Search in sources :

Example 1 with Session

use of oap.http.Session in project oap by oaplatform.

the class SecurityInterceptor2Test method testShouldVerifyAndSetUserInSessionIfAuthorizationHeaderIsPresent.

@Test
public void testShouldVerifyAndSetUserInSessionIfAuthorizationHeaderIsPresent() throws UnknownHostException {
    val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
    val context = new Context("/", InetAddress.getLocalHost(), Protocol.HTTP.name());
    val tokenId = UUID.randomUUID().toString();
    val httpRequest = new HttpGet();
    httpRequest.setHeader("Authorization", tokenId);
    httpRequest.setHeader("Host", "localhost");
    val request = new Request(httpRequest, context);
    val userId = "testUser";
    val token = new Token2(tokenId, userId, DateTimeUtils.currentTimeMillis());
    when(mockTokenService.getToken(tokenId)).thenReturn(Optional.of(token));
    val session = new Session();
    when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(true);
    val httpResponse = securityInterceptor.intercept(request, session, methodWithAnnotation, p -> "obj");
    assertThat(httpResponse).isEmpty();
    assertThat(session.get(USER_ID)).contains(userId);
}
Also used : lombok.val(lombok.val) DateTimeUtils(org.joda.time.DateTimeUtils) Reflection(oap.reflect.Reflection) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) Collections.singletonList(java.util.Collections.singletonList) Reflect(oap.reflect.Reflect) InetAddress(java.net.InetAddress) Arrays.asList(java.util.Arrays.asList) USER_ID(oap.ws.Interceptor.USER_ID) Session(oap.http.Session) MockRequest(oap.http.testng.MockRequest) AclService(oap.security.acl.AclService) Id(oap.util.Id) Context(oap.http.Context) WsParam(oap.ws.WsParam) lombok.val(lombok.val) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) UnknownHostException(java.net.UnknownHostException) Request(oap.http.Request) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) Optional(java.util.Optional) Protocol(oap.http.Protocol) Mockito.mock(org.mockito.Mockito.mock) Context(oap.http.Context) HttpGet(org.apache.http.client.methods.HttpGet) MockRequest(oap.http.testng.MockRequest) Request(oap.http.Request) Session(oap.http.Session) Test(org.testng.annotations.Test)

Example 2 with Session

use of oap.http.Session in project oap by oaplatform.

the class SecurityInterceptor2Test method testShouldVerifyUserIfPresentInSession.

@Test
public void testShouldVerifyUserIfPresentInSession() {
    val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
    val userId = "testUser";
    final Session session = new Session();
    session.set(USER_ID, userId);
    when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(true);
    final MockRequest request = new MockRequest();
    request.headers.put("authorization", "token1");
    val httpResponse = securityInterceptor.intercept(request, session, methodWithAnnotation, p -> "obj");
    assertThat(httpResponse).isEmpty();
}
Also used : lombok.val(lombok.val) DateTimeUtils(org.joda.time.DateTimeUtils) Reflection(oap.reflect.Reflection) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) Collections.singletonList(java.util.Collections.singletonList) Reflect(oap.reflect.Reflect) InetAddress(java.net.InetAddress) Arrays.asList(java.util.Arrays.asList) USER_ID(oap.ws.Interceptor.USER_ID) Session(oap.http.Session) MockRequest(oap.http.testng.MockRequest) AclService(oap.security.acl.AclService) Id(oap.util.Id) Context(oap.http.Context) WsParam(oap.ws.WsParam) lombok.val(lombok.val) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) UnknownHostException(java.net.UnknownHostException) Request(oap.http.Request) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) Optional(java.util.Optional) Protocol(oap.http.Protocol) Mockito.mock(org.mockito.Mockito.mock) MockRequest(oap.http.testng.MockRequest) Session(oap.http.Session) Test(org.testng.annotations.Test)

Example 3 with Session

use of oap.http.Session in project oap by oaplatform.

the class SecurityInterceptor2Test method testAccessDenied.

@Test
public void testAccessDenied() {
    val methodWithAnnotation = REFLECTION.method(method -> method.name().equals("methodWithAnnotation")).get();
    val userId = "testUser";
    final Session session = new Session();
    session.set(USER_ID, userId);
    when(mockAclService.checkOne("obj", userId, "parent.read")).thenReturn(false);
    val httpResponse = securityInterceptor.intercept(new MockRequest(), session, methodWithAnnotation, p -> "obj");
    assertThat(httpResponse).isPresent();
}
Also used : lombok.val(lombok.val) DateTimeUtils(org.joda.time.DateTimeUtils) Reflection(oap.reflect.Reflection) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) Collections.singletonList(java.util.Collections.singletonList) Reflect(oap.reflect.Reflect) InetAddress(java.net.InetAddress) Arrays.asList(java.util.Arrays.asList) USER_ID(oap.ws.Interceptor.USER_ID) Session(oap.http.Session) MockRequest(oap.http.testng.MockRequest) AclService(oap.security.acl.AclService) Id(oap.util.Id) Context(oap.http.Context) WsParam(oap.ws.WsParam) lombok.val(lombok.val) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) UnknownHostException(java.net.UnknownHostException) Request(oap.http.Request) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) Optional(java.util.Optional) Protocol(oap.http.Protocol) Mockito.mock(org.mockito.Mockito.mock) MockRequest(oap.http.testng.MockRequest) Session(oap.http.Session) Test(org.testng.annotations.Test)

Example 4 with Session

use of oap.http.Session in project oap by oaplatform.

the class SecurityInterceptor2Test method testPostProcessingIncludeRootPermissions.

@Test
public void testPostProcessingIncludeRootPermissions() {
    when(mockAclService.checkAll("1", "testUser")).thenReturn(asList("test1.read"));
    when(mockAclService.checkAll(AclService.ROOT, "testUser")).thenReturn(asList("gl.create"));
    final Session session = new Session();
    session.set(USER_ID, "testUser");
    val methodWithAnnotation2 = REFLECTION.method(method -> method.name().equals("methodWithAnnotation2")).get();
    val op = (ObjectWithPermissions) securityInterceptor.postProcessing(new TestAPI.Res("1"), session, methodWithAnnotation2);
    assertThat(op.permissions).containsExactlyInAnyOrder("test1.read", "gl.create");
}
Also used : lombok.val(lombok.val) DateTimeUtils(org.joda.time.DateTimeUtils) Reflection(oap.reflect.Reflection) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) Collections.singletonList(java.util.Collections.singletonList) Reflect(oap.reflect.Reflect) InetAddress(java.net.InetAddress) Arrays.asList(java.util.Arrays.asList) USER_ID(oap.ws.Interceptor.USER_ID) Session(oap.http.Session) MockRequest(oap.http.testng.MockRequest) AclService(oap.security.acl.AclService) Id(oap.util.Id) Context(oap.http.Context) WsParam(oap.ws.WsParam) lombok.val(lombok.val) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) UnknownHostException(java.net.UnknownHostException) Request(oap.http.Request) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) Optional(java.util.Optional) Protocol(oap.http.Protocol) Mockito.mock(org.mockito.Mockito.mock) Session(oap.http.Session) Test(org.testng.annotations.Test)

Example 5 with Session

use of oap.http.Session in project oap by oaplatform.

the class SecurityInterceptor2Test method testPostProcessingList.

@Test
public void testPostProcessingList() {
    when(mockAclService.checkAll("1", "testUser")).thenReturn(asList("test1.read"));
    when(mockAclService.checkAll(AclService.ROOT, "testUser")).thenReturn(asList("gl.create"));
    final Session session = new Session();
    session.set(USER_ID, "testUser");
    val methodList = REFLECTION.method(method -> method.name().equals("methodList")).get();
    val op = ((List<ObjectWithPermissions>) securityInterceptor.postProcessing(singletonList(new TestAPI.Res("1")), session, methodList)).get(0);
    assertThat(op.permissions).containsExactlyInAnyOrder("test1.read");
}
Also used : lombok.val(lombok.val) DateTimeUtils(org.joda.time.DateTimeUtils) Reflection(oap.reflect.Reflection) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) Collections.singletonList(java.util.Collections.singletonList) Reflect(oap.reflect.Reflect) InetAddress(java.net.InetAddress) Arrays.asList(java.util.Arrays.asList) USER_ID(oap.ws.Interceptor.USER_ID) Session(oap.http.Session) MockRequest(oap.http.testng.MockRequest) AclService(oap.security.acl.AclService) Id(oap.util.Id) Context(oap.http.Context) WsParam(oap.ws.WsParam) lombok.val(lombok.val) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) UnknownHostException(java.net.UnknownHostException) Request(oap.http.Request) List(java.util.List) HttpGet(org.apache.http.client.methods.HttpGet) Optional(java.util.Optional) Protocol(oap.http.Protocol) Mockito.mock(org.mockito.Mockito.mock) Collections.singletonList(java.util.Collections.singletonList) Arrays.asList(java.util.Arrays.asList) List(java.util.List) Session(oap.http.Session) Test(org.testng.annotations.Test)

Aggregations

Session (oap.http.Session)14 Optional (java.util.Optional)12 Request (oap.http.Request)12 Reflection (oap.reflect.Reflection)12 UUID (java.util.UUID)11 Reflect (oap.reflect.Reflect)11 Test (org.testng.annotations.Test)11 List (java.util.List)10 lombok.val (lombok.val)10 InetAddress (java.net.InetAddress)9 UnknownHostException (java.net.UnknownHostException)9 Context (oap.http.Context)9 Protocol (oap.http.Protocol)9 HttpGet (org.apache.http.client.methods.HttpGet)9 Mockito.mock (org.mockito.Mockito.mock)9 Mockito.when (org.mockito.Mockito.when)9 AclService (oap.security.acl.AclService)8 Arrays.asList (java.util.Arrays.asList)7 Collections.singletonList (java.util.Collections.singletonList)7 MockRequest (oap.http.testng.MockRequest)7