assert.assertEquals(12009, failure.getFailureCode());
    Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 3 with PolicyTestRequest

use of io.apiman.test.policies.PolicyTestRequest in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldFailWithUnexpectedClaimValue.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"will_not_match\" }]\n" + "}")
public void shouldFailWithUnexpectedClaimValue() throws Throwable {
    PolicyFailure failure = null;
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header("Authorization", "Bearer " + unsignedToken());
    try {
        send(request);
    } catch (PolicyFailureError pfe) {
        failure = pfe.getFailure();
    }
    Assert.assertNotNull(failure);
    Assert.assertEquals(401, failure.getResponseCode());
    Assert.assertEquals(12009, failure.getFailureCode());
    Assert.assertEquals(PolicyFailureType.Authentication, failure.getType());
}
Also used : PolicyFailure(io.apiman.gateway.engine.beans.PolicyFailure) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyFailureError(io.apiman.test.policies.PolicyFailureError) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 4 with PolicyTestRequest

use of io.apiman.test.policies.PolicyTestRequest in project apiman-plugins by apiman.

the class JWTPolicyTest method unsignedValidTokenHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 5 with PolicyTestRequest

use of io.apiman.test.policies.PolicyTestRequest in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + "  \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
    String token = unsignedToken();
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Aggregations

ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)40 Configuration (io.apiman.test.policies.Configuration)40 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)40 Test (org.junit.Test)40 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)29 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)21 PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)19 EchoResponse (io.apiman.test.common.mock.EchoResponse)18 BackEndApi (io.apiman.test.policies.BackEndApi)12 ConsumeJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeJsonBackEndApi)8 ConsumeXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeXmlBackEndApi)8 ProduceComplexJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceComplexJsonBackEndApi)8 ProduceJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceJsonBackEndApi)8 ProduceXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceXmlBackEndApi)8 HashSet (java.util.HashSet)8 IPolicyTestBackEndApi (io.apiman.test.policies.IPolicyTestBackEndApi)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)1