use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.
the class APITemplateBuilderImpl method getConfigStringForPrototypeScriptAPI.
@Override
public String getConfigStringForPrototypeScriptAPI(Environment environment) throws APITemplateException {
StringWriter writer = new StringWriter();
try {
// build the context for template and apply the necessary decorators
ConfigContext configcontext = new APIConfigContext(this.api);
configcontext = new TransportConfigContext(configcontext, api);
configcontext = new ResourceConfigContext(configcontext, api);
configcontext = new EndpointBckConfigContext(configcontext, api);
configcontext = new EndpointConfigContext(configcontext, api);
configcontext = new SecurityConfigContext(configcontext, api);
configcontext = new JwtConfigContext(configcontext);
configcontext = new ResponseCacheConfigContext(configcontext, api);
configcontext = new HandlerConfigContex(configcontext, handlers);
configcontext = new EnvironmentConfigContext(configcontext, environment);
configcontext = new TemplateUtilContext(configcontext);
// @todo: this validation might be better to do when the builder is initialized.
configcontext.validate();
VelocityContext context = configcontext.getContext();
context.internalGetKeys();
/* first, initialize velocity engine */
VelocityEngine velocityengine = new VelocityEngine();
APIUtil.initializeVelocityContext(velocityengine);
velocityengine.setProperty(RuntimeConstants.FILE_RESOURCE_LOADER_PATH, CarbonUtils.getCarbonHome());
initVelocityEngine(velocityengine);
Template t = velocityengine.getTemplate(this.getPrototypeTemplatePath());
t.merge(context, writer);
} catch (Exception e) {
log.error("Velocity Error", e);
throw new APITemplateException("Velocity Error", e);
}
return writer.toString();
}
use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextForAPIProduct.
@Test
public void testSecurityConfigContextForAPIProduct() throws Exception {
APIProduct apiProduct = new APIProduct(new APIProductIdentifier("admin", "TestProduct", "1.0.0"));
apiProduct.setUuid(UUID.randomUUID().toString());
String apiid = UUID.randomUUID().toString();
List<APIProductResource> apiProductResourceList = new ArrayList<>();
APIProductResource apiProductResource = new APIProductResource();
apiProductResource.setApiIdentifier(new APIIdentifier("admin_api1_v1"));
apiProductResource.setApiId(apiid);
Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
EndpointSecurity endpointSecurity = new EndpointSecurity();
endpointSecurity.setType("BASIC");
endpointSecurity.setUsername("admin");
endpointSecurity.setPassword("admin123");
endpointSecurity.setEnabled(true);
endpointSecurityMap.put("production", endpointSecurity);
apiProductResource.setApiId(apiid);
apiProductResource.setEndpointSecurityMap(endpointSecurityMap);
apiProductResourceList.add(apiProductResource);
apiProduct.setProductResources(apiProductResourceList);
ConfigContext configcontext = new APIConfigContext(apiProduct);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
Map<String, APIDTO> apidtoMap = new HashMap<>();
apidtoMap.put(apiid, new APIDTO().name("api1").version("v1").provider("admin"));
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, apiProduct, apiManagerConfiguration, apidtoMap);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, Map<String, EndpointSecurityModel>> endpointSecurityModelMap = (Map<String, Map<String, EndpointSecurityModel>>) velocityContext.get("endpoint_security");
Map<String, EndpointSecurityModel> endpointSecurityModelMap1 = endpointSecurityModelMap.get(apiProductResource.getApiId());
EndpointSecurityModel production = endpointSecurityModelMap1.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestProduct--v1.0.0--api1--vv1--production".equalsIgnoreCase(production.getAlias()));
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointBothType.
@Test
public void testSecurityConfigContextPerEndpointBothType() throws Exception {
String json = "{\"endpoint_security\":{\n" + " \"production\":{\n" + " \"enabled\":true,\n" + " \"type\":\"BASIC\",\n" + " \"username\":\"admin\",\n" + " \"password\":\"admin123#QA\"\n" + " },\n" + " \"sandbox\":{\n" + " \"enabled\":true,\n" + " \"type\":\"DIGEST\",\n" + " \"username\":\"admin\",\n" + " \"password\":\"admin123\"\n" + " }\n" + " }\n" + "}";
API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
api.setStatus(APIConstants.CREATED);
api.setContextTemplate("/");
api.setTransports(Constants.TRANSPORT_HTTP);
api.setEndpointConfig(json);
ConfigContext configcontext = new APIConfigContext(api);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
EndpointSecurityModel production = endpointSecurityModelMap.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--production".equalsIgnoreCase(production.getAlias()));
EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("digest"));
Assert.assertTrue("Property username does not match.", "admin".equals(sandbox.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123".getBytes())).equalsIgnoreCase(sandbox.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--sandbox".equalsIgnoreCase(sandbox.getAlias()));
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointProductionType.
@Test
public void testSecurityConfigContextPerEndpointProductionType() throws Exception {
String json = "{\"endpoint_security\":{\n" + " \"production\":{\n" + " \"enabled\":true,\n" + " \"type\":\"BASIC\",\n" + " \"username\":\"admin\",\n" + " \"password\":\"admin123#QA\"\n" + " }\n" + " }\n" + "}";
API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
api.setStatus(APIConstants.CREATED);
api.setContextTemplate("/");
api.setTransports(Constants.TRANSPORT_HTTP);
api.setEndpointConfig(json);
ConfigContext configcontext = new APIConfigContext(api);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
EndpointSecurityModel production = endpointSecurityModelMap.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--production".equalsIgnoreCase(production.getAlias()));
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
Assert.assertFalse("Property enabled cannot be true.", sandbox.isEnabled());
}
use of org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextForAPIProductWithOAuth.
@Test
public void testSecurityConfigContextForAPIProductWithOAuth() throws Exception {
APIProduct apiProduct = new APIProduct(new APIProductIdentifier("admin", "TestProduct", "1.0.0"));
apiProduct.setUuid(UUID.randomUUID().toString());
String apiid = UUID.randomUUID().toString();
List<APIProductResource> apiProductResourceList = new ArrayList<>();
APIProductResource apiProductResource = new APIProductResource();
apiProductResource.setApiIdentifier(new APIIdentifier("admin_api1_v1"));
apiProductResource.setApiId(apiid);
Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
EndpointSecurity endpointSecurity = new EndpointSecurity();
endpointSecurity.setType("oauth");
endpointSecurity.setClientId("123-456");
endpointSecurity.setClientSecret("admin123");
endpointSecurity.setGrantType("client_credentials");
endpointSecurity.setEnabled(true);
endpointSecurityMap.put("production", endpointSecurity);
apiProductResource.setApiId(apiid);
apiProductResource.setEndpointSecurityMap(endpointSecurityMap);
apiProductResourceList.add(apiProductResource);
apiProduct.setProductResources(apiProductResourceList);
ConfigContext configcontext = new APIConfigContext(apiProduct);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
Map<String, APIDTO> apidtoMap = new HashMap<>();
apidtoMap.put(apiid, new APIDTO().name("api1").version("v1").provider("admin").id(UUID.randomUUID().toString()));
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, apiProduct, apiManagerConfiguration, apidtoMap);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, Map<String, EndpointSecurityModel>> endpointSecurityModelMap = (Map<String, Map<String, EndpointSecurityModel>>) velocityContext.get("endpoint_security");
Map<String, EndpointSecurityModel> endpointSecurityModelMap1 = endpointSecurityModelMap.get(apiProductResource.getApiId());
EndpointSecurityModel production = endpointSecurityModelMap1.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("oauth"));
Assert.assertTrue("Property username does not match.", "123-456".equals(production.getClientId()));
Assert.assertEquals(production.getClientSecretAlias(), "TestProduct--v1.0.0--api1--vv1--oauth--clientSecret" + "--production");
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Aggregations