Example 1 with APIMgtSecurityException
use of org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException in project carbon-apimgt by wso2.
the class WorkflowsApiServiceImplTestCase method getRequest.
// Sample request to be used by tests
private Request getRequest() throws Exception {
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request request = new Request(carbonMessage);
try {
PowerMockito.whenNew(Request.class).withArguments(carbonMessage).thenReturn(request);
} catch (Exception e) {
throw new APIMgtSecurityException("Error while mocking Request Object ", e);
}
return request;
}
Also used :
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Request(org.wso2.msf4j.Request)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
APIMgtDAOException(org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)
Example 2 with APIMgtSecurityException
use of org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException in project carbon-apimgt by wso2.
the class ApplicationsApiServiceImplTestCase method getRequest.
// Sample request to be used by tests
private Request getRequest() throws APIMgtSecurityException {
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Mockito.when(carbonMessage.getProperty("LOGGED_IN_USER")).thenReturn(USER);
Request request = new Request(carbonMessage);
return request;
}
Also used :
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
Request(org.wso2.msf4j.Request)
Example 3 with APIMgtSecurityException
use of org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException in project carbon-apimgt by wso2.
the class BasicAuthAuthenticatorTestCase method testAuthenticate.
@Test
public void testAuthenticate() throws Exception {
final String authorizationHttpHeader = "Basic YWRtaW46YWRtaW4=";
final String authorizationHttpHeader1 = "DummyHeader YWRtaW46YWRtaW4=";
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request requestObj = new Request(carbonMessage);
try {
PowerMockito.whenNew(Request.class).withArguments(carbonMessage).thenReturn(requestObj);
} catch (Exception e) {
throw new APIMgtSecurityException("Error while mocking Request Object ", e);
}
try {
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
basicAuthAuthenticator.authenticate(requestObj, null, null);
} catch (APIMgtSecurityException e) {
Assert.assertEquals(e.getMessage(), "Missing Authorization header in the request.`");
}
when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn(authorizationHttpHeader1);
Response responseObj = Mockito.mock(Response.class);
ServiceMethodInfo serviceMethodInfoObj = Mockito.mock(ServiceMethodInfo.class);
try {
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
basicAuthAuthenticator.authenticate(requestObj, responseObj, serviceMethodInfoObj);
} catch (APIMgtSecurityException e) {
Assert.assertEquals(e.getMessage(), "Missing 'Authorization : Basic' header in the request.`");
}
when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn(authorizationHttpHeader);
BasicAuthAuthenticator basicAuthAuthenticator = new BasicAuthAuthenticator();
boolean isAuthenticated = basicAuthAuthenticator.authenticate(requestObj, responseObj, serviceMethodInfoObj);
if (isAuthenticated) {
Assert.assertEquals(isAuthenticated, true);
} else {
Assert.assertEquals(isAuthenticated, false);
}
}
Also used :
Response(org.wso2.msf4j.Response)
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
BasicAuthAuthenticator(org.wso2.carbon.apimgt.rest.api.common.impl.BasicAuthAuthenticator)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo)
Request(org.wso2.msf4j.Request)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Test(org.testng.annotations.Test)
Example 4 with APIMgtSecurityException
use of org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException in project carbon-apimgt by wso2.
the class RESTAPISecurityInterceptorTestCase method testGetApisSuccess.
@Test
public void testGetApisSuccess() throws APIManagementException {
HTTPCarbonMessage carbonMessage = Mockito.mock(HTTPCarbonMessage.class);
Request requestObj = Mockito.mock(Request.class);
try {
PowerMockito.whenNew(Request.class).withArguments(carbonMessage).thenReturn(requestObj);
} catch (Exception e) {
throw new APIMgtSecurityException("Error while mocking Request Object ", e);
}
Response responseObj = Mockito.mock(Response.class);
Mockito.when(requestObj.getHeader(RestApiConstants.AUTHORIZATION_HTTP_HEADER)).thenReturn("Authorization: 053d68ee-12bc-36b0-ab9c-31752ef5bda9");
Mockito.when(requestObj.getHeader("REQUEST_URL")).thenReturn("http://localhost:9090/api/am/publisher/v1/api");
ServiceMethodInfo serviceMethodInfoObj = Mockito.mock(ServiceMethodInfo.class);
RESTAPISecurityInterceptor interceptor = Mockito.mock(RESTAPISecurityInterceptor.class);
boolean isAuthorized = interceptor.preCall(requestObj, responseObj, serviceMethodInfoObj);
if (isAuthorized) {
Assert.assertEquals(isAuthorized, true);
} else {
Assert.assertEquals(isAuthorized, false);
}
}
Also used :
Response(org.wso2.msf4j.Response)
HTTPCarbonMessage(org.wso2.transport.http.netty.message.HTTPCarbonMessage)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
ServiceMethodInfo(org.wso2.msf4j.ServiceMethodInfo)
Request(org.wso2.msf4j.Request)
RESTAPISecurityInterceptor(org.wso2.carbon.apimgt.rest.api.common.interceptors.RESTAPISecurityInterceptor)
APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException)
APIMgtSecurityException(org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)
Test(org.junit.Test)
Example 5 with APIMgtSecurityException
use of org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException in project carbon-apimgt by wso2.
the class OAuth2Authenticator method validateTokenAndScopes.
private boolean validateTokenAndScopes(Request request, ServiceMethodInfo serviceMethodInfo, String accessToken) throws APIMgtSecurityException {
// Map<String, String> tokenInfo = validateToken(accessToken);
AccessTokenInfo accessTokenInfo = validateToken(accessToken);
String restAPIResource = getRestAPIResource(request);
// scope validation
return validateScopes(request, serviceMethodInfo, accessTokenInfo.getScopes(), restAPIResource);
}
Also used :
AccessTokenInfo(org.wso2.carbon.apimgt.core.models.AccessTokenInfo)
Aggregations
Request (org.wso2.msf4j.Request)10
APIMgtSecurityException (org.wso2.carbon.apimgt.rest.api.common.exception.APIMgtSecurityException)9
HTTPCarbonMessage (org.wso2.transport.http.netty.message.HTTPCarbonMessage)9
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)7
ErrorHandler (org.wso2.carbon.apimgt.core.exception.ErrorHandler)3
Response (org.wso2.msf4j.Response)3
ServiceMethodInfo (org.wso2.msf4j.ServiceMethodInfo)3
HttpHeaders (javax.ws.rs.core.HttpHeaders)2
AccessTokenInfo (org.wso2.carbon.apimgt.core.models.AccessTokenInfo)2
NotFoundException (org.wso2.carbon.apimgt.rest.api.admin.NotFoundException)2
TypeToken (com.google.gson.reflect.TypeToken)1
SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)1
Swagger (io.swagger.models.Swagger)1
SwaggerParser (io.swagger.parser.SwaggerParser)1
Arrays (java.util.Arrays)1
List (java.util.List)1
Locale (java.util.Locale)1
Optional (java.util.Optional)1
StringUtils (org.apache.commons.lang3.StringUtils)1
Test (org.junit.Test)1
