use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.
the class EventPublisherTest method whenPublishAuthorizationIsTakenIntoAccount.
@Test(expected = AccessDeniedException.class)
public void whenPublishAuthorizationIsTakenIntoAccount() throws Exception {
final EventType et = buildDefaultEventType();
mockSuccessfulValidation(et);
Mockito.doThrow(new AccessDeniedException(null, null)).when(authzValidator).authorizeEventTypeWrite(Mockito.eq(et));
publisher.publish(buildDefaultBatch(1).toString(), et.getName());
}
use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.
the class EventStreamTest method whenAuthorizationChangedStreamClosed.
@Test(timeout = 10000)
public void whenAuthorizationChangedStreamClosed() throws NakadiException, InterruptedException, IOException {
final EventStreamConfig config = EventStreamConfig.builder().withCursors(ImmutableList.of(NakadiCursor.of(TIMELINE, "0", "0"))).withBatchLimit(1).withBatchTimeout(1).withConsumingClient(mock(Client.class)).build();
final EventStream eventStream = new EventStream(emptyConsumer(), mock(OutputStream.class), config, mock(BlacklistService.class), cursorConverter, BYTES_FLUSHED_METER, writerProvider, kpiPublisher, kpiEventType, kpiFrequencyMs);
final AtomicBoolean triggerAuthChange = new AtomicBoolean(false);
final AtomicBoolean accessDeniedTriggered = new AtomicBoolean(false);
final Thread thread = new Thread(() -> {
try {
eventStream.streamEvents(new AtomicBoolean(true), () -> {
if (triggerAuthChange.getAndSet(false)) {
throw new AccessDeniedException(null, null);
}
});
} catch (final AccessDeniedException ex) {
accessDeniedTriggered.set(true);
}
});
thread.start();
Thread.sleep(TimeUnit.SECONDS.toMillis(1));
waitFor(() -> Assert.assertTrue(thread.isAlive()));
// simulation of accessDenied
triggerAuthChange.set(true);
waitFor(() -> Assert.assertFalse(triggerAuthChange.get()), TimeUnit.SECONDS.toMillis(3));
triggerAuthChange.set(true);
waitFor(() -> Assert.assertFalse(thread.isAlive()), TimeUnit.SECONDS.toMillis(3));
assertThat("The thread should be dead now, as we simulated that client closed connection", thread.isAlive(), is(false));
thread.join();
assertThat("Exception caught", accessDeniedTriggered.get());
assertThat("Threre should be only one call to check accessDenied", triggerAuthChange.get());
}
use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.
the class TestUtils method mockAccessDeniedException.
public static AccessDeniedException mockAccessDeniedException() {
final Resource resource = mock(Resource.class);
when(resource.getName()).thenReturn("some-name");
when(resource.getType()).thenReturn("some-type");
return new AccessDeniedException(AuthorizationService.Operation.READ, resource);
}
use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.
the class EventTypeAuthorizationTest method whenDELETENotAuthorized200.
@Test
public void whenDELETENotAuthorized200() throws Exception {
final EventType eventType = EventTypeTestBuilder.builder().build();
final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
doReturn(Optional.of(eventType)).when(eventTypeRepository).findByNameO(any());
doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
deleteEventType(eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.
the class StartingState method onEnter.
@Override
public void onEnter() {
// 1. Check authorization
getContext().registerForAuthorizationUpdates();
try {
getContext().checkAccessAuthorized();
} catch (final AccessDeniedException e) {
switchState(new CleanupState(new NakadiException(e.explain()) {
@Override
protected Response.StatusType getStatus() {
return Response.Status.FORBIDDEN;
}
}));
return;
}
getZk().runLocked(this::initializeStream);
}
Aggregations