Search in sources :

Example 1 with SecurityConfigContext

use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.

the class APITemplateBuilderImpl method getConfigStringForPrototypeScriptAPI.

@Override
public String getConfigStringForPrototypeScriptAPI(Environment environment) throws APITemplateException {
    StringWriter writer = new StringWriter();
    try {
        // build the context for template and apply the necessary decorators
        ConfigContext configcontext = new APIConfigContext(this.api);
        configcontext = new TransportConfigContext(configcontext, api);
        configcontext = new ResourceConfigContext(configcontext, api);
        configcontext = new EndpointBckConfigContext(configcontext, api);
        configcontext = new EndpointConfigContext(configcontext, api);
        configcontext = new SecurityConfigContext(configcontext, api);
        configcontext = new JwtConfigContext(configcontext);
        configcontext = new ResponseCacheConfigContext(configcontext, api);
        configcontext = new HandlerConfigContex(configcontext, handlers);
        configcontext = new EnvironmentConfigContext(configcontext, environment);
        configcontext = new TemplateUtilContext(configcontext);
        // @todo: this validation might be better to do when the builder is initialized.
        configcontext.validate();
        VelocityContext context = configcontext.getContext();
        context.internalGetKeys();
        /*  first, initialize velocity engine  */
        VelocityEngine velocityengine = new VelocityEngine();
        APIUtil.initializeVelocityContext(velocityengine);
        velocityengine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH, CarbonUtils.getCarbonHome());
        initVelocityEngine(velocityengine);
        Template t = velocityengine.getTemplate(this.getPrototypeTemplatePath());
        t.merge(context, writer);
    } catch (Exception e) {
        log.error("Velocity Error", e);
        throw new APITemplateException("Velocity Error", e);
    }
    return writer.toString();
}
Also used : VelocityEngine(org.apache.velocity.app.VelocityEngine) VelocityContext(org.apache.velocity.VelocityContext) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RegistryException(org.wso2.carbon.registry.api.RegistryException) APITemplateException(org.wso2.carbon.apimgt.impl.template.APITemplateException) Template(org.apache.velocity.Template) StringWriter(java.io.StringWriter) APITemplateException(org.wso2.carbon.apimgt.impl.template.APITemplateException)

Example 2 with SecurityConfigContext

use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextForAPIProduct.

@Test
public void testSecurityConfigContextForAPIProduct() throws Exception {
    APIProduct apiProduct = new APIProduct(new APIProductIdentifier("admin", "TestProduct", "1.0.0"));
    apiProduct.setUuid(UUID.randomUUID().toString());
    String apiid = UUID.randomUUID().toString();
    List<APIProductResource> apiProductResourceList = new ArrayList<>();
    APIProductResource apiProductResource = new APIProductResource();
    apiProductResource.setApiIdentifier(new APIIdentifier("admin_api1_v1"));
    apiProductResource.setApiId(apiid);
    Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
    EndpointSecurity endpointSecurity = new EndpointSecurity();
    endpointSecurity.setType("BASIC");
    endpointSecurity.setUsername("admin");
    endpointSecurity.setPassword("admin123");
    endpointSecurity.setEnabled(true);
    endpointSecurityMap.put("production", endpointSecurity);
    apiProductResource.setApiId(apiid);
    apiProductResource.setEndpointSecurityMap(endpointSecurityMap);
    apiProductResourceList.add(apiProductResource);
    apiProduct.setProductResources(apiProductResourceList);
    ConfigContext configcontext = new APIConfigContext(apiProduct);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    Map<String, APIDTO> apidtoMap = new HashMap<>();
    apidtoMap.put(apiid, new APIDTO().name("api1").version("v1").provider("admin"));
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, apiProduct, apiManagerConfiguration, apidtoMap);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, Map<String, EndpointSecurityModel>> endpointSecurityModelMap = (Map<String, Map<String, EndpointSecurityModel>>) velocityContext.get("endpoint_security");
    Map<String, EndpointSecurityModel> endpointSecurityModelMap1 = endpointSecurityModelMap.get(apiProductResource.getApiId());
    EndpointSecurityModel production = endpointSecurityModelMap1.get("production");
    Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
    Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
    Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
    Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
    Assert.assertTrue("Property securevault_alias does not match.", "TestProduct--v1.0.0--api1--vv1--production".equalsIgnoreCase(production.getAlias()));
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) HashMap(java.util.HashMap) VelocityContext(org.apache.velocity.VelocityContext) ArrayList(java.util.ArrayList) EndpointSecurity(org.wso2.carbon.apimgt.api.model.EndpointSecurity) APIProduct(org.wso2.carbon.apimgt.api.model.APIProduct) APIProductIdentifier(org.wso2.carbon.apimgt.api.model.APIProductIdentifier) APIDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIDTO) APIProductResource(org.wso2.carbon.apimgt.api.model.APIProductResource) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Example 3 with SecurityConfigContext

use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointBothType.

@Test
public void testSecurityConfigContextPerEndpointBothType() throws Exception {
    String json = "{\"endpoint_security\":{\n" + "  \"production\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"BASIC\",\n" + "    \"username\":\"admin\",\n" + "    \"password\":\"admin123#QA\"\n" + "  },\n" + "  \"sandbox\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"DIGEST\",\n" + "    \"username\":\"admin\",\n" + "    \"password\":\"admin123\"\n" + "  }\n" + "  }\n" + "}";
    API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
    api.setStatus(APIConstants.CREATED);
    api.setContextTemplate("/");
    api.setTransports(Constants.TRANSPORT_HTTP);
    api.setEndpointConfig(json);
    ConfigContext configcontext = new APIConfigContext(api);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
    EndpointSecurityModel production = endpointSecurityModelMap.get("production");
    Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
    Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
    Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
    Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
    Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--production".equalsIgnoreCase(production.getAlias()));
    EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
    Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
    Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("digest"));
    Assert.assertTrue("Property username does not match.", "admin".equals(sandbox.getUsername()));
    Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123".getBytes())).equalsIgnoreCase(sandbox.getBase64EncodedPassword()));
    Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--sandbox".equalsIgnoreCase(sandbox.getAlias()));
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) VelocityContext(org.apache.velocity.VelocityContext) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) API(org.wso2.carbon.apimgt.api.model.API) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Example 4 with SecurityConfigContext

use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointProductionType.

@Test
public void testSecurityConfigContextPerEndpointProductionType() throws Exception {
    String json = "{\"endpoint_security\":{\n" + "  \"production\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"BASIC\",\n" + "    \"username\":\"admin\",\n" + "    \"password\":\"admin123#QA\"\n" + "  }\n" + "  }\n" + "}";
    API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
    api.setStatus(APIConstants.CREATED);
    api.setContextTemplate("/");
    api.setTransports(Constants.TRANSPORT_HTTP);
    api.setEndpointConfig(json);
    ConfigContext configcontext = new APIConfigContext(api);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
    EndpointSecurityModel production = endpointSecurityModelMap.get("production");
    Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
    Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
    Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
    Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
    Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--production".equalsIgnoreCase(production.getAlias()));
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
    EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
    Assert.assertFalse("Property enabled cannot be true.", sandbox.isEnabled());
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) VelocityContext(org.apache.velocity.VelocityContext) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) API(org.wso2.carbon.apimgt.api.model.API) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Example 5 with SecurityConfigContext

use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextForAPIProductWithOAuth.

@Test
public void testSecurityConfigContextForAPIProductWithOAuth() throws Exception {
    APIProduct apiProduct = new APIProduct(new APIProductIdentifier("admin", "TestProduct", "1.0.0"));
    apiProduct.setUuid(UUID.randomUUID().toString());
    String apiid = UUID.randomUUID().toString();
    List<APIProductResource> apiProductResourceList = new ArrayList<>();
    APIProductResource apiProductResource = new APIProductResource();
    apiProductResource.setApiIdentifier(new APIIdentifier("admin_api1_v1"));
    apiProductResource.setApiId(apiid);
    Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
    EndpointSecurity endpointSecurity = new EndpointSecurity();
    endpointSecurity.setType("oauth");
    endpointSecurity.setClientId("123-456");
    endpointSecurity.setClientSecret("admin123");
    endpointSecurity.setGrantType("client_credentials");
    endpointSecurity.setEnabled(true);
    endpointSecurityMap.put("production", endpointSecurity);
    apiProductResource.setApiId(apiid);
    apiProductResource.setEndpointSecurityMap(endpointSecurityMap);
    apiProductResourceList.add(apiProductResource);
    apiProduct.setProductResources(apiProductResourceList);
    ConfigContext configcontext = new APIConfigContext(apiProduct);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    Map<String, APIDTO> apidtoMap = new HashMap<>();
    apidtoMap.put(apiid, new APIDTO().name("api1").version("v1").provider("admin").id(UUID.randomUUID().toString()));
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, apiProduct, apiManagerConfiguration, apidtoMap);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, Map<String, EndpointSecurityModel>> endpointSecurityModelMap = (Map<String, Map<String, EndpointSecurityModel>>) velocityContext.get("endpoint_security");
    Map<String, EndpointSecurityModel> endpointSecurityModelMap1 = endpointSecurityModelMap.get(apiProductResource.getApiId());
    EndpointSecurityModel production = endpointSecurityModelMap1.get("production");
    Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
    Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("oauth"));
    Assert.assertTrue("Property username does not match.", "123-456".equals(production.getClientId()));
    Assert.assertEquals(production.getClientSecretAlias(), "TestProduct--v1.0.0--api1--vv1--oauth--clientSecret" + "--production");
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) HashMap(java.util.HashMap) VelocityContext(org.apache.velocity.VelocityContext) ArrayList(java.util.ArrayList) EndpointSecurity(org.wso2.carbon.apimgt.api.model.EndpointSecurity) APIProduct(org.wso2.carbon.apimgt.api.model.APIProduct) APIProductIdentifier(org.wso2.carbon.apimgt.api.model.APIProductIdentifier) APIDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIDTO) APIProductResource(org.wso2.carbon.apimgt.api.model.APIProductResource) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Aggregations

VelocityContext (org.apache.velocity.VelocityContext)7 HashMap (java.util.HashMap)6 Map (java.util.Map)6 Test (org.junit.Test)6 APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)6 APIConfigContext (org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext)6 ConfigContext (org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext)6 EndpointSecurityModel (org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel)6 SecurityConfigContext (org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext)6 API (org.wso2.carbon.apimgt.api.model.API)4 ArrayList (java.util.ArrayList)2 APIProduct (org.wso2.carbon.apimgt.api.model.APIProduct)2 APIProductIdentifier (org.wso2.carbon.apimgt.api.model.APIProductIdentifier)2 APIProductResource (org.wso2.carbon.apimgt.api.model.APIProductResource)2 EndpointSecurity (org.wso2.carbon.apimgt.api.model.EndpointSecurity)2 APIDTO (org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIDTO)2 StringWriter (java.io.StringWriter)1 Template (org.apache.velocity.Template)1 VelocityEngine (org.apache.velocity.app.VelocityEngine)1 APITemplateException (org.wso2.carbon.apimgt.impl.template.APITemplateException)1