Examples with AuthenticationContext org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext used on opensource projects

Example 26 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testMsgDoThrottleWhenUserLevelThrottlingIsTriggerred.

@Test
public void testMsgDoThrottleWhenUserLevelThrottlingIsTriggerred() {
    ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
    MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
    verbInfo.setApplicableLevel("userLevel");
    messageContext.setProperty(VERB_INFO_DTO, verbInfoDTO);
    ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
    authenticationContext.setApiTier(throttlingTier);
    messageContext.setProperty(API_AUTH_CONTEXT, authenticationContext);
    // Should continue the message flow, when user level throttling is triggered and not exceeded
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
}

Example 27 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testMsgContinueWhenSubscriptionLevelIsThrottledAndStopOnQuotaReachIsDisabled.

@Test
public void testMsgContinueWhenSubscriptionLevelIsThrottledAndStopOnQuotaReachIsDisabled() {
    ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
    MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
    messageContext.setProperty(VERB_INFO_DTO, verbInfoDTO);
    ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
    authenticationContext.setApiTier(throttlingTier);
    // Set stopOnQuota
    authenticationContext.setStopOnQuotaReach(false);
    messageContext.setProperty(API_AUTH_CONTEXT, authenticationContext);
    verbInfo.setConditionGroups(conditionGroupDTOs);
    ArrayList<ConditionGroupDTO> matchingConditions = new ArrayList<>();
    matchingConditions.add(conditionGroupDTO);
    String subscriptionLevelThrottleKey = authenticationContext.getApplicationId() + ":" + apiContext + ":" + apiVersion;
    // Set subscription level throttled out
    throttleDataHolder.addThrottleData(subscriptionLevelThrottleKey, System.currentTimeMillis() + 10000);
    // Though subscription level is throttled out, should continue the message flow, if stop on quota reach is
    // disabled
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
}

Example 28 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testMsgDoContinueWhenAllThrottlingLevelsAreNotThrolled.

@Test
public void testMsgDoContinueWhenAllThrottlingLevelsAreNotThrolled() {
    ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
    ServiceReferenceHolder.getInstance().setThrottleDataPublisher(new ThrottleDataPublisher());
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
    MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
    messageContext.setProperty(VERB_INFO_DTO, verbInfoDTO);
    ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
    authenticationContext.setApiTier(throttlingTier);
    messageContext.setProperty(API_AUTH_CONTEXT, authenticationContext);
    // Should continue the message flow if API level, application level, resource level, subscription level,
    // subscription spike level and hard throttling limit levels are not throttled
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
}

Example 29 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testMsgThrottleOutWhenBlockingConditionsAreSatisfied.

@Test
public void testMsgThrottleOutWhenBlockingConditionsAreSatisfied() {
    ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator);
    MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
    ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    throttleDataHolder.addIpBlockingCondition("carbon.super", 1, "{\"fixedIp\":\"127.0.0.1\",\"invert\":false}", APIConstants.BLOCKING_CONDITIONS_IP);
    AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
    // Mockito.when(throttleDataHolder.isRequestBlocked(apiContext, authenticationContext
    // .getSubscriber() + ":" + authenticationContext.getApplicationName(), authenticationContext
    // .getUsername(), "carbon.super" + ":" + "127.0.0.1")).thenReturn(true);
    Assert.assertFalse(throttleHandler.handleRequest(messageContext));
    throttleDataHolder.removeIpBlockingCondition("carbon.super", 1);
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
}

Example 30 with AuthenticationContext

use of org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testMsgThrottleOutWhenHittingSubscriptionLevelSpike.

@Test
public void testMsgThrottleOutWhenHittingSubscriptionLevelSpike() {
    ThrottleDataHolder throttleDataHolder = new ThrottleDataHolder();
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, throttleDataHolder, throttleEvaluator, accessInformation);
    throttleHandler.setSandboxMaxCount("100");
    SynapseEnvironment synapseEnvironment = Mockito.mock(SynapseEnvironment.class);
    throttleHandler.init(synapseEnvironment);
    MessageContext messageContext = TestUtils.getMessageContextWithAuthContext(apiContext, apiVersion);
    messageContext.setProperty(VERB_INFO_DTO, verbInfoDTO);
    ((Axis2MessageContext) messageContext).getAxis2MessageContext().getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getProperty(API_AUTH_CONTEXT);
    authenticationContext.setApiTier(throttlingTier);
    authenticationContext.setKeyType("SANDBOX");
    authenticationContext.setSpikeArrestLimit(100);
    authenticationContext.setStopOnQuotaReach(true);
    messageContext.setProperty(API_AUTH_CONTEXT, authenticationContext);
    verbInfo.setConditionGroups(conditionGroupDTOs);
    ArrayList<ConditionGroupDTO> matchingConditions = new ArrayList<>();
    matchingConditions.add(conditionGroupDTO);
    throttleDataHolder.addKeyTemplate("$user", "$user");
    Mockito.when(accessInformation.isAccessAllowed()).thenReturn(false);
    Assert.assertFalse(throttleHandler.handleRequest(messageContext));
}