diff options
author | IanB <IanB@amdocs.com> | 2019-03-13 11:15:31 +0000 |
---|---|---|
committer | IanB <IanB@amdocs.com> | 2019-03-13 11:30:27 +0000 |
commit | 94f286b3ab4da2d73f9cbdf3849aebb72c0476ea (patch) | |
tree | e3265f0606dcfd179b47bebc6fc9429b5233d8a0 /sidecar/rproxy/src/test | |
parent | 8f1cca674c0430d0d6424778d2a720f2c9f156c7 (diff) |
Enhance RProxy authorization to use request method
Authorization filter now takes into account the
request method. The desired method can now be
added to the authorization file defaulting to
GET if not supplied. The request URI & method
can now be checked against the authorization
configuration along with the needed permissions.
Issue-ID: AAF-786
Change-Id: I25f6f2180ac9d94a30ca5ba1aa349fb424c18d81
Signed-off-by: IanB <IanB@amdocs.com>
Diffstat (limited to 'sidecar/rproxy/src/test')
-rw-r--r-- | sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java b/sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java index e9dd95b..51f4ffc 100644 --- a/sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java +++ b/sidecar/rproxy/src/test/java/org/onap/aaf/cadi/sidecar/rproxy/test/PermissionMatchingTest.java @@ -29,6 +29,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import javax.annotation.Resource; + import org.eclipse.jetty.util.security.Password; import org.junit.Before; import org.junit.Test; @@ -141,6 +142,47 @@ public class PermissionMatchingTest { } @Test + public void testURIPUTMatchSinglePermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/single/permission/required"; + String testResponse = "Response from MockRestService"; + + mockServer + .expect(requestTo(primaryServiceBaseUrl + testUrl)) + .andExpect(method(HttpMethod.PUT)) + .andExpect(header(transactionIdHeaderName, transactionId)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders.put(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId)) + .andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + + } + + + @Test + public void testURIPATCHMatchSinglePermissionMatch() throws Exception { + + String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; + String testUrl = "/single/permission/required"; + String testResponse = "Sorry, the request is not allowed"; + + // Send request to mock server with transaction Id + mockMvc + .perform(MockMvcRequestBuilders.patch(testUrl).accept(MediaType.APPLICATION_JSON).header(transactionIdHeaderName, transactionId)) + .andExpect(status().isForbidden()) + .andExpect(status().reason(testResponse)); + + mockServer.verify(); + + } + + @Test public void testURIMatchMultiplePermissionMatch() throws Exception { String transactionId = "63f88b50-6345-4a61-bc59-3a48cabb60a4"; |