diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2020-08-17 08:25:48 +0200 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2020-08-17 08:25:48 +0200 |
commit | 72b0cd6f2e8ef130ad97407ae19459c3efb7d16d (patch) | |
tree | 397e5583f0da4e8bb944d8e23dc22c9cdb472dfe /cmso-service | |
parent | 863ca4930336d719ca77a1b1a0a1fc8f07cf57bf (diff) |
Add junits for aaf auth provider
Issue-ID: OPTFRA-776
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Change-Id: Id8928c9953ef236165b81917efd28084239ad3f2
Diffstat (limited to 'cmso-service')
-rwxr-xr-x | cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java | 30 | ||||
-rw-r--r-- | cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java | 119 |
2 files changed, 142 insertions, 7 deletions
diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java index 0a7a69e..079572d 100755 --- a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java +++ b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafAuthProvider.java @@ -1,6 +1,7 @@ /*
* Copyright (c) 2019 AT&T Intellectual Property.
* Modifications Copyright © 2018 IBM.
+ * Modifications Copyright © 2020 Nokia.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,11 +28,12 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
-*/
+ */
package org.onap.optf.cmso.aaf;
import java.util.ArrayList;
+
import org.onap.optf.cmso.SpringProfiles;
import org.onap.optf.cmso.aaf.AafClientCache.AuthorizationResult;
import org.springframework.beans.factory.annotation.Autowired;
@@ -40,7 +42,6 @@ import org.springframework.core.env.Environment; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
@@ -48,6 +49,8 @@ import org.springframework.stereotype.Component; @Profile(SpringProfiles.AAF_AUTHENTICATION)
public class AafAuthProvider implements AuthenticationProvider {
+ public static final Authentication NO_TOKEN_FOR_UNAUTHENTICATED_USER = null;
+ public static final String NO_SESSION_FOR_USER = null;
@Autowired
Environment env;
@@ -58,7 +61,16 @@ public class AafAuthProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
- String sessionId = null;
+ String sessionId = getUserSessionId(authentication);
+ if (isAafAuthenticationActivate() && isUserNotAuthenticated(name, password, sessionId)) {
+ return NO_TOKEN_FOR_UNAUTHENTICATED_USER;
+ }
+ return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
+
+ }
+
+ private String getUserSessionId(Authentication authentication) {
+ String sessionId = NO_SESSION_FOR_USER;
Object details = authentication.getDetails();
if (details instanceof WebAuthenticationDetails) {
WebAuthenticationDetails webAuthDetails = (WebAuthenticationDetails) details;
@@ -66,11 +78,15 @@ public class AafAuthProvider implements AuthenticationProvider { sessionId = webAuthDetails.getRemoteAddress() + ":" + webAuthDetails.getSessionId();
}
}
- if (env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true) && clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated ) {
- return null;
- }
- return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
+ return sessionId;
+ }
+
+ private boolean isAafAuthenticationActivate() {
+ return env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true);
+ }
+ private boolean isUserNotAuthenticated(String name, String password, String sessionId) {
+ return clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated;
}
@Override
diff --git a/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java b/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java new file mode 100644 index 0000000..cb6ca80 --- /dev/null +++ b/cmso-service/src/test/java/org/onap/optf/cmso/aaf/AafAuthProviderTest.java @@ -0,0 +1,119 @@ +/* + * Copyright © 2020 Nokia. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.optf.cmso.aaf; + + +import org.assertj.core.api.Assertions; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; +import org.springframework.core.env.Environment; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.WebAuthenticationDetails; + +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class AafAuthProviderTest { + + public static final String USER_NAME = "someUserName"; + public static final String SESSION_NOT_EXIST = null; + @Mock + Environment env; + + @Mock + AafClientCache clientCache; + + @InjectMocks + AafAuthProvider aafAuthProvider; + + @Mock + private Authentication authentication; + + @Mock + private WebAuthenticationDetails webAuthenticationDetails; + + @Test + public void shouldRejectAuthenticationWhenUserIsUnauthenticated() { + // given + makeAafAuthenticationActive(); + String name = USER_NAME; + String password = "invalidPass"; + mockAuthenticationInstance(name, password, null); + rejectUserAuthentication(name, password); + + // when/then + Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNull(); + } + + @Test + public void shouldAuthenticateUser() { + // given + makeAafAuthenticationActive(); + when(webAuthenticationDetails.getRemoteAddress()).thenReturn("remoteAddress"); + when(webAuthenticationDetails.getSessionId()).thenReturn("123"); + String name = USER_NAME; + String password = "properPassword"; + mockAuthenticationInstance(name, password, webAuthenticationDetails); + acceptUserAuthentication(name, password); + // when/then + Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNotNull(); + } + + @Test + public void shouldSupportUsernamePasswordAuthenticationToken() { + // when/then + Assertions.assertThat(aafAuthProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); + } + + private void makeAafAuthenticationActive() { + when(env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)).thenReturn(true); + } + + private void rejectUserAuthentication(String name, String password) { + when(clientCache.authenticate(name, password, SESSION_NOT_EXIST)).thenReturn(AafClientCache.AuthorizationResult.AuthenticationFailure); + } + + private void acceptUserAuthentication(String name, String password) { + when(clientCache.authenticate(name, password, "remoteAddress:123")).thenReturn(AafClientCache.AuthorizationResult.Authenticated); + } + + private void mockAuthenticationInstance(String name, String password, WebAuthenticationDetails webAuthenticationDetails) { + when(authentication.getName()).thenReturn(name); + when(authentication.getCredentials()).thenReturn(password); + when(authentication.getDetails()).thenReturn(webAuthenticationDetails); + } + + +} |