Search in sources :

Example 1 with PolicyTestResponse

use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method signedValidTokenStripAuth.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": true,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 2 with PolicyTestResponse

use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method unsignedValidTokenHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 3 with PolicyTestResponse

use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.

the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.

@Test
@Configuration("{\n" + "  \"requireJWT\": true,\n" + "  \"requireSigned\": false,\n" + "  \"requireTransportSecurity\": true,\n" + "  \"stripTokens\": true,\n" + "  \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + "  \"allowedClockSkew\": 0,\n" + "  \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + "  \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
    String token = unsignedToken();
    PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
    PolicyTestResponse response = send(request);
    EchoResponse echo = response.entity(EchoResponse.class);
    Assert.assertNotNull(echo);
    Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
Also used : EchoResponse(io.apiman.test.common.mock.EchoResponse) PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 4 with PolicyTestResponse

use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.

the class LogHeadersPolicyTest method testLogHeadersWithoutAnyRequestHeaders.

/**
 * A simple happy flow test to verify the policy does not blow up in our face.
 */
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersWithoutAnyRequestHeaders() throws PolicyFailureError, Throwable {
    PrintStream out = System.out;
    ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
    System.setOut(new PrintStream(testOutput));
    try {
        PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
        Assert.assertEquals(200, response.code());
        String output = testOutput.toString("UTF-8");
        output = redactDates(output);
        output = normalize(output);
        String expected = "INFO: Logging 0 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 167\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
        Assert.assertEquals(expected, output);
    } finally {
        System.setOut(out);
    }
}
Also used : PrintStream(java.io.PrintStream) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Example 5 with PolicyTestResponse

use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.

the class HttpSecurityPolicyTest method test.

@Test
@Configuration("{\n" + "\"hsts\":\n" + "{ \"enabled\" : false, \"includeSubdomains\" : true, \"maxAge\" : 13, \"preload\" : true }\n" + ",\n" + "\"contentSecurityPolicy\":\n" + "{ \"mode\" : \"ENABLED\", \"csp\" : \"script-src 'self' https://apiman.io\" }\n" + ",\n" + "\"frameOptions\" : \"DENY\",\n" + "\"xssProtection\" : \"ON\",\n" + "\"contentTypeOptions\" : true\n" + "}")
public void test() throws Throwable {
    PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
    Set<Entry<String, String>> expected = expected(ent("Content-Security-Policy", "script-src 'self' https://apiman.io"), ent("X-Content-Type-Options", "nosniff"), ent("X-XSS-Protection", "1"), ent("X-Frame-Options", "DENY"));
    Set<Entry<String, String>> actual = toSet(response.headers().getEntries());
    Assert.assertTrue(actual.containsAll(expected));
}
Also used : Entry(java.util.Map.Entry) PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse) Configuration(io.apiman.test.policies.Configuration) ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest) Test(org.junit.Test)

Aggregations

ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)39 Configuration (io.apiman.test.policies.Configuration)39 PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)39 Test (org.junit.Test)39 PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)29 EchoResponse (io.apiman.test.common.mock.EchoResponse)23 PolicyFailureError (io.apiman.test.policies.PolicyFailureError)15 BackEndApi (io.apiman.test.policies.BackEndApi)13 PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)11 IPolicyTestBackEndApi (io.apiman.test.policies.IPolicyTestBackEndApi)7 ConsumeJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeJsonBackEndApi)6 ConsumeXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeXmlBackEndApi)6 ProduceComplexJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceComplexJsonBackEndApi)6 ProduceJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceJsonBackEndApi)6 ProduceXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceXmlBackEndApi)6 HashSet (java.util.HashSet)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 PrintStream (java.io.PrintStream)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 RSAPublicKey (java.security.interfaces.RSAPublicKey)1