aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-fe/src/test
diff options
context:
space:
mode:
authorys9693 <ys9693@att.com>2020-01-19 13:50:02 +0200
committerOfir Sonsino <ofir.sonsino@intl.att.com>2020-01-22 12:33:31 +0000
commit16a9fce0e104a38371a9e5a567ec611ae3fc7f33 (patch)
tree03a2aff3060ddb5bc26a90115805a04becbaffc9 /catalog-fe/src/test
parentaa83a2da4f911c3ac89318b8e9e8403b072942e1 (diff)
Catalog alignment
Issue-ID: SDC-2724 Signed-off-by: ys9693 <ys9693@att.com> Change-Id: I52b4aacb58cbd432ca0e1ff7ff1f7dd52099c6fe
Diffstat (limited to 'catalog-fe/src/test')
-rw-r--r--catalog-fe/src/test/SpecRunner.html17
-rw-r--r--catalog-fe/src/test/jasmine-standalone-2.0.0/SpecRunner.html18
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/GzipFilterTest.java5
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/filters/SecurityFilterTest.java125
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/AuditTest.java16
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTaskTest.java185
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HttpRequestInfoTest.java13
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/ImportMetadataTest.java4
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/MdcDataTest.java4
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/listen/MyObjectMapperProviderTest.java6
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigMgrServletTest.java7
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigServletTest.java25
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeHealthCheckServletTest.java17
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeProxyServletTest.java (renamed from catalog-fe/src/test/java/org/openecomp/sdc/servlets/FeProxyServletTest.java)91
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/HealthCheckServiceTest.java72
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/KibanaServletTest.java93
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PluginStatusBLTest.java163
-rw-r--r--catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PortalServletTest.java (renamed from catalog-fe/src/test/java/org/openecomp/sdc/servlets/PortalServletTest.java)72
-rw-r--r--catalog-fe/src/test/resources/config/ESAPI.properties452
-rw-r--r--catalog-fe/src/test/resources/logback-test.xml2
20 files changed, 1028 insertions, 359 deletions
diff --git a/catalog-fe/src/test/SpecRunner.html b/catalog-fe/src/test/SpecRunner.html
index 19ae8e50ab..d2617c5b5c 100644
--- a/catalog-fe/src/test/SpecRunner.html
+++ b/catalog-fe/src/test/SpecRunner.html
@@ -1,20 +1,3 @@
-<!--
- ~ Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-
<!DOCTYPE HTML>
<html>
<head>
diff --git a/catalog-fe/src/test/jasmine-standalone-2.0.0/SpecRunner.html b/catalog-fe/src/test/jasmine-standalone-2.0.0/SpecRunner.html
index 4d3ff2e791..a0e39f4b0c 100644
--- a/catalog-fe/src/test/jasmine-standalone-2.0.0/SpecRunner.html
+++ b/catalog-fe/src/test/jasmine-standalone-2.0.0/SpecRunner.html
@@ -1,21 +1,3 @@
-<!--
- ~ Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-
-
<!DOCTYPE HTML>
<html>
<head>
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/GzipFilterTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/GzipFilterTest.java
index 95f48a1a61..b291cdac6f 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/GzipFilterTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/GzipFilterTest.java
@@ -20,9 +20,10 @@
package org.openecomp.sdc.fe;
-import javax.servlet.FilterConfig;
-
import org.junit.Test;
+import org.openecomp.sdc.fe.filters.GzipFilter;
+
+import javax.servlet.FilterConfig;
public class GzipFilterTest {
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/filters/SecurityFilterTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/filters/SecurityFilterTest.java
new file mode 100644
index 0000000000..d750e35243
--- /dev/null
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/filters/SecurityFilterTest.java
@@ -0,0 +1,125 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.fe.filters;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class SecurityFilterTest {
+
+ private static final String excludedUrls = "/config,/configmgr,/rest/healthCheck";
+
+ @Mock
+ private HttpServletRequest request;
+ @Mock
+ private FilterChain filterChain;
+ @Mock
+ private FilterConfig filterConfig;
+ @Spy
+ private HttpServletResponse response;
+
+ @InjectMocks
+ private SecurityFilter securityFilter = new SecurityFilter();
+
+ @Before
+ public void setUpClass() throws ServletException{
+ when(filterConfig.getInitParameter(SecurityFilter.FILTER_EXLUDED_URLS_KEY)).thenReturn(excludedUrls);
+ securityFilter.init(filterConfig);
+ }
+
+ @Test
+ public void redirectPortalRequestAsCookieIsNotFound() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/portal");
+ when(request.getCookies()).thenReturn(getCookies(false));
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+ @Test
+ public void redirectFeProxyRequestAsCookiesIsNull() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/feProxy");
+ when(request.getCookies()).thenReturn(null);
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+ @Test
+ public void requestIsNotRedirectedAsItIsFromPortal() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/feProxy");
+ when(request.getCookies()).thenReturn(getCookies(true));
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(0)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+ @Test
+ public void requestIsNotRedirectedAsHcUrlIsExcluded() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/rest/healthCheck");
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(0)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+
+ @Test
+ public void requestIsNotRedirectedAsConfigUrlIsExcluded() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/config");
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(0)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+ @Test
+ public void requestIsNotRedirectedForConfigMngrUrlIsExcluded() throws ServletException, IOException {
+ when(request.getServletPath()).thenReturn("/configmgr");
+ securityFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(0)).sendRedirect(PortalApiProperties.getProperty(SecurityFilter.PORTAL_REDIRECT_URL_KEY));
+ }
+
+
+ private Cookie[] getCookies(boolean isFromPortal) {
+ Cookie[] cookies = new Cookie [1];
+ if (isFromPortal) {
+ cookies[0] = new Cookie(PortalApiProperties.getProperty(SecurityFilter.PORTAL_COOKIE_NAME_KEY), "aaa");
+ }
+ else {
+ cookies[0] = new Cookie("someName", "aaa");
+ }
+ return cookies;
+ }
+}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/AuditTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/AuditTest.java
index 83bcaab871..c65d75bdab 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/AuditTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/AuditTest.java
@@ -20,14 +20,6 @@
package org.openecomp.sdc.fe.impl;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import java.util.HashMap;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
@@ -35,6 +27,14 @@ import org.mockito.junit.MockitoJUnitRunner;
import org.openecomp.sdc.common.api.Constants;
import org.slf4j.Logger;
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
@RunWith(MockitoJUnitRunner.class)
public class AuditTest {
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTaskTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTaskTest.java
new file mode 100644
index 0000000000..362d40cb29
--- /dev/null
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTaskTest.java
@@ -0,0 +1,185 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.fe.impl;
+
+import com.google.common.collect.Lists;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.openecomp.sdc.common.api.Constants;
+import org.openecomp.sdc.common.api.HealthCheckInfo;
+import org.openecomp.sdc.fe.config.Configuration;
+
+import java.util.Collections;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class HealthCheckScheduledTaskTest {
+
+ private static final String PROTOCOL = "http";
+ private static final String HOST = "192.115.113.25";
+ private static final Integer PORT = 8090;
+ private static final String URI = "/healthCheck";
+ private static final String HC_URL = String.format("%s://%s:%s%s", PROTOCOL, HOST, PORT, URI);
+
+ @Mock
+ private Configuration.CatalogFacadeMsConfig catalogFacadeMsConfig;
+ @Mock
+ private Configuration.DcaeConfig dcaeConfig;
+ @Mock
+ private Configuration.OnboardingConfig onboardingConfig;
+ @Mock
+ private Configuration configuration;
+ @Mock
+ private HealthCheckService healthCheckService;
+
+ @InjectMocks
+ private HealthCheckScheduledTask healthCheckScheduledTask;
+
+ @Before
+ public void setUp() {
+ healthCheckScheduledTask = new HealthCheckScheduledTask(healthCheckService);
+ initMocks();
+ }
+
+ @Test
+ public void getOnboardingUrlWhenConfigurationIsNotProvided() {
+ when(configuration.getOnboarding()).thenReturn(null);
+ assertNull(healthCheckScheduledTask.getExternalComponentHcUrl(Constants.HC_COMPONENT_ON_BOARDING));
+ }
+
+ @Test
+ public void getUrlForUnknownComponent() {
+ assertNull(healthCheckScheduledTask.getExternalComponentHcUrl("test"));
+ }
+
+ @Test
+ public void getOnboardingUrlWhenConfigurationIsProvided() {
+ when(configuration.getOnboarding()).thenReturn(onboardingConfig);
+ assertNull(HealthCheckScheduledTask.getOnboardingHcUrl());
+ healthCheckScheduledTask.getExternalComponentHcUrl(Constants.HC_COMPONENT_ON_BOARDING);
+ assertEquals(HC_URL, HealthCheckScheduledTask.getOnboardingHcUrl());
+ }
+
+ @Test
+ public void getCatalogFacadeMsUrlWhenConfigurationIsProvidedAndVerifyThatItIsCalculatedOnlyOnce() {
+ when(configuration.getCatalogFacadeMs()).thenReturn(catalogFacadeMsConfig);
+ assertNull(HealthCheckScheduledTask.getCatalogFacadeMsHcUrl());
+
+ HealthCheckScheduledTask healthCheckScheduledTaskSpy = Mockito.spy(healthCheckScheduledTask);
+
+ healthCheckScheduledTaskSpy.getExternalComponentHcUrl(Constants.HC_COMPONENT_CATALOG_FACADE_MS);
+ assertEquals(HC_URL, HealthCheckScheduledTask.getCatalogFacadeMsHcUrl());
+ //try to run again and verify that assignment is not recalled
+ healthCheckScheduledTaskSpy.getExternalComponentHcUrl(Constants.HC_COMPONENT_CATALOG_FACADE_MS);
+ verify(healthCheckScheduledTaskSpy, times(1)).
+ buildHealthCheckUrl(any(String.class), any(String.class), any(Integer.class), any(String.class));
+ }
+
+ @Test
+ public void getDcaeUrlWhenConfigurationIsProvided() {
+ when(configuration.getDcae()).thenReturn(dcaeConfig);
+ assertNull(HealthCheckScheduledTask.getDcaeHcUrl());
+ healthCheckScheduledTask.getExternalComponentHcUrl(Constants.HC_COMPONENT_DCAE);
+ assertEquals(HC_URL, HealthCheckScheduledTask.getDcaeHcUrl());
+ }
+
+ @Test
+ public void getExcludedComponentListWhenCatalogFacadeMsConfigExists() {
+ when(configuration.getCatalogFacadeMs()).thenReturn(catalogFacadeMsConfig);
+ when(catalogFacadeMsConfig.getPath()).thenReturn("/uicache");
+ when(configuration.getHealthStatusExclude()).thenReturn(Lists.newArrayList("DMAAP", "DCAE"));
+ assertFalse(healthCheckScheduledTask.getExcludedComponentList().contains(Constants.HC_COMPONENT_CATALOG_FACADE_MS));
+ }
+
+ @Test
+ public void getExcludedComponentListWhenCatalogFacadeMsConfigDoesNotExist() {
+ when(configuration.getCatalogFacadeMs()).thenReturn(null);
+ when(configuration.getHealthStatusExclude()).thenReturn(Lists.newArrayList());
+ assertTrue(healthCheckScheduledTask.getExcludedComponentList().contains(Constants.HC_COMPONENT_CATALOG_FACADE_MS));
+ }
+
+ @Test
+ public void getExcludedComponentListWhenCatalogFacadeMsConfigPathIsNotSet() {
+ when(configuration.getCatalogFacadeMs()).thenReturn(catalogFacadeMsConfig);
+ when(catalogFacadeMsConfig.getPath()).thenReturn(null);
+ when(configuration.getHealthStatusExclude()).thenReturn(Lists.newArrayList());
+ assertTrue(healthCheckScheduledTask.getExcludedComponentList().contains(Constants.HC_COMPONENT_CATALOG_FACADE_MS));
+ }
+
+ @Test
+ public void getMergedHCListWhenFeHcIsEmptyAndMainListIsSet() {
+ HealthCheckInfo mainHC = new HealthCheckInfo();
+ mainHC.setComponentsInfo(Collections.emptyList());
+ assertEquals(0, healthCheckScheduledTask.updateSubComponentsInfoOfBeHc(mainHC, Collections.emptyList()).getComponentsInfo().size());
+ }
+
+ @Test
+ public void getMergedHCListWhenFeHcIsEmptyAndMainListIsNotSet() {
+ assertNull(healthCheckScheduledTask.updateSubComponentsInfoOfBeHc(new HealthCheckInfo(), Collections.emptyList()).getComponentsInfo());
+ }
+
+ @Test
+ public void getMergedHCListWhenFeHcListAndMainListAreNotEmpty() {
+ HealthCheckInfo mainHC = new HealthCheckInfo();
+ mainHC.setComponentsInfo(Lists.newArrayList(new HealthCheckInfo()));
+ assertEquals(2, healthCheckScheduledTask.updateSubComponentsInfoOfBeHc(mainHC,
+ Collections.singletonList(new HealthCheckInfo())).getComponentsInfo().size());
+ }
+
+ @Test
+ public void getMergedHCListWhenFeHcListIsNotEmptyAndMainListIsEmpty() {
+ assertEquals(1, healthCheckScheduledTask.updateSubComponentsInfoOfBeHc(new HealthCheckInfo(),
+ Collections.singletonList(new HealthCheckInfo())).getComponentsInfo().size());
+ }
+
+
+ private void initMocks() {
+ when(healthCheckService.getConfig()).thenReturn(configuration);
+
+ when(onboardingConfig.getProtocolFe()).thenReturn(PROTOCOL);
+ when(onboardingConfig.getHostFe()).thenReturn(HOST);
+ when(onboardingConfig.getPortFe()).thenReturn(PORT);
+ when(onboardingConfig.getHealthCheckUriFe()).thenReturn(URI);
+
+ when(dcaeConfig.getProtocol()).thenReturn(PROTOCOL);
+ when(dcaeConfig.getHost()).thenReturn(HOST);
+ when(dcaeConfig.getPort()).thenReturn(PORT);
+ when(dcaeConfig.getHealthCheckUri()).thenReturn(URI);
+
+ when(catalogFacadeMsConfig.getProtocol()).thenReturn(PROTOCOL);
+ when(catalogFacadeMsConfig.getHost()).thenReturn(HOST);
+ when(catalogFacadeMsConfig.getPort()).thenReturn(PORT);
+ when(catalogFacadeMsConfig.getHealthCheckUri()).thenReturn(URI);
+ }
+}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HttpRequestInfoTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HttpRequestInfoTest.java
index bfc45528c4..156e1624c4 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HttpRequestInfoTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/HttpRequestInfoTest.java
@@ -22,12 +22,6 @@
package org.openecomp.sdc.fe.impl;
-import static com.google.code.beanmatchers.BeanMatchers.hasValidGettersAndSetters;
-
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.Test;
@@ -36,6 +30,13 @@ import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.google.code.beanmatchers.BeanMatchers.hasValidGettersAndSetters;
+
@RunWith(MockitoJUnitRunner.class)
public class HttpRequestInfoTest {
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/ImportMetadataTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/ImportMetadataTest.java
index 2fd5b56b18..cb1beda053 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/ImportMetadataTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/ImportMetadataTest.java
@@ -21,12 +21,12 @@
*/
package org.openecomp.sdc.fe.impl;
+import org.junit.Test;
+
import static com.google.code.beanmatchers.BeanMatchers.hasValidGettersAndSetters;
import static org.hamcrest.core.IsEqual.equalTo;
import static org.junit.Assert.assertThat;
-import org.junit.Test;
-
public class ImportMetadataTest {
private static final String CHECKSUM = "CHECKSUM";
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/MdcDataTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/MdcDataTest.java
index d07470668e..a967f46a8e 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/MdcDataTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/impl/MdcDataTest.java
@@ -21,10 +21,10 @@
*/
package org.openecomp.sdc.fe.impl;
-import static org.junit.Assert.assertEquals;
-
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+
public class MdcDataTest {
private static final String INSTANCE_ID = "INSTANCE_ID";
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/listen/MyObjectMapperProviderTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/listen/MyObjectMapperProviderTest.java
index 4a390d3e0c..63e978d807 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/listen/MyObjectMapperProviderTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/listen/MyObjectMapperProviderTest.java
@@ -23,11 +23,11 @@
package org.openecomp.sdc.fe.listen;
import com.fasterxml.jackson.core.JsonProcessingException;
-import java.io.Serializable;
+import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Assert;
import org.junit.Test;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.Serializable;
public class MyObjectMapperProviderTest {
@@ -50,7 +50,7 @@ public class MyObjectMapperProviderTest {
+ "}";
ObjectMapper objectMapper = new MyObjectMapperProvider().getContext(MyObjectMapperProviderTest.class);
- String serialized = objectMapper.writeValueAsString(new AnyModel("Field1"));
+ String serialized = objectMapper.writeValueAsString(new AnyModel("Field1")).replace("\r","");
Assert.assertEquals(serialized, prettyJson);
}
}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigMgrServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigMgrServletTest.java
index 5406863fc0..1030b9315e 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigMgrServletTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigMgrServletTest.java
@@ -19,9 +19,6 @@
*/
package org.openecomp.sdc.fe.servlets;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -34,6 +31,10 @@ import org.openecomp.sdc.common.rest.api.RestConfigurationInfo;
import org.openecomp.sdc.fe.config.Configuration;
import org.openecomp.sdc.fe.config.ConfigurationManager;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
@RunWith(MockitoJUnitRunner.class)
public class ConfigMgrServletTest {
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigServletTest.java
index 29a49bc611..1bc3a06e9a 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigServletTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/ConfigServletTest.java
@@ -39,9 +39,7 @@ import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
@@ -104,19 +102,7 @@ public class ConfigServletTest {
assertEquals(response.getStatus(), HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
- @Test
- public void validateGetPluginOnlineStateReturnsCorrectState() {
-
- final String testPluginName = "testPlugin";
- final String pluginAvailability = "forTesting";
- prepareMocks();
- when(pluginStatusBL.getPluginAvailability(eq(testPluginName))).thenReturn(pluginAvailability);
- Response response = configServlet.getPluginOnlineState(testPluginName,httpServletRequest);
-
- assertEquals(response.getEntity().toString(),pluginAvailability);
- assertEquals(response.getStatus(), HttpStatus.SC_OK);
- }
@Test
public void validateGetPluginOnlineStateResponsesWithServerErrorIfExceptionIsThrown() {
@@ -128,18 +114,7 @@ public class ConfigServletTest {
assertEquals(response.getStatus(), HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
- @Test
- public void validateGetPluginOnlineStateResponsesWithNotFoundIfThereIsNoPlugin() {
-
- final String testPluginName = "testPlugin";
- prepareMocks();
- when(pluginStatusBL.getPluginAvailability(any(String.class))).thenReturn(null);
- Response response = configServlet.getPluginOnlineState(testPluginName, httpServletRequest);
-
- assertEquals(response.getStatus(), HttpStatus.SC_NOT_FOUND);
- assertTrue(response.getEntity().toString().contains(testPluginName));
- }
private void prepareMocks() {
when(httpServletRequest.getSession()).thenReturn(httpSession);
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeHealthCheckServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeHealthCheckServletTest.java
index 78fe42ff8c..616e658d3e 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeHealthCheckServletTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeHealthCheckServletTest.java
@@ -20,20 +20,21 @@
package org.openecomp.sdc.fe.servlets;
-import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.when;
-import static org.openecomp.sdc.common.api.Constants.HEALTH_CHECK_SERVICE_ATTR;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.openecomp.sdc.fe.impl.HealthCheckService;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Response;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.when;
+import static org.openecomp.sdc.common.api.Constants.HEALTH_CHECK_SERVICE_ATTR;
@RunWith(MockitoJUnitRunner.class)
public class FeHealthCheckServletTest {
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/servlets/FeProxyServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeProxyServletTest.java
index 4915936b1d..36f218a391 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/servlets/FeProxyServletTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/FeProxyServletTest.java
@@ -18,10 +18,11 @@
* ============LICENSE_END=========================================================
*/
-package org.openecomp.sdc.servlets;
+package org.openecomp.sdc.fe.servlets;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.http.HttpFields;
+import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
@@ -29,16 +30,17 @@ import org.openecomp.sdc.common.api.Constants;
import org.openecomp.sdc.fe.config.Configuration;
import org.openecomp.sdc.fe.config.ConfigurationManager;
import org.openecomp.sdc.fe.config.PluginsConfiguration;
-import org.openecomp.sdc.fe.servlets.FeProxyServlet;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
@@ -57,6 +59,7 @@ public class FeProxyServletTest {
final static ConfigurationManager configurationManager = Mockito.mock(ConfigurationManager.class);
final static Configuration configuration = Mockito.mock(Configuration.class);
final static Configuration.OnboardingConfig onboardingConfiguration = Mockito.mock(Configuration.OnboardingConfig.class);
+ private final static Configuration.CatalogFacadeMsConfig catalogFacadeMsConfig = Mockito.mock(Configuration.CatalogFacadeMsConfig.class);
final static Request proxyRequest = Mockito.spy(Request.class);
final static HttpFields httpFields = Mockito.mock(HttpFields.class);
private static final PluginsConfiguration pluginsConfiguration = Mockito.mock(PluginsConfiguration.class);
@@ -78,6 +81,12 @@ public class FeProxyServletTest {
final static String HEADER_2_VAL = "Header2_Val";
final static String HEADER_3_VAL = "Header3_Val";
final static String REQUEST_ID_VAL = "4867495a-5ed7-49e4-8be2-cc8d66fdd52b";
+ private final static String msProtocol = "http";
+ private final static String msHealth = "/healthCheck";
+ private final static String msHost = "localhost";
+ private final static Integer msPort = 8080;
+ private final static String msPath = "/uicache";
+ private final static String msUrl = String.format("%s://%s:%s", msProtocol, msHost, msPort);
@BeforeClass
public static void beforeClass() {
@@ -93,7 +102,7 @@ public class FeProxyServletTest {
when(configuration.getOnboarding().getHostBe()).thenReturn(ONBOARDING_BE_HOST);
when(configuration.getOnboarding().getPortBe()).thenReturn(ONBOARDING_BE_PORT);
- List<String> strList = new ArrayList<String>();
+ List<String> strList = new ArrayList<>();
strList.add(HEADER_1);
strList.add(HEADER_2);
strList.add(HEADER_3);
@@ -112,13 +121,19 @@ public class FeProxyServletTest {
List<PluginsConfiguration.Plugin> pluginList = new ArrayList<PluginsConfiguration.Plugin>();
when(plugin.getPluginId()).thenReturn("WORKFLOW");
when(plugin.getPluginSourceUrl()).thenReturn(WF_PROTOCOL + "://" + WF_HOST + ":" + WF_PORT);
- when(plugin.getPluginDiscoveryUrl()).thenReturn(WF_PROTOCOL + "://" + WF_HOST + ":" + WF_PORT + "/workflows");
+ when(plugin.getPluginDiscoveryUrl()).thenReturn(WF_PROTOCOL + "://" + WF_HOST + ":" + WF_PORT);
pluginList.add(plugin);
when(configurationManager.getPluginsConfiguration()).thenReturn(pluginsConfiguration);
when(pluginsConfiguration.getPluginsList()).thenReturn(pluginList);
}
+ @Before
+ public void setUp() {
+ when(configuration.getCatalogFacadeMs()).thenReturn(catalogFacadeMsConfig);
+ when(servletRequest.getQueryString()).thenReturn(null);
+ when(catalogFacadeMsConfig.getPath()).thenReturn(null);
+ }
@Test
public void testRewriteURI_APIRequest() {
when(servletRequest.getRequestURI()).thenReturn("/sdc1/feProxy/rest/dummyBeAPI");
@@ -180,11 +195,13 @@ public class FeProxyServletTest {
assertTrue(rewriteURI.equals(expectedChangedUrl));
}
+
+
@Test
public void testRewriteURIWithWFAPIRequest() {
when(servletRequest.getRequestURI()).thenReturn("/sdc1/feProxy/wf/workflows");
String requestResourceUrl = "http://localhost:8080/sdc1/feProxy/wf/workflows";
- String expectedChangedUrl = WF_PROTOCOL + "://" + WF_HOST + ":" + WF_PORT + "/workflows/wf/workflows";
+ String expectedChangedUrl = WF_PROTOCOL + "://" + WF_HOST + ":" + WF_PORT + "/wf/workflows";
when(servletRequest.getRequestURL()).thenReturn(new StringBuffer(requestResourceUrl));
when(servletRequest.getContextPath()).thenReturn("/sdc1");
@@ -195,14 +212,70 @@ public class FeProxyServletTest {
assertEquals(expectedChangedUrl, rewriteURI);
}
- /**
- * class for testing only exposes the protected method.
- */
- public static class FeProxyServletForTest extends FeProxyServlet{
+ @Test
+ public void testRedirectToMSWhenMsUrlExists() throws MalformedURLException {
+ final String urlParams = "x=1&y=2&z=3";
+ final String url = "http//test.com:8080/uicache/v1/catalog";
+ setUpConfigMocks();
+ when(servletRequest.getRequestURL()).thenReturn(new StringBuffer(url));
+ when(servletRequest.getQueryString()).thenReturn(urlParams);
+ assertTrue(feProxy.isMsRequest(url + urlParams));
+ assertEquals(msUrl + "/uicache/v1/catalog?" + urlParams,
+ feProxy.redirectMsRequestToMservice(servletRequest, configuration));
+ }
+
+ @Test
+ public void testRedirectToMSWhenMsUrlExistsWithoutParams() throws MalformedURLException {
+ final String uri = "/uicache/v1/home";
+ final String url = String.format("http//test.com:8080%s", uri);
+ setUpConfigMocks();
+ when(servletRequest.getRequestURL()).thenReturn(new StringBuffer(url));
+ when(servletRequest.getRequestURI()).thenReturn(uri);
+ assertTrue(feProxy.isMsRequest(url));
+ assertEquals(msUrl + "/uicache/v1/home", feProxy.redirectMsRequestToMservice(servletRequest, configuration));
+ }
+ @Test
+ public void testRedirectToBeOnToggleOff() throws MalformedURLException {
+ final String uri = "/uicache/v1/catalog";
+ final String url = String.format("http//test.com:8080%s", uri);
+ when(catalogFacadeMsConfig.getPath()).thenReturn(null);
+
+ when(servletRequest.getRequestURL()).thenReturn(new StringBuffer(url));
+ when(servletRequest.getRequestURI()).thenReturn(uri);
+ assertTrue(feProxy.isMsRequest(url));
+ String expectedUrl = String.format("%s://%s:%s/rest/v1/screen?excludeTypes=VFCMT&excludeTypes=Configuration",
+ BE_PROTOCOL, BE_HOST, BE_PORT);
+ assertEquals(expectedUrl, feProxy.redirectMsRequestToMservice(servletRequest, configuration));
+ }
+ @Test(expected = StringIndexOutOfBoundsException.class)
+ public void testRedirectToMSWhenMsUrlExistsButItIsNotCatalogRequest() throws MalformedURLException {
+ final String url = "http//test.com:8080/rest/v1/sc";
+ final String urlParams = "x=1&y=2&z=3";
+ setUpConfigMocks();
+ when(servletRequest.getRequestURL()).thenReturn(new StringBuffer(url));
+ when(servletRequest.getQueryString()).thenReturn(urlParams);
+ assertFalse(feProxy.isMsRequest(url));
+ feProxy.redirectMsRequestToMservice(servletRequest, configuration);
+ }
+ private void setUpConfigMocks() {
+ when(catalogFacadeMsConfig.getPath()).thenReturn(msPath);
+ when(catalogFacadeMsConfig.getProtocol()).thenReturn(msProtocol);
+ when(catalogFacadeMsConfig.getHost()).thenReturn(msHost);
+ when(catalogFacadeMsConfig.getPort()).thenReturn(msPort);
+ when(catalogFacadeMsConfig.getHealthCheckUri()).thenReturn(msHealth);
+ }
+
+ /* class for testing only exposes the protected method.*/
+ public static class FeProxyServletForTest extends FeProxyServlet{
+ private static final long serialVersionUID = 1L;
@Override
public String rewriteTarget(HttpServletRequest request) {
return super.rewriteTarget(request);
}
+ @Override
+ boolean isMsRequest(String currentUrl) {
+ return super.isMsRequest(currentUrl);
+ }
}
}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/HealthCheckServiceTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/HealthCheckServiceTest.java
deleted file mode 100644
index 31b3c90741..0000000000
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/HealthCheckServiceTest.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2019 Samsung. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.openecomp.sdc.fe.servlets;
-
-import static org.junit.Assert.assertEquals;
-
-import javax.servlet.ServletContext;
-import javax.ws.rs.core.Response;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-
-@RunWith(MockitoJUnitRunner.class)
-public class HealthCheckServiceTest {
-
-
- @Mock
- private ServletContext context;
-
- private final HealthCheckService healthCheckService = new HealthCheckService(context);
- private final Response response = Response.status(500).entity("{}").build();
-
-
- @Test
- public void testGetFeHealth() {
- //given
- Response feHealth = healthCheckService.getFeHealth();
-
- //then
- assertEquals(response.getEntity(), feHealth.getEntity());
- assertEquals(response.getStatus(), feHealth.getStatus());
- }
-
- @Test
- public void testGetLastHealthStatus() {
- //given
- HealthCheckService.HealthStatus healthStatus = healthCheckService.getLastHealthStatus();
-
- //then
- assertEquals(response.getEntity(), healthStatus.getBody());
- assertEquals(response.getStatus(), healthStatus.getStatusCode());
- }
-
- @Test
- public void testGetTask () {
- //given
- HealthCheckService.HealthCheckScheduledTask healthCheckScheduledTask = healthCheckService.getTask();
- HealthCheckService.HealthStatus healthStatus = healthCheckScheduledTask.checkHealth();
-
- //then
- assertEquals(response.getStatus(),healthStatus.getStatusCode());
- }
-}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/KibanaServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/KibanaServletTest.java
deleted file mode 100644
index f946891aa9..0000000000
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/KibanaServletTest.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2019 Samsung. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.openecomp.sdc.fe.servlets;
-
-import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.when;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-import org.openecomp.sdc.common.api.Constants;
-import org.openecomp.sdc.fe.config.Configuration;
-import org.openecomp.sdc.fe.config.ConfigurationManager;
-
-@RunWith(MockitoJUnitRunner.class)
-public class KibanaServletTest {
-
- private static final int KIBANA_PORT = 9898;
- private static final String CONTEXT_PATH = "/context";
- private static final String SERVLET_PATH = "/sdc1/kibanaProxy";
- private static final String PATH_INFO = "/info";
- private static final String QUERY_STRING = "query=projectR";
- private static final String REQUEST_URI = "uri";
- private static final String KIBANA_PROTOCOL = "kbn";
- private static final String KIBANA_HOST = "kibana.com";
- private static final String EXPECTED = "kbn://kibana.com:9898/context/info?query=projectR";
-
- private final KibanaServlet kibanaServlet = new KibanaServlet();
-
- @Mock
- private Configuration configuration;
-
- @Mock
- private ConfigurationManager manager;
-
- @Mock
- private ServletContext context;
-
- @Mock
- private HttpSession session;
-
- @Mock
- private HttpServletRequest request;
-
- @Test
- public void testRewriteTarget() {
- // given
- when(manager.getConfiguration()).thenReturn(configuration);
- when(context.getAttribute(eq(Constants.CONFIGURATION_MANAGER_ATTR))).thenReturn(manager);
- when(session.getServletContext()).thenReturn(context);
- when(request.getSession()).thenReturn(session);
-
- when(request.getContextPath()).thenReturn(CONTEXT_PATH);
- when(request.getServletPath()).thenReturn(SERVLET_PATH);
- when(request.getPathInfo()).thenReturn(PATH_INFO);
- when(request.getQueryString()).thenReturn(QUERY_STRING);
- when(request.getRequestURI()).thenReturn(REQUEST_URI);
-
- when(configuration.getKibanaProtocol()).thenReturn(KIBANA_PROTOCOL);
- when(configuration.getKibanaHost()).thenReturn(KIBANA_HOST);
- when(configuration.getKibanaPort()).thenReturn(KIBANA_PORT);
-
- // when
- final String url = kibanaServlet.rewriteTarget(request);
-
- // then
- assertEquals(EXPECTED, url);
- }
-}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PluginStatusBLTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PluginStatusBLTest.java
index 8bf4e478b4..f435e2d80e 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PluginStatusBLTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PluginStatusBLTest.java
@@ -41,90 +41,89 @@ import java.util.ArrayList;
import java.util.List;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
public class PluginStatusBLTest {
- final static CloseableHttpClient httpClient = Mockito.mock(CloseableHttpClient.class);
- PluginStatusBL pluginStatusBL = new PluginStatusBL(httpClient);
- private static Gson gson = new GsonBuilder().setPrettyPrinting().create();
-
- final static ConfigurationManager configurationManager = Mockito.mock(ConfigurationManager.class);
- final static PluginsConfiguration pluginsConfiguration = Mockito.mock(PluginsConfiguration.class);
- final static Plugin offlinePlugin = new Plugin();
- final static Plugin onlinePlugin = new Plugin();
- final static CloseableHttpResponse httpResponse = Mockito.mock(CloseableHttpResponse.class);
- final static StatusLine statusLine = Mockito.mock(StatusLine.class);
- static List<Plugin> testPluginsList = new ArrayList<>();
- static List<Plugin> assertPluginList = new ArrayList<>();
-
- final static String offlinePluginsDisplayName = "offlinePlugin";
- final static String offlinePluginDiscoveryPath = "http://192.168.10.1:1000/offline";
-
- final static String onlinePluginDisplayName = "onlinePlugin";
- final static String onlinePluginDiscoveryPath = "http://192.168.10.1:2000/online";
-
- @BeforeClass
- public static void beforeClass() {
- ConfigurationManager.setTestInstance(configurationManager);
- when(configurationManager.getPluginsConfiguration()).thenReturn(pluginsConfiguration);
-
- offlinePlugin.setPluginId(offlinePluginsDisplayName);
- offlinePlugin.setPluginDiscoveryUrl(offlinePluginDiscoveryPath);
-
- onlinePlugin.setPluginId(onlinePluginDisplayName);
- onlinePlugin.setPluginDiscoveryUrl(onlinePluginDiscoveryPath);
- }
-
- @Before
- public void beforeTest() {
- testPluginsList = new ArrayList<>();
- assertPluginList = new ArrayList<>();
- }
-
- @Test
- public void TestPluginsConfigurationListReturnsWithWantedPlugins() {
- testPluginsList.add(offlinePlugin);
- testPluginsList.add(onlinePlugin);
- when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
-
- assertPluginList.add(offlinePlugin);
- assertPluginList.add(onlinePlugin);
-
- String result = gson.toJson(assertPluginList);
- String actualResult = pluginStatusBL.getPluginsList();
-
- assertEquals(actualResult, result);
- }
-
- @Test
- public void TestGetPluginAvailabilityShouldReturnFalseWhenPluginIsOffline() throws ClientProtocolException, IOException {
- testPluginsList.add(offlinePlugin);
- when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
-
- when(statusLine.getStatusCode()).thenReturn(404);
- when(httpResponse.getStatusLine()).thenReturn(statusLine);
- when(httpClient.execute(Mockito.any(HttpHead.class))).thenReturn(httpResponse);
-
- String result = gson.toJson(false);
- String actualResult = pluginStatusBL.getPluginAvailability(offlinePlugin.getPluginId());
-
- assertEquals(actualResult, result);
- }
-
- @Test
- public void TestOnlinePluginBeingReturnedWithIsOnlineValueTrue() throws ClientProtocolException, IOException {
- testPluginsList.add(onlinePlugin);
- when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
-
- when(statusLine.getStatusCode()).thenReturn(200);
- when(httpResponse.getStatusLine()).thenReturn(statusLine);
- when(httpClient.execute(Mockito.any())).thenReturn(httpResponse);
-
- String result = gson.toJson(true);
- String actualResult = pluginStatusBL.getPluginAvailability(onlinePlugin.getPluginId());
-
- assertEquals(actualResult, result);
- }
+ final static CloseableHttpClient httpClient = Mockito.mock(CloseableHttpClient.class);
+ PluginStatusBL pluginStatusBL = new PluginStatusBL(httpClient);
+ private static Gson gson = new GsonBuilder().setPrettyPrinting().create();
+
+ final static ConfigurationManager configurationManager = Mockito.mock(ConfigurationManager.class);
+ final static PluginsConfiguration pluginsConfiguration = Mockito.mock(PluginsConfiguration.class);
+ final static Plugin offlinePlugin = new Plugin();
+ final static Plugin onlinePlugin = new Plugin();
+ final static CloseableHttpResponse httpResponse = Mockito.mock(CloseableHttpResponse.class);
+ final static StatusLine statusLine = Mockito.mock(StatusLine.class);
+ static List<Plugin> testPluginsList = new ArrayList<>();
+ static List<Plugin> assertPluginList = new ArrayList<>();
+
+ final static String offlinePluginsDisplayName = "offlinePlugin";
+ final static String offlinePluginDiscoveryPath = "http://192.168.10.1:1000/offline";
+
+ final static String onlinePluginDisplayName = "onlinePlugin";
+ final static String onlinePluginDiscoveryPath = "http://192.168.10.1:2000/online";
+
+ @BeforeClass
+ public static void beforeClass() {
+ ConfigurationManager.setTestInstance(configurationManager);
+ when(configurationManager.getPluginsConfiguration()).thenReturn(pluginsConfiguration);
+
+ offlinePlugin.setPluginId(offlinePluginsDisplayName);
+ offlinePlugin.setPluginDiscoveryUrl(offlinePluginDiscoveryPath);
+
+ onlinePlugin.setPluginId(onlinePluginDisplayName);
+ onlinePlugin.setPluginDiscoveryUrl(onlinePluginDiscoveryPath);
+ }
+
+ @Before
+ public void beforeTest() {
+ testPluginsList = new ArrayList<>();
+ assertPluginList = new ArrayList<>();
+ }
+
+ @Test
+ public void TestPluginsConfigurationListReturnsWithWantedPlugins() {
+ testPluginsList.add(offlinePlugin);
+ testPluginsList.add(onlinePlugin);
+ when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
+
+ assertPluginList.add(offlinePlugin);
+ assertPluginList.add(onlinePlugin);
+
+ String result = gson.toJson(assertPluginList);
+ String actualResult = pluginStatusBL.getPluginsList();
+
+ assertEquals(actualResult, result);
+ }
+
+ @Test
+ public void TestGetPluginAvailabilityShouldReturnFalseWhenPluginIsOffline() throws ClientProtocolException, IOException {
+ testPluginsList.add(offlinePlugin);
+ when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
+
+ when(statusLine.getStatusCode()).thenReturn(404);
+ when(httpResponse.getStatusLine()).thenReturn(statusLine);
+ when(httpClient.execute(Mockito.any(HttpHead.class))).thenReturn(httpResponse);
+
+ String result = gson.toJson(false);
+ String actualResult = pluginStatusBL.getPluginAvailability(offlinePlugin.getPluginId());
+
+ assertEquals(actualResult, result);
+ }
+
+ @Test
+ public void TestOnlinePluginBeingReturnedWithIsOnlineValueTrue() throws ClientProtocolException, IOException {
+ testPluginsList.add(onlinePlugin);
+ when(pluginsConfiguration.getPluginsList()).thenReturn(testPluginsList);
+
+ when(statusLine.getStatusCode()).thenReturn(200);
+ when(httpResponse.getStatusLine()).thenReturn(statusLine);
+ when(httpClient.execute(Mockito.any())).thenReturn(httpResponse);
+
+ String result = gson.toJson(true);
+ String actualResult = pluginStatusBL.getPluginAvailability(onlinePlugin.getPluginId());
+
+ assertEquals(actualResult, result);
+ }
}
diff --git a/catalog-fe/src/test/java/org/openecomp/sdc/servlets/PortalServletTest.java b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PortalServletTest.java
index 72d279d3e5..fccb41bc99 100644
--- a/catalog-fe/src/test/java/org/openecomp/sdc/servlets/PortalServletTest.java
+++ b/catalog-fe/src/test/java/org/openecomp/sdc/fe/servlets/PortalServletTest.java
@@ -18,21 +18,27 @@
* ============LICENSE_END=========================================================
*/
-package org.openecomp.sdc.servlets;
+package org.openecomp.sdc.fe.servlets;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
+import org.junit.After;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.stubbing.Answer;
+import org.onap.sdc.security.CipherUtil;
import org.openecomp.sdc.common.api.Constants;
import org.openecomp.sdc.fe.config.Configuration;
import org.openecomp.sdc.fe.config.ConfigurationManager;
-import org.openecomp.sdc.fe.servlets.PortalServlet;
-import javax.servlet.*;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -42,7 +48,12 @@ import java.util.ArrayList;
import java.util.List;
import static org.glassfish.jersey.test.TestProperties.CONTAINER_PORT;
-import static org.mockito.Mockito.*;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
public class PortalServletTest extends JerseyTest {
@@ -53,6 +64,8 @@ public class PortalServletTest extends JerseyTest {
private final static Configuration configuration = Mockito.mock(Configuration.class);
private final static HttpServletResponse response = Mockito.spy(HttpServletResponse.class);
private final static RequestDispatcher rd = Mockito.spy(RequestDispatcher.class);
+ private static CipherUtil cipherUtil = Mockito.mock(CipherUtil.class);
+ final static Configuration.CookieConfig cookieConfiguration = Mockito.mock(Configuration.CookieConfig.class);
@SuppressWarnings("serial")
@BeforeClass
@@ -62,6 +75,7 @@ public class PortalServletTest extends JerseyTest {
when(httpSession.getServletContext()).thenReturn(servletContext);
when(servletContext.getAttribute(Constants.CONFIGURATION_MANAGER_ATTR)).thenReturn(configurationManager);
when(configurationManager.getConfiguration()).thenReturn(configuration);
+ when(configuration.getAuthCookie()).thenReturn(cookieConfiguration);
List<List<String>> mandatoryHeaders = new ArrayList<>();
mandatoryHeaders.add(new ArrayList<String>() {
{
@@ -113,25 +127,58 @@ public class PortalServletTest extends JerseyTest {
}
+ @After
+ public void tearDown() {
+ Mockito.reset(response, rd);
+ }
+
@Test
public void testMissingHeadersRequest() throws IOException {
when(request.getHeader(Mockito.anyString())).thenReturn(null);
- target().path("/portal").request().get();
+ when(request.getCookies()).thenReturn(getCookies());
+ target().path("/portal").request().get();
Mockito.verify(response, times(1)).sendError(HttpServletResponse.SC_USE_PROXY, PortalServlet.MISSING_HEADERS_MSG);
- Mockito.reset(response, rd);
}
@Test
public void testSuccessfulRequest() throws IOException, ServletException {
- Mockito.doAnswer((Answer<Object>) invocation -> {
+ ConfigurationManager.setTestInstance(configurationManager);
+ when(configuration.getAuthCookie().getCookieName()).thenReturn("cookieName");
+ when(configuration.getAuthCookie().getPath()).thenReturn("/");
+ when(configuration.getAuthCookie().getDomain()).thenReturn("");
+ when(configuration.getAuthCookie().getSecurityKey()).thenReturn("");
+ Mockito.doAnswer((Answer<Object>) invocation -> {
Object[] args = invocation.getArguments();
return (String) args[0];
}).when(request).getHeader(Mockito.anyString());
target().path("/portal").request().get();
verify(rd).forward(Mockito.any(ServletRequest.class), Mockito.any(ServletResponse.class));
- Mockito.reset(response, rd);
}
+
+ @Test
+ public void testSuccessfullAddofAuthCookie() throws IOException, ServletException {
+ ConfigurationManager.setTestInstance(configurationManager);
+ when(configuration.getAuthCookie().getCookieName()).thenReturn("cookieName");
+ when(configuration.getAuthCookie().getPath()).thenReturn("/");
+ when(configuration.getAuthCookie().getDomain()).thenReturn("");
+ when(configuration.getAuthCookie().getSecurityKey()).thenReturn("AGLDdG4D04BKm2IxIWEr8o==");
+ PortalServlet pp = new PortalServlet();
+ assertTrue(pp.addAuthCookie(response,"user", "test" ,"User"));
+ }
+
+ @Test
+ public void testFailureMissingCookieConfiguration() throws IOException {
+
+ //missing configuration mock therefore will fail
+ PortalServlet pp = new PortalServlet();
+ pp.doGet(request,response);
+ assertFalse(pp.addAuthCookie(response,"user", "test" ,"User"));
+
+ }
+
+
+
@Override
protected Application configure() {
// Use any available port - this allows us to run the BE tests in parallel with this one.
@@ -146,6 +193,15 @@ public class PortalServletTest extends JerseyTest {
}
});
+
+
return resourceConfig;
}
+
+ private Cookie[] getCookies() {
+ Cookie[] cookies = new Cookie [1];
+ cookies[0] = new Cookie("someName", "aaa");
+ return cookies;
+ }
+
}
diff --git a/catalog-fe/src/test/resources/config/ESAPI.properties b/catalog-fe/src/test/resources/config/ESAPI.properties
new file mode 100644
index 0000000000..1dedfe6739
--- /dev/null
+++ b/catalog-fe/src/test/resources/config/ESAPI.properties
@@ -0,0 +1,452 @@
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
+#
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+# from a name space perspective, we probably should have prefaced
+# all the property names with ESAPI or at least OWASP. Otherwise
+# there could be problems is someone loads this properties file into
+# the System properties. We could also put this file into the
+# esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+# ESAPI properties be defined that would overwrite these defaults.
+# That keeps the application's properties relatively simple as usually
+# they will only want to override a few properties. If looks like we
+# already support multiple override levels of this in the
+# DefaultSecurityConfiguration class, but I'm suggesting placing the
+# defaults in the esapi.jar itself. That way, if the jar is signed,
+# we could detect if those properties had been tampered with. (The
+# code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+# but off course there is an execution penalty (similar to the way
+# that the separate sunjce.jar used to be when a class from it was
+# first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system. Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+# you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+# re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+# able to decrypt your data with ESAPI 2.0.
+#
+# YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help.
+# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
+# default for reasons of backward compatibility with earlier ESAPI versions.
+ESAPI.printProperties=true
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+# String ciphertext =
+# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0
+# CipherText cipherText =
+# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+# ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0. In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+# ***** IMPORTANT: Do NOT forget to replace these with your own values! *****
+# To calculate these values, you can run:
+# java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+#
+Encryptor.MasterKey=tzfztf56ftv
+Encryptor.MasterSalt=123456ztrewq
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+# as well, so if you are using JCE in your application directly rather than
+# through ESAPI (you wouldn't do that, would you? ;-), it will change the
+# preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+# ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+# in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+# For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+# DISCUSS: Better name?
+Encryptor.cipher_modes.additional_allowed=CBC
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values: random|fixed|specified 'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an *example* for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+# Note: There is also a 112-bit version of DESede. Using the 168-bit version
+# requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+
+# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
+# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
+# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
+# the MAC, mostly to keep the overall size at a minimum.)
+#
+# Currently supported choices for JDK 1.5 and 1.6 are:
+# HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+# HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# the JDKs support it. See the ESAPI 2.0 Symmetric Encryption User Guide
+# further details.
+Encryptor.KDF.PRF=HmacSHA256
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID"
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+# (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+# that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile=validation.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+
+#the word TEST below should be changed to your application
+#name - only relative URL's are supported
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
+Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
+Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false \ No newline at end of file
diff --git a/catalog-fe/src/test/resources/logback-test.xml b/catalog-fe/src/test/resources/logback-test.xml
index d2b9bff23f..548a804952 100644
--- a/catalog-fe/src/test/resources/logback-test.xml
+++ b/catalog-fe/src/test/resources/logback-test.xml
@@ -3,7 +3,7 @@
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<Pattern>
- %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n
+<!-- %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n-->
</Pattern>
</encoder>
</appender>