Example 1 with PolicyTestResponse
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method signedValidTokenStripAuth.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": true,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void signedValidTokenStripAuth() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + signedToken(PRIVATE_KEY_PEM));
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertNull(echo.getHeaders().get(AUTHORIZATION));
}
Also used :
EchoResponse(io.apiman.test.common.mock.EchoResponse)
PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest)
PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse)
Configuration(io.apiman.test.policies.Configuration)
ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest)
Test(org.junit.Test)
Example 2 with PolicyTestResponse
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method unsignedValidTokenHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }]\n" + "}")
public void unsignedValidTokenHeader() throws Throwable {
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + unsignedToken());
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
}
Also used :
EchoResponse(io.apiman.test.common.mock.EchoResponse)
PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest)
PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse)
Configuration(io.apiman.test.policies.Configuration)
ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest)
Test(org.junit.Test)
Example 3 with PolicyTestResponse
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class JWTPolicyTest method shouldForwardAccessTokenAsHeader.
@Test
@Configuration("{\n" + " \"requireJWT\": true,\n" + " \"requireSigned\": false,\n" + " \"requireTransportSecurity\": true,\n" + " \"stripTokens\": true,\n" + " \"signingKeyString\": \"" + PUBLIC_KEY_PEM + "\",\n" + " \"allowedClockSkew\": 0,\n" + " \"requiredClaims\": [{ \"claimName\": \"sub\", \"claimValue\": \"france frichot\" }],\n" + " \"forwardAuthInfo\": [{ \"header\": \"X-Foo\", \"field\": \"access_token\" }]\n" + "}")
public void shouldForwardAccessTokenAsHeader() throws Throwable {
String token = unsignedToken();
PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, "/amirante").header(AUTHORIZATION, "Bearer " + token);
PolicyTestResponse response = send(request);
EchoResponse echo = response.entity(EchoResponse.class);
Assert.assertNotNull(echo);
Assert.assertEquals(token, echo.getHeaders().get("X-Foo"));
}
Also used :
EchoResponse(io.apiman.test.common.mock.EchoResponse)
PolicyTestRequest(io.apiman.test.policies.PolicyTestRequest)
PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse)
Configuration(io.apiman.test.policies.Configuration)
ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest)
Test(org.junit.Test)
Example 4 with PolicyTestResponse
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class LogHeadersPolicyTest method testLogHeadersWithoutAnyRequestHeaders.
/**
* A simple happy flow test to verify the policy does not blow up in our face.
*/
@Test
@Configuration("{ \"direction\" : \"both\", \"logStatusCode\" : true }")
public void testLogHeadersWithoutAnyRequestHeaders() throws PolicyFailureError, Throwable {
PrintStream out = System.out;
ByteArrayOutputStream testOutput = new ByteArrayOutputStream();
System.setOut(new PrintStream(testOutput));
try {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Assert.assertEquals(200, response.code());
String output = testOutput.toString("UTF-8");
output = redactDates(output);
output = normalize(output);
String expected = "INFO: Logging 0 HTTP Request headers for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Status code 200 for io.apiman.test.policies.EchoBackEndApi\n" + "INFO: Logging 4 HTTP Response headers for io.apiman.test.policies.EchoBackEndApi\n" + "Key : Content-Length, Value : 167\n" + "Key : Content-Type, Value : application/json\n" + "Key : Date, Value : XXX\n" + "Key : Server, Value : apiman.policy-test\n" + "";
Assert.assertEquals(expected, output);
} finally {
System.setOut(out);
}
}
Also used :
PrintStream(java.io.PrintStream)
PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Configuration(io.apiman.test.policies.Configuration)
ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest)
Test(org.junit.Test)
Example 5 with PolicyTestResponse
use of io.apiman.test.policies.PolicyTestResponse in project apiman-plugins by apiman.
the class HttpSecurityPolicyTest method test.
@Test
@Configuration("{\n" + "\"hsts\":\n" + "{ \"enabled\" : false, \"includeSubdomains\" : true, \"maxAge\" : 13, \"preload\" : true }\n" + ",\n" + "\"contentSecurityPolicy\":\n" + "{ \"mode\" : \"ENABLED\", \"csp\" : \"script-src 'self' https://apiman.io\" }\n" + ",\n" + "\"frameOptions\" : \"DENY\",\n" + "\"xssProtection\" : \"ON\",\n" + "\"contentTypeOptions\" : true\n" + "}")
public void test() throws Throwable {
PolicyTestResponse response = send(PolicyTestRequest.build(PolicyTestRequestType.GET, "/some/resource"));
Set<Entry<String, String>> expected = expected(ent("Content-Security-Policy", "script-src 'self' https://apiman.io"), ent("X-Content-Type-Options", "nosniff"), ent("X-XSS-Protection", "1"), ent("X-Frame-Options", "DENY"));
Set<Entry<String, String>> actual = toSet(response.headers().getEntries());
Assert.assertTrue(actual.containsAll(expected));
}
Also used :
Entry(java.util.Map.Entry)
PolicyTestResponse(io.apiman.test.policies.PolicyTestResponse)
Configuration(io.apiman.test.policies.Configuration)
ApimanPolicyTest(io.apiman.test.policies.ApimanPolicyTest)
Test(org.junit.Test)
Aggregations
ApimanPolicyTest (io.apiman.test.policies.ApimanPolicyTest)39
Configuration (io.apiman.test.policies.Configuration)39
PolicyTestResponse (io.apiman.test.policies.PolicyTestResponse)39
Test (org.junit.Test)39
PolicyTestRequest (io.apiman.test.policies.PolicyTestRequest)29
EchoResponse (io.apiman.test.common.mock.EchoResponse)23
PolicyFailureError (io.apiman.test.policies.PolicyFailureError)15
BackEndApi (io.apiman.test.policies.BackEndApi)13
PolicyFailure (io.apiman.gateway.engine.beans.PolicyFailure)11
IPolicyTestBackEndApi (io.apiman.test.policies.IPolicyTestBackEndApi)7
ConsumeJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeJsonBackEndApi)6
ConsumeXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ConsumeXmlBackEndApi)6
ProduceComplexJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceComplexJsonBackEndApi)6
ProduceJsonBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceJsonBackEndApi)6
ProduceXmlBackEndApi (io.apiman.plugins.transformation_policy.backend.ProduceXmlBackEndApi)6
HashSet (java.util.HashSet)6
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
PrintStream (java.io.PrintStream)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
