aboutsummaryrefslogtreecommitdiffstats
path: root/main/src/test/java/org
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-08-23 15:53:55 -0400
committerJim Hahn <jrh3@att.com>2021-08-23 15:55:29 -0400
commit4212017188b2bf7ec741647cf23c536b0c97f15b (patch)
tree935cb86299826ed50eef7d9fa3cfa27ba1e4bfd2 /main/src/test/java/org
parent6ad3dbfeb528f052b9c3c0ad712fac719157e9f0 (diff)
Add filter to control xacml-pdp rest api
Added a filter class for the REST server that only allows "API" services (i.e., decision API services) through when the API is enabled, disallowing them otherwise. The filter always allows PDP-wide services (e.g., "healthcheck"). Per review comments: - modified the new class to "implement Filter" rather than "extends AafFilter" Issue-ID: POLICY-3531 Change-Id: I7055e21045eea270e454a47a443b29476d9a85ee Signed-off-by: Jim Hahn <jrh3@att.com>
Diffstat (limited to 'main/src/test/java/org')
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/CommonRest.java2
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/XacmlStateTest.java4
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/rest/TestAbbreviateDecisionResults.java2
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/rest/TestDecision.java4
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpServiceFilter.java161
-rw-r--r--main/src/test/java/org/onap/policy/pdpx/main/startstop/TestXacmlPdpActivator.java14
6 files changed, 174 insertions, 13 deletions
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/CommonRest.java b/main/src/test/java/org/onap/policy/pdpx/main/CommonRest.java
index 938fe581..422d4336 100644
--- a/main/src/test/java/org/onap/policy/pdpx/main/CommonRest.java
+++ b/main/src/test/java/org/onap/policy/pdpx/main/CommonRest.java
@@ -122,7 +122,7 @@ public class CommonRest {
main = new Main(xacmlPdpConfigParameters);
// start xacml rest controller
- XacmlPdpActivator.getCurrent().startXacmlRestController();
+ XacmlPdpActivator.getCurrent().enableApi();
if (!NetworkUtil.isTcpPortOpen("localhost", port, 20, 1000L)) {
throw new IllegalStateException("server is not listening on port " + port);
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/XacmlStateTest.java b/main/src/test/java/org/onap/policy/pdpx/main/XacmlStateTest.java
index 5ff3d5c7..0b8d1404 100644
--- a/main/src/test/java/org/onap/policy/pdpx/main/XacmlStateTest.java
+++ b/main/src/test/java/org/onap/policy/pdpx/main/XacmlStateTest.java
@@ -130,12 +130,12 @@ public class XacmlStateTest {
req.setState(PdpState.ACTIVE);
status = state.updateInternalState(req);
assertEquals(PdpState.ACTIVE, status.getState());
- verify(act).startXacmlRestController();
+ verify(act).enableApi();
req.setState(PdpState.PASSIVE);
status = state.updateInternalState(req);
assertEquals(PdpState.PASSIVE, status.getState());
- verify(act).stopXacmlRestController();
+ verify(act).disableApi();
}
@Test
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestAbbreviateDecisionResults.java b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestAbbreviateDecisionResults.java
index 8d80b832..3e525e91 100644
--- a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestAbbreviateDecisionResults.java
+++ b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestAbbreviateDecisionResults.java
@@ -135,7 +135,7 @@ public class TestAbbreviateDecisionResults {
// Start the service
//
main = startXacmlPdpService(fileParams);
- XacmlPdpActivator.getCurrent().startXacmlRestController();
+ XacmlPdpActivator.getCurrent().enableApi();
//
// Make sure it is running
//
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestDecision.java b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestDecision.java
index 77e8873f..fb7d7179 100644
--- a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestDecision.java
+++ b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestDecision.java
@@ -124,7 +124,7 @@ public class TestDecision {
// Start the service
//
main = startXacmlPdpService(fileParams);
- XacmlPdpActivator.getCurrent().startXacmlRestController();
+ XacmlPdpActivator.getCurrent().enableApi();
//
// Make sure it is running
//
@@ -260,4 +260,4 @@ public class TestDecision {
LOGGER.error("Failed to copy {} to {}", source, dest);
}
}
-} \ No newline at end of file
+}
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpServiceFilter.java b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpServiceFilter.java
new file mode 100644
index 00000000..9f098f78
--- /dev/null
+++ b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpServiceFilter.java
@@ -0,0 +1,161 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdpx.main.rest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.lenient;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import javax.servlet.FilterChain;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class TestXacmlPdpServiceFilter {
+
+ // pick an arbitrary service
+ private static final String PERM_SVC = XacmlPdpServiceFilter.PERMANENT_SERVICES.iterator().next();
+
+ @Mock
+ private HttpServletRequest request;
+
+ @Mock
+ private HttpServletResponse response;
+
+ private FilterChain filterChain;
+
+ private XacmlPdpServiceFilter filter;
+
+
+ /**
+ * Initializes the fields.
+ */
+ @Before
+ public void setUp() {
+ XacmlPdpServiceFilter.disableApi();
+
+ filterChain = (req, resp) -> {
+ HttpServletResponse resp2 = (HttpServletResponse) resp;
+ resp2.setStatus(HttpServletResponse.SC_OK);
+ };
+
+ filter = new XacmlPdpServiceFilter();
+ }
+
+ @Test
+ public void testDoFilter() throws Exception {
+ XacmlPdpServiceFilter.enableApi();
+ lenient().when(request.getRequestURI()).thenReturn("/other");
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled, but a permanent service is requested.
+ */
+ @Test
+ public void testDoFilter_DisabledPermanentServiceReq() throws Exception {
+ XacmlPdpServiceFilter.disableApi();
+ when(request.getRequestURI()).thenReturn(PERM_SVC);
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled, but a permanent service is requested, with a leading slash.
+ */
+ @Test
+ public void testDoFilter_DisabledPermanentServiceReqLeadingSlash() throws Exception {
+ XacmlPdpServiceFilter.disableApi();
+ when(request.getRequestURI()).thenReturn("/" + PERM_SVC);
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled, but a permanent service is requested, with extra URI prefix.
+ */
+ @Test
+ public void testDoFilter_DisabledPermanentServiceReqExtraUri() throws Exception {
+ XacmlPdpServiceFilter.disableApi();
+ when(request.getRequestURI()).thenReturn("/some/stuff/" + PERM_SVC);
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled, but a permanent service is requested, with extra characters before
+ * the service name.
+ */
+ @Test
+ public void testDoFilter_DisabledPermanentServiceReqExtraChars() throws Exception {
+ XacmlPdpServiceFilter.disableApi();
+ when(request.getRequestURI()).thenReturn("/ExtraStuff" + PERM_SVC);
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_CONFLICT);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled and an API service is requested.
+ */
+ @Test
+ public void testDoFilter_DisabledApiReq() throws Exception {
+ XacmlPdpServiceFilter.disableApi();
+ when(request.getRequestURI()).thenReturn("/other");
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_CONFLICT);
+ }
+
+ /**
+ * Tests doFilter() when the API is disabled and an API service is requested.
+ */
+ @Test
+ public void testDoFilter_EnabledApiReq() throws Exception {
+ XacmlPdpServiceFilter.enableApi();
+ lenient().when(request.getRequestURI()).thenReturn("/other");
+ assertThat(getFilterResponse()).isEqualTo(HttpServletResponse.SC_OK);
+ }
+
+ @Test
+ public void testEnableApi_testDisableApi_testIsApiEnabled() {
+
+ XacmlPdpServiceFilter.enableApi();
+ assertThat(XacmlPdpServiceFilter.isApiEnabled()).isTrue();
+
+ XacmlPdpServiceFilter.disableApi();
+ assertThat(XacmlPdpServiceFilter.isApiEnabled()).isFalse();
+ }
+
+ /**
+ * Invokes doFilter().
+ * @return the response code set by the filter
+ */
+ private int getFilterResponse() throws Exception {
+ filter.doFilter(request, response, filterChain);
+
+ // should only be called once
+ var responseCode = ArgumentCaptor.forClass(Integer.class);
+ verify(response).setStatus(responseCode.capture());
+
+ return responseCode.getValue();
+ }
+}
diff --git a/main/src/test/java/org/onap/policy/pdpx/main/startstop/TestXacmlPdpActivator.java b/main/src/test/java/org/onap/policy/pdpx/main/startstop/TestXacmlPdpActivator.java
index c874761d..ff084047 100644
--- a/main/src/test/java/org/onap/policy/pdpx/main/startstop/TestXacmlPdpActivator.java
+++ b/main/src/test/java/org/onap/policy/pdpx/main/startstop/TestXacmlPdpActivator.java
@@ -1,6 +1,6 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights reserved.
* Modifications Copyright (C) 2019 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -77,21 +77,21 @@ public class TestXacmlPdpActivator extends CommonRest {
@Test
public void testXacmlPdpActivator() throws Exception {
assertFalse(activator.isAlive());
- assertFalse(activator.isXacmlRestControllerAlive());
+ assertFalse(activator.isApiEnabled());
activator.start();
assertTrue(activator.isAlive());
// XacmlPdp starts in PASSIVE state so the rest controller should not be alive
- assertFalse(activator.isXacmlRestControllerAlive());
+ assertFalse(activator.isApiEnabled());
assertTrue(activator.getParameterGroup().isValid());
assertEquals(CommonTestData.PDPX_PARAMETER_GROUP_NAME, activator.getParameterGroup().getName());
assertEquals(CommonTestData.PDPX_GROUP, activator.getParameterGroup().getPdpGroup());
- activator.startXacmlRestController();
- assertTrue(activator.isXacmlRestControllerAlive());
+ activator.enableApi();
+ assertTrue(activator.isApiEnabled());
- activator.stopXacmlRestController();
- assertFalse(activator.isXacmlRestControllerAlive());
+ activator.disableApi();
+ assertFalse(activator.isApiEnabled());
}
@Test