Search in sources :

Example 51 with JaxRsResponse

use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.

the class PagedTraverserIT method shouldRespondWith200OnFirstDeletionOfTraversalAnd404Afterwards.

@Test
public void shouldRespondWith200OnFirstDeletionOfTraversalAnd404Afterwards() {
    theStartNode = createLinkedList(SHORT_LIST_LENGTH, server.getDatabase());
    JaxRsResponse response = createPagedTraverser();
    final RestRequest request = RestRequest.req();
    JaxRsResponse deleteResponse = request.delete(response.getLocation());
    assertEquals(200, deleteResponse.getStatus());
    deleteResponse = request.delete(response.getLocation());
    assertEquals(404, deleteResponse.getStatus());
}
Also used : RestRequest(org.neo4j.server.rest.RestRequest) JaxRsResponse(org.neo4j.server.rest.JaxRsResponse) Test(org.junit.Test)

Example 52 with JaxRsResponse

use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.

the class SecurityRulesIT method should403WhenAuthenticatedButForbidden.

@Test
public void should403WhenAuthenticatedButForbidden() throws Exception {
    server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withSecurityRules(PermanentlyForbiddenSecurityRule.class.getCanonicalName(), PermanentlyPassingSecurityRule.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
    server.start();
    functionalTestHelper = new FunctionalTestHelper(server);
    JaxRsResponse clientResponse = gen.get().expectedStatus(403).expectedType(MediaType.APPLICATION_JSON_TYPE).get(trimTrailingSlash(functionalTestHelper.baseUri())).response();
    assertEquals(403, clientResponse.getStatus());
}
Also used : FunctionalTestHelper(org.neo4j.server.helpers.FunctionalTestHelper) JaxRsResponse(org.neo4j.server.rest.JaxRsResponse) Test(org.junit.Test)

Example 53 with JaxRsResponse

use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.

the class SecurityRulesIT method aSimpleWildcardUriPathShould401OnAccessToProtectedSubPath.

@Test
@Title("Using Wildcards to Target Security Rules")
@Documented("In this example, a security rule is registered to deny\n" + "access to all URIs to the server by listing the rule(s) class(es) in\n" + "'neo4j.conf'.\n" + "In this case, the rule is registered\n" + "using a wildcard URI path (where `*` characters can be used to signify\n" + "any part of the path). For example `/users*` means the rule\n" + "will be bound to any resources under the `/users` root path. Similarly\n" + "`/users*type*` will bind the rule to resources matching\n" + "URIs like `/users/fred/type/premium`.\n" + "\n" + "@@config\n" + "\n" + "with the rule source code of:\n" + "\n" + "@@failingRuleWithWildcardPath\n" + "\n" + "With this rule registered, any access to URIs under /protected/ will be\n" + "denied by the server. Using wildcards allows flexible targeting of security rules to\n" + "arbitrary parts of the server's API, including any unmanaged extensions or managed\n" + "plugins that have been registered.")
public void aSimpleWildcardUriPathShould401OnAccessToProtectedSubPath() throws Exception {
    String mountPoint = "/protected/tree/starts/here" + DummyThirdPartyWebService.DUMMY_WEB_SERVICE_MOUNT_POINT;
    server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withThirdPartyJaxRsPackage("org.dummy.web.service", mountPoint).withSecurityRules(PermanentlyFailingSecurityRuleWithWildcardPath.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
    server.start();
    functionalTestHelper = new FunctionalTestHelper(server);
    JaxRsResponse clientResponse = gen.get().expectedStatus(401).expectedType(MediaType.APPLICATION_JSON_TYPE).expectedHeader("WWW-Authenticate").get(trimTrailingSlash(functionalTestHelper.baseUri()) + mountPoint + "/more/stuff").response();
    assertEquals(401, clientResponse.getStatus());
}
Also used : FunctionalTestHelper(org.neo4j.server.helpers.FunctionalTestHelper) Matchers.containsString(org.hamcrest.Matchers.containsString) JaxRsResponse(org.neo4j.server.rest.JaxRsResponse) Documented(org.neo4j.kernel.impl.annotations.Documented) Test(org.junit.Test) Title(org.neo4j.test.TestData.Title)

Example 54 with JaxRsResponse

use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.

the class SecurityRulesIT method aComplexWildcardUriPathShould401OnAccessToProtectedSubPath.

@Test
@Title("Using Complex Wildcards to Target Security Rules")
@Documented("In this example, a security rule is registered to deny\n" + "access to all URIs matching a complex pattern.\n" + "The config looks like this:\n" + "\n" + "@@config\n" + "\n" + "with the rule source code of:\n" + "\n" + "@@failingRuleWithComplexWildcardPath")
public void aComplexWildcardUriPathShould401OnAccessToProtectedSubPath() throws Exception {
    String mountPoint = "/protected/wildcard_replacement/x/y/z/something/else/more_wildcard_replacement/a/b/c" + "/final/bit";
    server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withThirdPartyJaxRsPackage("org.dummy.web.service", mountPoint).withSecurityRules(PermanentlyFailingSecurityRuleWithComplexWildcardPath.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
    server.start();
    functionalTestHelper = new FunctionalTestHelper(server);
    JaxRsResponse clientResponse = gen.get().expectedStatus(401).expectedType(MediaType.APPLICATION_JSON_TYPE).expectedHeader("WWW-Authenticate").get(trimTrailingSlash(functionalTestHelper.baseUri()) + mountPoint + "/more/stuff").response();
    assertEquals(401, clientResponse.getStatus());
}
Also used : FunctionalTestHelper(org.neo4j.server.helpers.FunctionalTestHelper) Matchers.containsString(org.hamcrest.Matchers.containsString) JaxRsResponse(org.neo4j.server.rest.JaxRsResponse) Documented(org.neo4j.kernel.impl.annotations.Documented) Test(org.junit.Test) Title(org.neo4j.test.TestData.Title)

Example 55 with JaxRsResponse

use of org.neo4j.server.rest.JaxRsResponse in project neo4j by neo4j.

the class SecurityRulesIT method should401WithBasicChallengeIfAnyOneOfTheRulesFails.

@Test
public void should401WithBasicChallengeIfAnyOneOfTheRulesFails() throws Exception {
    server = CommunityServerBuilder.server().withDefaultDatabaseTuning().withSecurityRules(PermanentlyFailingSecurityRule.class.getCanonicalName(), PermanentlyPassingSecurityRule.class.getCanonicalName()).usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
    server.start();
    functionalTestHelper = new FunctionalTestHelper(server);
    JaxRsResponse response = gen.get().expectedStatus(401).expectedHeader("WWW-Authenticate").post(functionalTestHelper.nodeUri()).response();
    assertThat(response.getHeaders().getFirst("WWW-Authenticate"), containsString("Basic realm=\"" + PermanentlyFailingSecurityRule.REALM + "\""));
}
Also used : FunctionalTestHelper(org.neo4j.server.helpers.FunctionalTestHelper) JaxRsResponse(org.neo4j.server.rest.JaxRsResponse) Test(org.junit.Test)

Aggregations

JaxRsResponse (org.neo4j.server.rest.JaxRsResponse)58 Test (org.junit.Test)52 RestRequest (org.neo4j.server.rest.RestRequest)29 Matchers.containsString (org.hamcrest.Matchers.containsString)19 FunctionalTestHelper (org.neo4j.server.helpers.FunctionalTestHelper)13 PrettyJSON (org.neo4j.server.rest.PrettyJSON)8 URI (java.net.URI)7 Documented (org.neo4j.kernel.impl.annotations.Documented)6 Map (java.util.Map)4 Client (com.sun.jersey.api.client.Client)3 Title (org.neo4j.test.TestData.Title)3 File (java.io.File)2 FileUtils.readTextFile (org.neo4j.io.fs.FileUtils.readTextFile)2 NeoServer (org.neo4j.server.NeoServer)2 HashMap (java.util.HashMap)1 ListenSocketAddress (org.neo4j.helpers.ListenSocketAddress)1 CommunityServerBuilder (org.neo4j.server.helpers.CommunityServerBuilder)1 BadInputException (org.neo4j.server.rest.repr.BadInputException)1 NodeRepresentationTest (org.neo4j.server.rest.repr.NodeRepresentationTest)1 RelationshipRepresentationTest (org.neo4j.server.rest.repr.RelationshipRepresentationTest)1