aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pom.xml8
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java3
-rw-r--r--src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java176
-rw-r--r--version.properties2
4 files changed, 184 insertions, 5 deletions
diff --git a/pom.xml b/pom.xml
index d3503969..c95228fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
</parent>
<groupId>org.onap.dcaegen2.collectors.ves</groupId>
<artifactId>VESCollector</artifactId>
- <version>1.3.1-SNAPSHOT</version>
+ <version>1.3.2-SNAPSHOT</version>
<name>dcaegen2-collectors-ves</name>
<description>VESCollector</description>
<properties>
@@ -443,6 +443,12 @@ limitations under the License.
<version>2.17.0</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-test</artifactId>
+ <version>5.1.0.RELEASE</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<repositories>
<repository>
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 864a16d7..8061ec5a 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -23,9 +23,6 @@ import io.vavr.control.Option;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
new file mode 100644
index 00000000..cb4d334c
--- /dev/null
+++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java
@@ -0,0 +1,176 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae.restapi;
+
+import io.vavr.collection.HashMap;
+import io.vavr.collection.Map;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.onap.dcae.ApplicationSettings;
+import org.slf4j.Logger;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.Silent.class)
+public class ApiAuthInterceptionTest {
+ private static final String USERNAME = "Foo";
+ private static final String PASSWORD = "Bar";
+ private static final Map<String, String> CREDENTIALS = HashMap.of(USERNAME, PASSWORD);
+
+ @Mock
+ private Logger log;
+
+ @Mock
+ private ApplicationSettings settings;
+
+ @Mock
+ private HttpServletResponse response;
+
+ @Mock
+ private Object obj;
+
+ @Mock
+ private PrintWriter writer;
+
+ @InjectMocks
+ private ApiAuthInterceptor sut;
+
+
+ private HttpServletRequest createEmptyRequest() {
+ return MockMvcRequestBuilders
+ .post("")
+ .buildRequest(null);
+ }
+
+ private HttpServletRequest createRequestWithAuthorizationHeader() {
+ return SecurityMockMvcRequestPostProcessors
+ .httpBasic(USERNAME, PASSWORD)
+ .postProcessRequest(
+ MockMvcRequestBuilders
+ .post("")
+ .buildRequest(null));
+ }
+
+ @Test
+ public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException {
+ // given
+ final HttpServletRequest request = createEmptyRequest();
+
+ when(settings.authorizationEnabled()).thenReturn(false);
+
+ // when
+ final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+ // then
+ assertTrue(isAuthorized);
+ }
+
+ @Test
+ public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException {
+ // given
+ final HttpServletRequest request = createEmptyRequest();
+
+ when(settings.authorizationEnabled()).thenReturn(true);
+ when(response.getWriter()).thenReturn(writer);
+
+ // when
+ final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+
+ // then
+ assertFalse(isAuthorized);
+
+ verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+ verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+ }
+
+ @Test
+ public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException {
+ // given
+ final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+ when(settings.authorizationEnabled()).thenReturn(true);
+ when(response.getWriter()).thenReturn(writer);
+
+ // when
+ final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+ // then
+ assertFalse(isAuthorized);
+
+ verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+ verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+ }
+
+ @Test
+ public void shouldSucceed() throws IOException {
+ // given
+ final HttpServletRequest request = createRequestWithAuthorizationHeader();
+
+ when(settings.authorizationEnabled()).thenReturn(true);
+ when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+ when(response.getWriter()).thenReturn(writer);
+
+ // when
+ final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+ // then
+ assertTrue(isAuthorized);
+ }
+
+ @Test
+ public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException {
+ // given
+ final HttpServletRequest request =
+ MockMvcRequestBuilders
+ .post("")
+ .header(HttpHeaders.AUTHORIZATION, "FooBar")
+ .buildRequest(null);
+
+ when(settings.authorizationEnabled()).thenReturn(true);
+ when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+ when(response.getWriter()).thenReturn(writer);
+
+ // when
+ final boolean isAuthorized = sut.preHandle(request, response, obj);
+
+ // then
+ assertFalse(isAuthorized);
+
+ verify(response).setStatus(HttpStatus.BAD_REQUEST.value());
+ verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
+ }
+}
diff --git a/version.properties b/version.properties
index fee49286..ef20baaf 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
major=1
minor=3
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT