From 6d72b847fe202bc1cd6fb3922755be774de0df69 Mon Sep 17 00:00:00 2001 From: pa834y Date: Thu, 4 Apr 2019 09:02:48 -0400 Subject: Make clientAuth header optional and log request Change-Id: Ifc44740a71c2b60d5474cd665bbfca94dcc0c9a7 Issue-ID: POLICY-1418 Signed-off-by: pa834y --- .../rest/api/test/PolicyEngineServicesTest.java | 88 +++------------------- .../rest/auth/test/AuthenticationServiceTest.java | 14 ++-- .../onap/policy/pdp/rest/auth/test/FilterTest.java | 36 ++++----- 3 files changed, 38 insertions(+), 100 deletions(-) (limited to 'ONAP-PDP-REST/src/test/java/org/onap') diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java index f08ef038c..dcf7bf69f 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/test/PolicyEngineServicesTest.java @@ -98,20 +98,7 @@ public class PolicyEngineServicesTest { @Test public void getConfigAPIFailureTest() throws Exception { ConfigRequestParameters pep = new ConfigRequestParameters(); - pep.setPolicyName(".*"); - mockMvc.perform( - post("/getConfig").content(PolicyUtils.objectToJsonString(pep)).contentType(MediaType.APPLICATION_JSON)) - .andExpect(status().is(400)); - // Authorization tests. - mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, ERRORCLIENTVALUE)) - .andExpect(status().isUnauthorized()); + // Set wrong request. pep.setPolicyName(null); pep.setConfigName("test"); @@ -145,13 +132,6 @@ public class PolicyEngineServicesTest { public void getConfigByPolicyNameTest() throws Exception { ConfigNameRequest pep = new ConfigNameRequest(); pep.setPolicyName(".*"); - mockMvc.perform( - post("/getConfig").content(PolicyUtils.objectToJsonString(pep)).contentType(MediaType.APPLICATION_JSON)) - .andExpect(status().is(400)); - // Authorization tests. - mockMvc.perform(post("/getConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "")) - .andExpect(status().isUnauthorized()); mockMvc.perform(post("/getConfigByPolicyName").content(PolicyUtils.objectToJsonString(pep)).headers(headers) .header(UUIDHEADER, UUID.randomUUID()).contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isOk()); @@ -161,12 +141,7 @@ public class PolicyEngineServicesTest { public void listConfigTest() throws Exception { ConfigRequestParameters pep = new ConfigRequestParameters(); pep.setPolicyName(".*"); - mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON)).andExpect(status().is(400)); - // Authorization tests. - mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "")) - .andExpect(status().isUnauthorized()); + mockMvc.perform(post("/listConfig").content(PolicyUtils.objectToJsonString(pep)).headers(headers) .header(UUIDHEADER, UUID.randomUUID()).contentType(MediaType.APPLICATION_JSON)) .andExpect(status().isOk()); @@ -185,7 +160,6 @@ public class PolicyEngineServicesTest { public void getMetricsTest() throws Exception { // Failure Tests. mockMvc.perform(get("/getMetrics")).andExpect(status().isBadRequest()); - mockMvc.perform(get("/getMetrics").header(CLIENTAUTHHEADER, "Basic 123")).andExpect(status().isUnauthorized()); // Service Tests. mockMvc.perform(get("/getMetrics").headers(headers).header(UUIDHEADER, "123")) .andExpect(status().isBadRequest()); @@ -194,16 +168,6 @@ public class PolicyEngineServicesTest { mockMvc.perform(get("/getMetrics").headers(headers)).andExpect(status().isBadRequest()); } - @Test - public void getNotificationAuthFailureTest() throws Exception { - mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, "").content("test")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, "Basic test123").content("test")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(post("/getNotification").header(CLIENTAUTHHEADER, ERRORCLIENTVALUE).content(" ")) - .andExpect(status().isUnauthorized()); - } - @Test public void getNotificationTopicFailureTest() throws Exception { mockMvc.perform(post("/getNotification")).andExpect(status().isBadRequest()); @@ -248,9 +212,7 @@ public class PolicyEngineServicesTest { pep.setEventAttributes(eventAttributes); // Failure Tests. mockMvc.perform(post("/sendEvent")).andExpect(status().isBadRequest()); - mockMvc.perform(post("/sendEvent").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(post("/sendEvent").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "123")) @@ -277,9 +239,7 @@ public class PolicyEngineServicesTest { pep.setDecisionAttributes(eventAttributes); // Failure Tests. mockMvc.perform(post("/getDecision")).andExpect(status().isBadRequest()); - mockMvc.perform(post("/getDecision").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(post("/getDecision").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "123")) @@ -303,9 +263,7 @@ public class PolicyEngineServicesTest { PushPolicyParameters pep = new PushPolicyParameters(); // Failure Tests. mockMvc.perform(put("/pushPolicy")).andExpect(status().isBadRequest()); - mockMvc.perform(put("/pushPolicy").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(put("/pushPolicy").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, UUID.randomUUID())) @@ -376,9 +334,7 @@ public class PolicyEngineServicesTest { DeletePolicyParameters pep = new DeletePolicyParameters(); // Failure Tests. mockMvc.perform(delete("/deletePolicy")).andExpect(status().isBadRequest()); - mockMvc.perform(delete("/deletePolicy").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(delete("/deletePolicy").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, UUID.randomUUID())) @@ -517,12 +473,7 @@ public class PolicyEngineServicesTest { PolicyParameters pep = new PolicyParameters(); // Failure Tests. mockMvc.perform(put("/createPolicy")).andExpect(status().isBadRequest()); - mockMvc.perform(put("/createPolicy").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(put("/updatePolicy").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. setCreateUpdateImpl(); mockMvc.perform(put("/createPolicy").content(PolicyUtils.objectToJsonString(pep)) @@ -862,12 +813,7 @@ public class PolicyEngineServicesTest { DictionaryParameters pep = new DictionaryParameters(); // Failure Tests. mockMvc.perform(put("/createDictionaryItem")).andExpect(status().isBadRequest()); - mockMvc.perform(put("/createDictionaryItem").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(put("/updateDictionaryItem").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(put("/createDictionaryItem").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123")) @@ -900,9 +846,7 @@ public class PolicyEngineServicesTest { DictionaryParameters pep = new DictionaryParameters(); // Failure Tests. mockMvc.perform(post("/getDictionaryItems")).andExpect(status().isBadRequest()); - mockMvc.perform(post("/getDictionaryItems").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(post("/getDictionaryItems").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123")) @@ -930,12 +874,7 @@ public class PolicyEngineServicesTest { ConfigPolicyAPIRequest pep = new ConfigPolicyAPIRequest(); // Failure Tests. mockMvc.perform(put("/createConfig")).andExpect(status().isBadRequest()); - mockMvc.perform(put("/createConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(put("/updateConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(put("/createConfig").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123")) @@ -963,12 +902,7 @@ public class PolicyEngineServicesTest { ConfigFirewallPolicyAPIRequest pep = new ConfigFirewallPolicyAPIRequest(); // Failure Tests. mockMvc.perform(put("/createFirewallConfig")).andExpect(status().isBadRequest()); - mockMvc.perform(put("/createFirewallConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); - mockMvc.perform(put("/updateFirewallConfig").content(PolicyUtils.objectToJsonString(pep)) - .contentType(MediaType.APPLICATION_JSON).header(CLIENTAUTHHEADER, "Basic 123")) - .andExpect(status().isUnauthorized()); + // Service Tests. mockMvc.perform(put("/createFirewallConfig").content(PolicyUtils.objectToJsonString(pep)) .contentType(MediaType.APPLICATION_JSON).headers(headers).header(UUIDHEADER, "tes123")) diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java index 564187675..0795526fc 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/AuthenticationServiceTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Modifications Copyright (C) 2019 Samsung * ================================================================================ @@ -22,14 +22,16 @@ package org.onap.policy.pdp.rest.auth.test; -import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.mock; import java.io.UnsupportedEncodingException; import java.util.Base64; +import javax.servlet.ServletRequest; import org.junit.Test; -import org.onap.policy.pdp.rest.restAuth.AuthenticationService; +import org.onap.policy.pdp.rest.restauth.AuthenticationService; public class AuthenticationServiceTest { - private final String testCred = "testpdp:alpha456"; + private final String testCred = "python:test"; private final String testCredEncoded = new String(Base64.getEncoder().encode(testCred.getBytes())); private final String basicCred = "Basic " + testCredEncoded; @@ -40,9 +42,9 @@ public class AuthenticationServiceTest { // Set the system property temporarily String oldProperty = System.getProperty(systemKey); System.setProperty(systemKey, "xacml.pdp.properties"); + ServletRequest request = mock(ServletRequest.class); - AuthenticationService service = new AuthenticationService(); - assertEquals(service.authenticate(basicCred), true); + assertTrue(AuthenticationService.checkPermissions(null, basicCred, "getConfig", "DEVL", request)); // Restore the original system property if (oldProperty != null) { diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java index 99ecefb80..cd3db8897 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/auth/test/FilterTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Modifications Copyright (C) 2019 Samsung * ================================================================================ @@ -25,6 +25,8 @@ package org.onap.policy.pdp.rest.auth.test; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import com.att.research.xacml.util.XACMLProperties; +import com.mockrunner.mock.web.MockRequestDispatcher; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -32,14 +34,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.junit.Before; import org.junit.Test; -import org.onap.policy.pdp.rest.restAuth.PDPAuthenticationFilter; -import com.att.research.xacml.util.XACMLProperties; -import com.mockrunner.mock.web.MockRequestDispatcher; +import org.onap.policy.pdp.rest.restauth.PdpAuthenticationFilter; public class FilterTest { - - private PDPAuthenticationFilter authenticationFilter = new PDPAuthenticationFilter(); - private final String VALIDHEADERVALUE = "Basic dGVzdHBkcDphbHBoYTQ1Ng=="; + private PdpAuthenticationFilter authenticationFilter = new PdpAuthenticationFilter(); + private final String VALIDHEADERVALUE = "Basic cHl0aG9uOnRlc3Q="; @Before public void setUp() throws Exception { @@ -103,7 +102,7 @@ public class FilterTest { FilterChain filterChain = mock(FilterChain.class); // when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig"); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error"); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error"); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if unauthorized verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); @@ -117,7 +116,7 @@ public class FilterTest { FilterChain filterChain = mock(FilterChain.class); // when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig"); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123"); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic test123"); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if unauthorized verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); @@ -132,7 +131,7 @@ public class FilterTest { // New request no environment header check when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig"); when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher()); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if authorized verify(httpServletRequest).getRequestDispatcher("/api/getConfig"); @@ -141,7 +140,7 @@ public class FilterTest { // when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig"); when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher()); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if authorized verify(httpServletRequest).getRequestDispatcher("/api//getConfig"); @@ -158,15 +157,17 @@ public class FilterTest { // when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig"); when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher()); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if authorized verify(httpServletRequest).getRequestDispatcher("/api//getConfig"); // New request no environment header check when(httpServletRequest.getRequestURI()).thenReturn("/pdp/api/getConfig"); when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher()); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if authorized verify(httpServletRequest).getRequestDispatcher("/api/getConfig"); @@ -175,9 +176,10 @@ public class FilterTest { // Requests with InValid Environment Header // when(httpServletRequest.getRequestURI()).thenReturn("/pdp/getConfig"); - when(httpServletRequest.getRequestDispatcher("/api//getConfig")).thenReturn(new MockRequestDispatcher()); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST"); - when(httpServletRequest.getHeader(PDPAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getRequestDispatcher("/api/getConfig")).thenReturn(new MockRequestDispatcher()); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("TEST"); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn(VALIDHEADERVALUE); + when(httpServletRequest.getHeader(PdpAuthenticationFilter.CLIENTAUTH_HEADER)).thenReturn(null); authenticationFilter.doFilter(httpServletRequest, httpServletResponse, filterChain); // verify if unauthorized verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); -- cgit 1.2.3-korg