aboutsummaryrefslogtreecommitdiffstats
path: root/dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java')
-rw-r--r--dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java172
1 files changed, 172 insertions, 0 deletions
diff --git a/dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java b/dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java
new file mode 100644
index 0000000..ba11b01
--- /dev/null
+++ b/dmaap-bc/src/test/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilterTest.java
@@ -0,0 +1,172 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dmaap.dbcapi.resources;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import com.sun.security.auth.UserPrincipal;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.dmaap.dbcapi.model.Dmaap;
+import org.onap.dmaap.dbcapi.service.DmaapService;
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
+import org.onap.dmaap.dbcapi.util.PermissionBuilder;
+
+@RunWith(MockitoJUnitRunner.class)
+public class AAFAuthorizationFilterTest {
+
+ @Spy
+ private AAFAuthorizationFilter filter;
+ @Mock
+ private FilterConfig filterConfig;
+ @Mock
+ private HttpServletRequest servletRequest;
+ @Mock
+ private HttpServletResponse servletResponse;
+ @Mock
+ private FilterChain filterChain;
+ @Mock
+ private DmaapConfig dmaapConfig;
+ @Mock
+ private PermissionBuilder permissionBuilder;
+ @Mock
+ private DmaapService dmaapService;
+
+ @Before
+ public void setUp() throws Exception {
+ filter.setPermissionBuilder(permissionBuilder);
+ doReturn(dmaapConfig).when(filter).getConfig();
+ doReturn(dmaapService).when(filter).getDmaapService();
+ }
+
+ @Test
+ public void init_shouldNotInitializePermissionBuilder_whenAAFnotUsed() throws Exception {
+ //given
+ filter.setPermissionBuilder(null);
+ configureAAFUsage(false);
+
+ //when
+ filter.init(filterConfig);
+
+ //then
+ assertNull(filter.getPermissionBuilder());
+ }
+
+ @Test
+ public void init_shouldInitializePermissionBuilder_whenAAFisUsed() throws Exception {
+ //given
+ filter.setPermissionBuilder(null);
+ configureAAFUsage(true);
+ //doReturn(provideEmptyInstance()).when(dmaapService).getDmaap();
+ when(dmaapService.getDmaap()).thenReturn(mock(Dmaap.class));
+
+ //when
+ filter.init(filterConfig);
+
+ //then
+ assertNotNull(permissionBuilder);
+ }
+
+ @Test
+ public void doFilter_shouldSkipAuthorization_whenAAFnotUsed() throws Exception {
+ //given
+ filter.setCadiEnabled(false);
+
+ //when
+ filter.doFilter(servletRequest,servletResponse,filterChain);
+
+ //then
+ verify(filterChain).doFilter(servletRequest,servletResponse);
+ verifyNoMoreInteractions(filterChain);
+ verifyZeroInteractions(permissionBuilder, servletRequest, servletResponse);
+ }
+
+ @Test
+ public void doFilter_shouldPass_whenUserHasPermissionToResourceEndpoint() throws Exception {
+ //given
+ String user = "johnny";
+ String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
+ when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
+ configureServletRequest(permission, user, true);
+ filter.setCadiEnabled(true);
+
+ //when
+ filter.doFilter(servletRequest,servletResponse,filterChain);
+
+ //then
+ verify(filterChain).doFilter(servletRequest,servletResponse);
+ verify(permissionBuilder).updateDmaapInstance();
+ verifyZeroInteractions(servletResponse);
+ }
+
+ @Test
+ public void doFilter_shouldReturnError_whenUserDontHavePermissionToResourceEndpoint() throws Exception {
+ //given
+ String user = "jack";
+ String permission = "org.onap.dmaap-bc.api.topics|mr|GET";
+ when(permissionBuilder.buildPermission(servletRequest)).thenReturn(permission);
+ configureServletRequest(permission, user, false);
+ filter.setCadiEnabled(true);
+
+ String errorMsgJson = "{\"code\":403,\"message\":\"User "+user+" does not have permission "
+ + permission +"\",\"fields\":\"Authorization\",\"2xx\":false}";
+ StringWriter sw = new StringWriter();
+ PrintWriter pw = new PrintWriter(sw);
+ when(servletResponse.getWriter()).thenReturn(pw);
+
+ //when
+ filter.doFilter(servletRequest,servletResponse,filterChain);
+
+ //then
+ verifyZeroInteractions(filterChain);
+ verify(permissionBuilder).updateDmaapInstance();
+ verify(servletResponse).setStatus(403);
+ assertEquals(errorMsgJson, sw.toString());
+ }
+
+ private void configureServletRequest(String permission, String user, boolean isUserInRole) {
+ when(servletRequest.getUserPrincipal()).thenReturn(new UserPrincipal(user));
+ when(servletRequest.isUserInRole(permission)).thenReturn(isUserInRole);
+ }
+
+ private void configureAAFUsage(Boolean isUsed) {
+ doReturn(isUsed.toString()).when(dmaapConfig).getProperty(eq(AAFAuthorizationFilter.CADI_AUTHZ_FLAG), anyString());
+ }
+}