use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.
the class PagedTraverserIT method shouldRespondWith200OnFirstDeletionOfTraversalAnd404Afterwards.
@Test
public void shouldRespondWith200OnFirstDeletionOfTraversalAnd404Afterwards() {
theStartNode = createLinkedList(SHORT_LIST_LENGTH, server.getDatabase());
JaxRsResponse response = createPagedTraverser();
final RestRequest request = RestRequest.req();
JaxRsResponse deleteResponse = request.delete(response.getLocation());
assertEquals(200, deleteResponse.getStatus());
deleteResponse = request.delete(response.getLocation());
assertEquals(404, deleteResponse.getStatus());
}
use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.
the class SecurityRulesIT method should403WhenAuthenticatedButForbidden.
@Test
public void should403WhenAuthenticatedButForbidden() throws Exception {
server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withSecurityRules(PermanentlyForbiddenSecurityRule.class.getCanonicalName(), PermanentlyPassingSecurityRule.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
server.start();
functionalTestHelper = new FunctionalTestHelper(server);
JaxRsResponse clientResponse = gen.get().expectedStatus(403).expectedType(MediaType.APPLICATION_JSON_TYPE).get(trimTrailingSlash(functionalTestHelper.baseUri())).response();
assertEquals(403, clientResponse.getStatus());
}
use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.
the class SecurityRulesIT method aSimpleWildcardUriPathShould401OnAccessToProtectedSubPath.
@Test
@Title("Using Wildcards to Target Security Rules")
@Documented("In this example, a security rule is registered to deny\n" + "access to all URIs to the server by listing the rule(s) class(es) in\n" + "'neo4j.conf'.\n" + "In this case, the rule is registered\n" + "using a wildcard URI path (where `*` characters can be used to signify\n" + "any part of the path). For example `/users*` means the rule\n" + "will be bound to any resources under the `/users` root path. Similarly\n" + "`/users*type*` will bind the rule to resources matching\n" + "URIs like `/users/fred/type/premium`.\n" + "\n" + "@@config\n" + "\n" + "with the rule source code of:\n" + "\n" + "@@failingRuleWithWildcardPath\n" + "\n" + "With this rule registered, any access to URIs under /protected/ will be\n" + "denied by the server. Using wildcards allows flexible targeting of security rules to\n" + "arbitrary parts of the server's API, including any unmanaged extensions or managed\n" + "plugins that have been registered.")
public void aSimpleWildcardUriPathShould401OnAccessToProtectedSubPath() throws Exception {
String mountPoint = "/protected/tree/starts/here" + DummyThirdPartyWebService.DUMMY_WEB_SERVICE_MOUNT_POINT;
server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withThirdPartyJaxRsPackage("org.dummy.web.service", mountPoint).withSecurityRules(PermanentlyFailingSecurityRuleWithWildcardPath.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
server.start();
functionalTestHelper = new FunctionalTestHelper(server);
JaxRsResponse clientResponse = gen.get().expectedStatus(401).expectedType(MediaType.APPLICATION_JSON_TYPE).expectedHeader("WWW-Authenticate").get(trimTrailingSlash(functionalTestHelper.baseUri()) + mountPoint + "/more/stuff").response();
assertEquals(401, clientResponse.getStatus());
}
use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.
the class SecurityRulesIT method aComplexWildcardUriPathShould401OnAccessToProtectedSubPath.
@Test
@Title("Using Complex Wildcards to Target Security Rules")
@Documented("In this example, a security rule is registered to deny\n" + "access to all URIs matching a complex pattern.\n" + "The config looks like this:\n" + "\n" + "@@config\n" + "\n" + "with the rule source code of:\n" + "\n" + "@@failingRuleWithComplexWildcardPath")
public void aComplexWildcardUriPathShould401OnAccessToProtectedSubPath() throws Exception {
String mountPoint = "/protected/wildcard_replacement/x/y/z/something/else/more_wildcard_replacement/a/b/c" + "/final/bit";
server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withThirdPartyJaxRsPackage("org.dummy.web.service", mountPoint).withSecurityRules(PermanentlyFailingSecurityRuleWithComplexWildcardPath.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
server.start();
functionalTestHelper = new FunctionalTestHelper(server);
JaxRsResponse clientResponse = gen.get().expectedStatus(401).expectedType(MediaType.APPLICATION_JSON_TYPE).expectedHeader("WWW-Authenticate").get(trimTrailingSlash(functionalTestHelper.baseUri()) + mountPoint + "/more/stuff").response();
assertEquals(401, clientResponse.getStatus());
}
use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.
the class SecurityRulesIT method should401WithBasicChallengeIfAnyOneOfTheRulesFails.
@Test
public void should401WithBasicChallengeIfAnyOneOfTheRulesFails() throws Exception {
server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withSecurityRules(PermanentlyFailingSecurityRule.class.getCanonicalName(), PermanentlyPassingSecurityRule.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
server.start();
functionalTestHelper = new FunctionalTestHelper(server);
JaxRsResponse response = gen.get().expectedStatus(401).expectedHeader("WWW-Authenticate").post(functionalTestHelper.nodeUri()).response();
assertThat(response.getHeaders().getFirst("WWW-Authenticate"), containsString("Basic realm=\"" + PermanentlyFailingSecurityRule.REALM + "\""));
}
Aggregations