use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method signedValidTokenStripAuth.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": true,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method unsignedValidTokenHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
}
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + " \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
String token = unsignedToken();
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class LogHeadersPolicyTest method testLogHeadersWithoutAnyRequestHeaders.
/**
* A simple happy flow test to verify the policy does not blow up in our face.
*/
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersWithoutAnyRequestHeaders() throws PolicyFailureError, Throwable {
PrintStream out = System.out;
ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
System.setOut(new PrintStream(testOutput));
try {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Assert.assertEquals(200, response.code());
String output = testOutput.toString("UTF-8");
output = redactDates(output);
output = normalize(output);
String expected = "INFO: Logging 0 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 167\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
Assert.assertEquals(expected, output);
} finally {
System.setOut(out);
}
}
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class HttpSecurityPolicyTest method test.
@Test
@Configuration("{\n" + "\"hsts\":\n" + "{ \"enabled\" : false, \"includeSubdomains\" : true, \"maxAge\" : 13, \"preload\" : true }\n" + ",\n" + "\"contentSecurityPolicy\":\n" + "{ \"mode\" : \"ENABLED\", \"csp\" : \"script-src 'self' https://apiman.io\" }\n" + ",\n" + "\"frameOptions\" : \"DENY\",\n" + "\"xssProtection\" : \"ON\",\n" + "\"contentTypeOptions\" : true\n" + "}")
public void test() throws Throwable {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Set<Entry<String, String>> expected = expected(ent("Content-Security-Policy", "script-src 'self' https://apiman.io"), ent("X-Content-Type-Options", "nosniff"), ent("X-XSS-Protection", "1"), ent("X-Frame-Options", "DENY"));
Set<Entry<String, String>> actual = toSet(response.headers().getEntries());
Assert.assertTrue(actual.containsAll(expected));
}
Aggregations