summaryrefslogtreecommitdiffstats
path: root/ONAP-PDP-REST/src/test/java/org/onap
diff options
context:
space:
mode:
authorpa834y <pa834y@att.com>2019-04-04 09:02:48 -0400
committerpa834y <pa834y@att.com>2019-04-05 16:06:57 -0400
commit6d72b847fe202bc1cd6fb3922755be774de0df69 (patch)
tree97a8fd76d296d6788d8dbb0b52b97fbc40d64c3d /ONAP-PDP-REST/src/test/java/org/onap
parentd5f95d08ffd3f2e16b67aadae7007c7a51dfae19 (diff)
Make clientAuth header optional and log request
Change-Id: Ifc44740a71c2b60d5474cd665bbfca94dcc0c9a7 Issue-ID: POLICY-1418 Signed-off-by: pa834y <pa834y@att.com>
Diffstat (limited to 'ONAP-PDP-REST/src/test/java/org/onap')
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java88
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java14
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java36
3 files changed, 38 insertions, 100 deletions
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java
index f08ef038c..dcf7bf69f 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java
@@ -98,20 +98,7 @@ public class PolicyEngineServicesTest {
@Test
public void getConfigAPIFailureTest() throws Exception {
ConfigRequestParameters pep = new ConfigRequestParameters();
- pep.setPolicyName(".*");
- mockMvc.perform(
- post("/getConfig").content(PolicyUtils.objectToJsonString(pep)).contentType(MediaType.APPLICATION_JSON))
- .andExpect(status().is(400));
- // Authorization tests.
- mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, ""))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, ERRORCLIENTVALUE))
- .andExpect(status().isUnauthorized());
+
// Set wrong request.
pep.setPolicyName(null);
pep.setConfigName("test");
@@ -145,13 +132,6 @@ public class PolicyEngineServicesTest {
public void getConfigByPolicyNameTest() throws Exception {
ConfigNameRequest pep = new ConfigNameRequest();
pep.setPolicyName(".*");
- mockMvc.perform(
- post("/getConfig").content(PolicyUtils.objectToJsonString(pep)).contentType(MediaType.APPLICATION_JSON))
- .andExpect(status().is(400));
- // Authorization tests.
- mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, ""))
- .andExpect(status().isUnauthorized());
mockMvc.perform(post("/getConfigByPolicyName").content(PolicyUtils.objectToJsonString(pep)).headers(headers)
.header(UUIDHEADER, UUID.randomUUID()).contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk());
@@ -161,12 +141,7 @@ public class PolicyEngineServicesTest {
public void listConfigTest() throws Exception {
ConfigRequestParameters pep = new ConfigRequestParameters();
pep.setPolicyName(".*");
- mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(400));
- // Authorization tests.
- mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, ""))
- .andExpect(status().isUnauthorized());
+
mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep)).headers(headers)
.header(UUIDHEADER, UUID.randomUUID()).contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk());
@@ -185,7 +160,6 @@ public class PolicyEngineServicesTest {
public void getMetricsTest() throws Exception {
// Failure Tests.
mockMvc.perform(get("/getMetrics")).andExpect(status().isBadRequest());
- mockMvc.perform(get("/getMetrics").header(CLIENTAUTHHEADER, "Basic 123")).andExpect(status().isUnauthorized());
// Service Tests.
mockMvc.perform(get("/getMetrics").headers(headers).header(UUIDHEADER, "123"))
.andExpect(status().isBadRequest());
@@ -195,16 +169,6 @@ public class PolicyEngineServicesTest {
}
@Test
- public void getNotificationAuthFailureTest() throws Exception {
- mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, "").content("test"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, "Basic test123").content("test"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, ERRORCLIENTVALUE).content(" "))
- .andExpect(status().isUnauthorized());
- }
-
- @Test
public void getNotificationTopicFailureTest() throws Exception {
mockMvc.perform(post("/getNotification")).andExpect(status().isBadRequest());
mockMvc.perform(post("/getNotification").headers(headers).content("")).andExpect(status().isBadRequest());
@@ -248,9 +212,7 @@ public class PolicyEngineServicesTest {
pep.setEventAttributes(eventAttributes);
// Failure Tests.
mockMvc.perform(post("/sendEvent")).andExpect(status().isBadRequest());
- mockMvc.perform(post("/sendEvent").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(post("/sendEvent").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "123"))
@@ -277,9 +239,7 @@ public class PolicyEngineServicesTest {
pep.setDecisionAttributes(eventAttributes);
// Failure Tests.
mockMvc.perform(post("/getDecision")).andExpect(status().isBadRequest());
- mockMvc.perform(post("/getDecision").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(post("/getDecision").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "123"))
@@ -303,9 +263,7 @@ public class PolicyEngineServicesTest {
PushPolicyParameters pep = new PushPolicyParameters();
// Failure Tests.
mockMvc.perform(put("/pushPolicy")).andExpect(status().isBadRequest());
- mockMvc.perform(put("/pushPolicy").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(put("/pushPolicy").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, UUID.randomUUID()))
@@ -376,9 +334,7 @@ public class PolicyEngineServicesTest {
DeletePolicyParameters pep = new DeletePolicyParameters();
// Failure Tests.
mockMvc.perform(delete("/deletePolicy")).andExpect(status().isBadRequest());
- mockMvc.perform(delete("/deletePolicy").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(delete("/deletePolicy").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, UUID.randomUUID()))
@@ -517,12 +473,7 @@ public class PolicyEngineServicesTest {
PolicyParameters pep = new PolicyParameters();
// Failure Tests.
mockMvc.perform(put("/createPolicy")).andExpect(status().isBadRequest());
- mockMvc.perform(put("/createPolicy").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(put("/updatePolicy").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
setCreateUpdateImpl();
mockMvc.perform(put("/createPolicy").content(PolicyUtils.objectToJsonString(pep))
@@ -862,12 +813,7 @@ public class PolicyEngineServicesTest {
DictionaryParameters pep = new DictionaryParameters();
// Failure Tests.
mockMvc.perform(put("/createDictionaryItem")).andExpect(status().isBadRequest());
- mockMvc.perform(put("/createDictionaryItem").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(put("/updateDictionaryItem").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(put("/createDictionaryItem").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123"))
@@ -900,9 +846,7 @@ public class PolicyEngineServicesTest {
DictionaryParameters pep = new DictionaryParameters();
// Failure Tests.
mockMvc.perform(post("/getDictionaryItems")).andExpect(status().isBadRequest());
- mockMvc.perform(post("/getDictionaryItems").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(post("/getDictionaryItems").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123"))
@@ -930,12 +874,7 @@ public class PolicyEngineServicesTest {
ConfigPolicyAPIRequest pep = new ConfigPolicyAPIRequest();
// Failure Tests.
mockMvc.perform(put("/createConfig")).andExpect(status().isBadRequest());
- mockMvc.perform(put("/createConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(put("/updateConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(put("/createConfig").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123"))
@@ -963,12 +902,7 @@ public class PolicyEngineServicesTest {
ConfigFirewallPolicyAPIRequest pep = new ConfigFirewallPolicyAPIRequest();
// Failure Tests.
mockMvc.perform(put("/createFirewallConfig")).andExpect(status().isBadRequest());
- mockMvc.perform(put("/createFirewallConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
- mockMvc.perform(put("/updateFirewallConfig").content(PolicyUtils.objectToJsonString(pep))
- .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123"))
- .andExpect(status().isUnauthorized());
+
// Service Tests.
mockMvc.perform(put("/createFirewallConfig").content(PolicyUtils.objectToJsonString(pep))
.contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123"))
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java
index 564187675..0795526fc 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Modifications Copyright (C) 2019 Samsung
* ================================================================================
@@ -22,14 +22,16 @@
package org.onap.policy.pdp.rest.auth.test;
-import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
+import javax.servlet.ServletRequest;
import org.junit.Test;
-import org.onap.policy.pdp.rest.restAuth.AuthenticationService;
+import org.onap.policy.pdp.rest.restauth.AuthenticationService;
public class AuthenticationServiceTest {
- private final String testCred = "testpdp:alpha456";
+ private final String testCred = "python:test";
private final String testCredEncoded = new String(Base64.getEncoder().encode(testCred.getBytes()));
private final String basicCred = "Basic " + testCredEncoded;
@@ -40,9 +42,9 @@ public class AuthenticationServiceTest {
// Set the system property temporarily
String oldProperty = System.getProperty(systemKey);
System.setProperty(systemKey, "xacml.pdp.properties");
+ ServletRequest request = mock(ServletRequest.class);
- AuthenticationService service = new AuthenticationService();
- assertEquals(service.authenticate(basicCred), true);
+ assertTrue(AuthenticationService.checkPermissions(null, basicCred, "getConfig", "DEVL", request));
// Restore the original system property
if (oldProperty != null) {
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java
index 99ecefb80..cd3db8897 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Modifications Copyright (C) 2019 Samsung
* ================================================================================
@@ -25,6 +25,8 @@ package org.onap.policy.pdp.rest.auth.test;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import com.att.research.xacml.util.XACMLProperties;
+import com.mockrunner.mock.web.MockRequestDispatcher;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -32,14 +34,11 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
-import org.onap.policy.pdp.rest.restAuth.PDPAuthenticationFilter;
-import com.att.research.xacml.util.XACMLProperties;
-import com.mockrunner.mock.web.MockRequestDispatcher;
+import org.onap.policy.pdp.rest.restauth.PdpAuthenticationFilter;
public class FilterTest {
-
- private PDPAuthenticationFilter authenticationFilter = new PDPAuthenticationFilter();
- private final String VALIDHEADERVALUE = "Basic dGVzdHBkcDphbHBoYTQ1Ng==";
+ private PdpAuthenticationFilter authenticationFilter = new PdpAuthenticationFilter();
+ private final String VALIDHEADERVALUE = "Basic cHl0aG9uOnRlc3Q=";
@Before
public void setUp() throws Exception {
@@ -103,7 +102,7 @@ public class FilterTest {
FilterChain filterChain = mock(FilterChain.class);
//
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error");
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if unauthorized
verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
@@ -117,7 +116,7 @@ public class FilterTest {
FilterChain filterChain = mock(FilterChain.class);
//
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123");
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if unauthorized
verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
@@ -132,7 +131,7 @@ public class FilterTest {
// New request no environment header check
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if authorized
verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
@@ -141,7 +140,7 @@ public class FilterTest {
//
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if authorized
verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
@@ -158,15 +157,17 @@ public class FilterTest {
//
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL");
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if authorized
verify(httpServletRequest).getRequestDispatcher("/api//getConfig");
// New request no environment header check
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig");
when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if authorized
verify(httpServletRequest).getRequestDispatcher("/api/getConfig");
@@ -175,9 +176,10 @@ public class FilterTest {
// Requests with InValid Environment Header
//
when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig");
- when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher());
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
- when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher());
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST");
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE);
+ when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null);
authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
// verify if unauthorized
verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);