Example 96 with Property
use of org.wso2.carbon.event.output.adapter.core.Property in project carbon-apimgt by wso2.
the class XMLSchemaValidator method configureSchemaProperties.
/**
* This method binds the properties of the json validator sequence with the XMLConfig object.
*
* @param messageContext This message context contains the request message properties of the relevant
* API which was enabled the XML_Validator message mediation in flow.
* @return XMLConfig contains the xml schema properties need to be validated.
*/
XMLConfig configureSchemaProperties(MessageContext messageContext) {
Object messageProperty;
boolean dtdEnabled = false;
boolean externalEntitiesEnabled = false;
int maxXMLDepth = 0;
int elementCount = 0;
int attributeLength = 0;
int attributeCount = 0;
int entityExpansionLimit = 0;
int childrenPerElement = 0;
messageProperty = messageContext.getProperty(ThreatProtectorConstants.DTD_ENABLED);
if (messageProperty != null) {
dtdEnabled = Boolean.valueOf(messageProperty.toString());
} else {
String message = "XML schema dtdEnabled property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.EXTERNAL_ENTITIES_ENABLED);
if (messageProperty != null) {
externalEntitiesEnabled = Boolean.valueOf(messageProperty.toString());
} else {
String message = "XML schema externalEntitiesEnabled property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ELEMENT_COUNT);
if (messageProperty != null) {
elementCount = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema elementCount property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_LENGTH);
if (messageProperty != null) {
attributeLength = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema maxAttributeLength property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_XML_DEPTH);
if (messageProperty != null) {
maxXMLDepth = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema xmlDepth property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_COUNT);
if (messageProperty != null) {
attributeCount = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema attributeCount property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.ENTITY_EXPANSION_LIMIT);
if (messageProperty != null) {
entityExpansionLimit = Integer.parseInt(messageProperty.toString());
} else {
String message = "XML schema entityExpansionLimit property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
}
messageProperty = messageContext.getProperty(ThreatProtectorConstants.CHILDREN_PER_ELEMENT);
if (messageProperty == null) {
String message = "XML schema childrenElement property value is missing.";
ThreatExceptionHandler.handleException(messageContext, message);
} else {
childrenPerElement = Integer.parseInt(messageProperty.toString());
}
if (log.isDebugEnabled()) {
log.debug(("DTD enable:" + dtdEnabled) + ", " + "External entities: " + externalEntitiesEnabled + ", " + "Element Count:" + elementCount + ", " + "Max AttributeLength:" + attributeLength + ", " + "Max xml Depth:" + maxXMLDepth + ", " + "Attribute count:" + attributeCount + ", " + "Entity Expansion Limit" + attributeCount + ". " + "childrenElement:" + attributeCount);
}
XMLConfig xmlConfig = new XMLConfig();
xmlConfig.setDtdEnabled(dtdEnabled);
xmlConfig.setExternalEntitiesEnabled(externalEntitiesEnabled);
xmlConfig.setMaxDepth(maxXMLDepth);
xmlConfig.setMaxElementCount(elementCount);
xmlConfig.setMaxAttributeCount(attributeCount);
xmlConfig.setMaxAttributeLength(attributeLength);
xmlConfig.setEntityExpansionLimit(entityExpansionLimit);
xmlConfig.setMaxChildrenPerElement(childrenPerElement);
return xmlConfig;
}
Also used :
XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)
Example 97 with Property
use of org.wso2.carbon.event.output.adapter.core.Property in project carbon-apimgt by wso2.
the class PublisherCommonUtils method validateAdditionalProperties.
/**
* To validate the additional properties.
* Validation will be done for the keys of additional properties. Property keys should not contain spaces in it
* and property keys should not conflict with reserved key words.
*
* @param additionalProperties Map<String, String> properties to validate
* @return error message if there is an validation error with additional properties.
*/
public static String validateAdditionalProperties(List<APIInfoAdditionalPropertiesDTO> additionalProperties) {
if (additionalProperties != null) {
for (APIInfoAdditionalPropertiesDTO property : additionalProperties) {
String propertyKey = property.getName();
String propertyValue = property.getValue();
if (propertyKey.contains(" ")) {
return "Property names should not contain space character. Property '" + propertyKey + "' " + "contains space in it.";
}
if (Arrays.asList(APIConstants.API_SEARCH_PREFIXES).contains(propertyKey.toLowerCase())) {
return "Property '" + propertyKey + "' conflicts with the reserved keywords. Reserved keywords " + "are [" + Arrays.toString(APIConstants.API_SEARCH_PREFIXES) + "]";
}
// restricting them to be within 80 and 900.
if (propertyKey.length() > 80) {
return "Property name can have maximum of 80 characters. Property '" + propertyKey + "' + contains " + propertyKey.length() + "characters";
}
if (propertyValue.length() > 900) {
return "Property value can have maximum of 900 characters. Property '" + propertyKey + "' + " + "contains a value with " + propertyValue.length() + "characters";
}
}
}
return "";
}
Also used :
APIInfoAdditionalPropertiesDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIInfoAdditionalPropertiesDTO)
Example 98 with Property
use of org.wso2.carbon.event.output.adapter.core.Property in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextOauth.
@Test
public void testSecurityConfigContextOauth() throws Exception {
String json = "{\"endpoint_security\":{\n" + " \"production\":{\n" + " \"enabled\":true,\n" + " \"type\":\"oauth\",\n" + " \"clientId\":\"123-456\",\n" + " \"clientSecret\":\"admin\",\n" + " \"grantType\":\"client_credentials\"\n" + " },\n" + " \"sandbox\":{\n" + " \"enabled\":true,\n" + " \"type\":\"oauth\",\n" + " \"clientId\":\"123-4567\",\n" + " \"clientSecret\":\"admin\",\n" + " \"grantType\":\"client_credentials\"\n" + " }\n" + " }\n" + "}";
API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
api.setUuid(UUID.randomUUID().toString());
api.setStatus(APIConstants.CREATED);
api.setContextTemplate("/");
api.setTransports(Constants.TRANSPORT_HTTP);
api.setEndpointConfig(json);
ConfigContext configcontext = new APIConfigContext(api);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
EndpointSecurityModel production = endpointSecurityModelMap.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("oauth"));
Assert.assertTrue("Property clientid does not match.", "123-456".equals(production.getClientId()));
Assert.assertEquals(production.getClientSecretAlias(), "TestAPI--v1.0.0--oauth--clientSecret--production");
EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("oauth"));
Assert.assertTrue("Property username does not match.", "123-4567".equals(sandbox.getClientId()));
Assert.assertEquals(sandbox.getClientSecretAlias(), "TestAPI--v1.0.0--oauth--clientSecret--sandbox");
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Also used :
SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext)
VelocityContext(org.apache.velocity.VelocityContext)
EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel)
API(org.wso2.carbon.apimgt.api.model.API)
APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier)
HashMap(java.util.HashMap)
Map(java.util.Map)
APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext)
ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext)
SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext)
APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext)
Test(org.junit.Test)
Example 99 with Property
use of org.wso2.carbon.event.output.adapter.core.Property in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointSandbox.
@Test
public void testSecurityConfigContextPerEndpointSandbox() throws Exception {
String json = "{\"endpoint_security\":{\n" + " \"sandbox\":{\n" + " \"enabled\":true,\n" + " \"type\":\"DIGEST\",\n" + " \"username\":\"admin\",\n" + " \"password\":\"admin123#QA\"\n" + " }\n" + " }\n" + "}";
API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
api.setStatus(APIConstants.CREATED);
api.setContextTemplate("/");
api.setTransports(Constants.TRANSPORT_HTTP);
api.setEndpointConfig(json);
ConfigContext configcontext = new APIConfigContext(api);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("digest"));
Assert.assertTrue("Property username does not match.", "admin".equals(sandbox.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(sandbox.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--sandbox".equalsIgnoreCase(sandbox.getAlias()));
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
EndpointSecurityModel production = endpointSecurityModelMap.get("production");
Assert.assertFalse("Property enabled cannot be true.", production.isEnabled());
}
Also used :
SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext)
VelocityContext(org.apache.velocity.VelocityContext)
EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel)
API(org.wso2.carbon.apimgt.api.model.API)
APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier)
HashMap(java.util.HashMap)
Map(java.util.Map)
APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext)
ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext)
SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext)
APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext)
Test(org.junit.Test)
Example 100 with Property
use of org.wso2.carbon.event.output.adapter.core.Property in project carbon-apimgt by wso2.
the class ThrottleHandlerTest method testHandleRequestForGraphQLSubscriptions.
/**
* This method will test request flow when "isGraphqlSubscriptionRequest" property is set in axis2 message context
* when incoming transport is websocket. This occurs during Graphql Subscription request flow.
*/
@Test
public void testHandleRequestForGraphQLSubscriptions() {
ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, new ThrottleDataHolder(), throttleEvaluator, accessInformation);
Axis2MessageContext messageContext = Mockito.mock(Axis2MessageContext.class);
org.apache.axis2.context.MessageContext axis2MessageContext = Mockito.mock(org.apache.axis2.context.MessageContext.class);
Mockito.when(messageContext.getAxis2MessageContext()).thenReturn(axis2MessageContext);
Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("ws");
Mockito.when(messageContext.getProperty(APIConstants.GRAPHQL_SUBSCRIPTION_REQUEST)).thenReturn(true);
Assert.assertTrue(throttleHandler.handleRequest(messageContext));
Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("wss");
Assert.assertTrue(throttleHandler.handleRequest(messageContext));
// clean up message context
Mockito.when(messageContext.getProperty(APIConstants.GRAPHQL_SUBSCRIPTION_REQUEST)).thenReturn(false);
Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("http");
}
Also used :
ThrottleDataHolder(org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Aggregations
HashMap (java.util.HashMap)42
ArrayList (java.util.ArrayList)32
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)32
Resource (org.wso2.carbon.registry.core.Resource)23
Map (java.util.Map)21
Test (org.junit.Test)21
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)21
DataResponse (org.wso2.carbon.bpmn.rest.model.common.DataResponse)17
API (org.wso2.carbon.apimgt.api.model.API)16
UserStoreException (org.wso2.carbon.user.api.UserStoreException)16
Path (javax.ws.rs.Path)14
Produces (javax.ws.rs.Produces)14
JSONObject (org.json.simple.JSONObject)14
APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)14
List (java.util.List)13
IOException (java.io.IOException)11
QName (javax.xml.namespace.QName)11
APIProductResource (org.wso2.carbon.apimgt.api.model.APIProductResource)11
Properties (java.util.Properties)10
GovernanceException (org.wso2.carbon.governance.api.exception.GovernanceException)10
