Example 1 with CloudFoundryAuthorizationException
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException in project spring-boot by spring-projects.
the class ReactiveCloudFoundrySecurityInterceptorTests method preHandleWhenApplicationIdIsNullShouldReturnError.
@Test
void preHandleWhenApplicationIdIsNullShouldReturnError() {
this.interceptor = new CloudFoundrySecurityInterceptor(this.tokenValidator, this.securityService, null);
MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest.get("/a").header(HttpHeaders.AUTHORIZATION, "bearer " + mockAccessToken()).build());
StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeErrorWith((ex) -> assertThat(((CloudFoundryAuthorizationException) ex).getReason()).isEqualTo(Reason.SERVICE_UNAVAILABLE)).verify();
}
Also used :
Base64Utils(org.springframework.util.Base64Utils)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
BeforeEach(org.junit.jupiter.api.BeforeEach)
MockitoExtension(org.mockito.junit.jupiter.MockitoExtension)
StepVerifier(reactor.test.StepVerifier)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
Mock(org.mockito.Mock)
HttpHeaders(org.springframework.http.HttpHeaders)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Mono(reactor.core.publisher.Mono)
Test(org.junit.jupiter.api.Test)
HttpStatus(org.springframework.http.HttpStatus)
AccessLevel(org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
BDDMockito.given(org.mockito.BDDMockito.given)
Reason(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException.Reason)
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
Test(org.junit.jupiter.api.Test)
Example 2 with CloudFoundryAuthorizationException
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException in project spring-boot by spring-projects.
the class CloudFoundryMvcWebEndpointIntegrationTests method linksToOtherEndpointsForbidden.
@Test
void linksToOtherEndpointsForbidden() {
CloudFoundryAuthorizationException exception = new CloudFoundryAuthorizationException(Reason.INVALID_TOKEN, "invalid-token");
willThrow(exception).given(tokenValidator).validate(any());
load(TestEndpointConfiguration.class, (client) -> client.get().uri("/cfApplication").accept(MediaType.APPLICATION_JSON).header("Authorization", "bearer " + mockAccessToken()).exchange().expectStatus().isUnauthorized());
}
Also used :
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
Test(org.junit.jupiter.api.Test)
Example 3 with CloudFoundryAuthorizationException
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException in project spring-boot by spring-projects.
the class CloudFoundryWebFluxEndpointIntegrationTests method linksToOtherEndpointsForbidden.
@Test
void linksToOtherEndpointsForbidden() {
CloudFoundryAuthorizationException exception = new CloudFoundryAuthorizationException(Reason.INVALID_TOKEN, "invalid-token");
willThrow(exception).given(tokenValidator).validate(any());
this.contextRunner.run(withWebTestClient((client) -> client.get().uri("/cfApplication").accept(MediaType.APPLICATION_JSON).header("Authorization", "bearer " + mockAccessToken()).exchange().expectStatus().isUnauthorized()));
}
Also used :
Base64Utils(org.springframework.util.Base64Utils)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Arrays(java.util.Arrays)
AnnotationConfigReactiveWebServerApplicationContext(org.springframework.boot.web.reactive.context.AnnotationConfigReactiveWebServerApplicationContext)
ReadOperation(org.springframework.boot.actuate.endpoint.annotation.ReadOperation)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
WriteOperation(org.springframework.boot.actuate.endpoint.annotation.WriteOperation)
HttpHandlerAutoConfiguration(org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration)
ContextConsumer(org.springframework.boot.test.context.runner.ContextConsumer)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
AccessLevel(org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel)
ReactiveWebApplicationContextRunner(org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner)
BDDMockito.given(org.mockito.BDDMockito.given)
Duration(java.time.Duration)
Map(java.util.Map)
Reason(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException.Reason)
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
EndpointLinksResolver(org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver)
AssertableReactiveWebApplicationContext(org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext)
AutoConfigurations(org.springframework.boot.autoconfigure.AutoConfigurations)
BDDMockito.willThrow(org.mockito.BDDMockito.willThrow)
Endpoint(org.springframework.boot.actuate.endpoint.annotation.Endpoint)
MediaType(org.springframework.http.MediaType)
Import(org.springframework.context.annotation.Import)
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
Mono(reactor.core.publisher.Mono)
EndpointMediaTypes(org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes)
ReactiveWebServerFactoryAutoConfiguration(org.springframework.boot.autoconfigure.web.reactive.ReactiveWebServerFactoryAutoConfiguration)
ApplicationContext(org.springframework.context.ApplicationContext)
WebEndpointDiscoverer(org.springframework.boot.actuate.endpoint.web.annotation.WebEndpointDiscoverer)
Consumer(java.util.function.Consumer)
Test(org.junit.jupiter.api.Test)
Configuration(org.springframework.context.annotation.Configuration)
ParameterValueMapper(org.springframework.boot.actuate.endpoint.invoke.ParameterValueMapper)
HttpStatus(org.springframework.http.HttpStatus)
EndpointMapping(org.springframework.boot.actuate.endpoint.web.EndpointMapping)
ConversionServiceParameterValueMapper(org.springframework.boot.actuate.endpoint.invoke.convert.ConversionServiceParameterValueMapper)
WebFluxAutoConfiguration(org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration)
Bean(org.springframework.context.annotation.Bean)
Collections(java.util.Collections)
Selector(org.springframework.boot.actuate.endpoint.annotation.Selector)
DefaultConversionService(org.springframework.core.convert.support.DefaultConversionService)
Mockito.mock(org.mockito.Mockito.mock)
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
Test(org.junit.jupiter.api.Test)
Example 4 with CloudFoundryAuthorizationException
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException in project spring-boot by spring-projects.
the class CloudFoundrySecurityService method getUaaUrl.
/**
* Return the URL of the UAA.
* @return the UAA url
*/
String getUaaUrl() {
if (this.uaaUrl == null) {
try {
Map<?, ?> response = this.restTemplate.getForObject(this.cloudControllerUrl + "/info", Map.class);
this.uaaUrl = (String) response.get("token_endpoint");
} catch (HttpStatusCodeException ex) {
throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE, "Unable to fetch token keys from UAA");
}
}
return this.uaaUrl;
}
Also used :
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)
Example 5 with CloudFoundryAuthorizationException
use of org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException in project spring-boot by spring-projects.
the class CloudFoundrySecurityService method getAccessLevel.
/**
* Return the access level that should be granted to the given token.
* @param token the token
* @param applicationId the cloud foundry application ID
* @return the access level that should be granted
* @throws CloudFoundryAuthorizationException if the token is not authorized
*/
AccessLevel getAccessLevel(String token, String applicationId) throws CloudFoundryAuthorizationException {
try {
URI uri = getPermissionsUri(applicationId);
RequestEntity<?> request = RequestEntity.get(uri).header("Authorization", "bearer " + token).build();
Map<?, ?> body = this.restTemplate.exchange(request, Map.class).getBody();
if (Boolean.TRUE.equals(body.get("read_sensitive_data"))) {
return AccessLevel.FULL;
}
return AccessLevel.RESTRICTED;
} catch (HttpClientErrorException ex) {
if (ex.getStatusCode().equals(HttpStatus.FORBIDDEN)) {
throw new CloudFoundryAuthorizationException(Reason.ACCESS_DENIED, "Access denied");
}
throw new CloudFoundryAuthorizationException(Reason.INVALID_TOKEN, "Invalid token", ex);
} catch (HttpServerErrorException ex) {
throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE, "Cloud controller not reachable");
}
}
Also used :
HttpClientErrorException(org.springframework.web.client.HttpClientErrorException)
CloudFoundryAuthorizationException(org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)
URI(java.net.URI)
HashMap(java.util.HashMap)
Map(java.util.Map)
HttpServerErrorException(org.springframework.web.client.HttpServerErrorException)
Aggregations
CloudFoundryAuthorizationException (org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException)7
Test (org.junit.jupiter.api.Test)4
AccessLevel (org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel)4
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)3
BDDMockito.given (org.mockito.BDDMockito.given)3
Reason (org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException.Reason)3
HttpStatus (org.springframework.http.HttpStatus)3
Base64Utils (org.springframework.util.Base64Utils)3
Mono (reactor.core.publisher.Mono)3
Map (java.util.Map)2
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
BeforeEach (org.junit.jupiter.api.BeforeEach)2
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)2
Mock (org.mockito.Mock)2
MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)2
URI (java.net.URI)1
Duration (java.time.Duration)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
HashMap (java.util.HashMap)1
