@Test
public void shouldPassUriOnWhiteList() {
when(request.getRequestURI()).thenReturn("/v1.0/application.wadl");
final FilterDirector requestDirector = handler.handleRequest(request, response);
assertEquals(
"Auth component must pass requests with uri on white list",
FilterAction.PASS,
requestDirector.getFilterAction());
}
@Test
public void shouldRejectInvalidCredentials() {
when(request.getRequestURI()).thenReturn("/start/12345/a/resource");
final FilterDirector requestDirector = handler.handleRequest(request, response);
assertEquals(
"Auth component must reject requests with invalid credentials",
FilterAction.RETURN,
requestDirector.getFilterAction());
}
@Test
public void shouldProcessUriNotOnWhiteListAsNonAuthedRequest() {
when(request.getRequestURI()).thenReturn("?param=/v1.0/application.wadl");
final FilterDirector requestDirector = handler.handleRequest(request, response);
assertEquals(
"Auth component must process requests with uri not on white list when in delegated mode",
FilterAction.PROCESS_RESPONSE,
requestDirector.getFilterAction());
}
@Test
public void handleRequest_nullChain() throws Exception {
compressionHandler.setFilterChain(null);
FilterDirector director = compressionHandler.handleRequest(request, response);
assertEquals(HttpStatusCode.INTERNAL_SERVER_ERROR.intValue(), director.getResponseStatusCode());
assertThat(director.getFilterAction(), equalTo(FilterAction.RETURN));
}
@Test
public void shouldReturnForUriNotOnWhiteList() {
when(request.getRequestURI()).thenReturn("?param=/v1.0/application.wadl");
final FilterDirector requestDirector = handler.handleRequest(request, response);
assertEquals(
"Auth component must return requests with uri not on white list",
FilterAction.RETURN,
requestDirector.getFilterAction());
}
@Test
public void shouldRejectInvalidCredentials() {
final FilterDirector director = handler.handleRequest(request, response);
assertEquals(
"Auth component must reject invalid requests",
FilterAction.RETURN,
director.getFilterAction());
}
@Test
public void shouldPassNullOrBlankCredentials() {
when(request.getRequestURI()).thenReturn("/start/");
when(request.getHeader(anyString())).thenReturn("");
final FilterDirector requestDirector = handler.handleRequest(request, response);
assertEquals(
"Auth component must pass requests with invalid credentials",
FilterAction.PROCESS_RESPONSE,
requestDirector.getFilterAction());
}
@Test
public void shouldPassValidCredentials() {
final AuthToken token =
generateCachableTokenInfo("role1,role2", "tokentokentoken", "username", "12345");
when(authService.validateToken(anyString(), anyString())).thenReturn(token);
final FilterDirector director = handler.handleRequest(request, response);
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void shouldCheckCacheForGroup() throws IOException {
final AuthToken user = new OpenStackToken(authResponse);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
verify(store, times(1)).get(eq(AUTH_GROUP_CACHE_PREFIX + "." + user.getTokenId()));
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void handleRequest_validRequest() throws Exception {
compressionHandler.setFilterChain(filterChain);
doNothing().when(compressingFilter, "doFilter", request, response, filterChain);
when(response.getStatus()).thenReturn(200);
FilterDirector director = compressionHandler.handleRequest(request, response);
assertEquals(HttpStatusCode.OK.intValue(), director.getResponseStatusCode());
assertThat(director.getFilterAction(), equalTo(FilterAction.RETURN));
}
@Test
public void shouldNotModifyResponseOnResponseStatusCodeNotEqualTo401or403() {
when(request.getRequestURI()).thenReturn("/start/12345/a/resource");
when(response.getStatus()).thenReturn(200);
final FilterDirector responseDirector = handler.handleResponse(request, response);
assertEquals(
"Auth component must pass valid, delegated responses",
FilterAction.NOT_SET,
responseDirector.getFilterAction());
}
@Test
public void handleRequest_handleGenericIOError() throws Exception {
compressionHandler.setFilterChain(filterChain);
doThrow(new IOException())
.when(compressingFilter)
.doFilter(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class));
FilterDirector director = compressionHandler.handleRequest(request, response);
assertEquals(HttpStatusCode.INTERNAL_SERVER_ERROR.intValue(), director.getResponseStatusCode());
assertThat(director.getFilterAction(), equalTo(FilterAction.RETURN));
}
@Test
public void shouldCheckCacheForCredentials() throws IOException {
final AuthToken user = new OpenStackToken(authResponse);
byte[] userInfoBytes = ObjectSerializer.instance().writeObject(user);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
verify(store).get(eq(AUTH_TOKEN_CACHE_PREFIX + "." + user.getTokenId()));
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void handleRequest_handleGZIPError() throws Exception {
compressionHandler.setFilterChain(filterChain);
doThrow(new ZipException("Not in GZIP format"))
.when(compressingFilter)
.doFilter(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class));
FilterDirector director = compressionHandler.handleRequest(request, response);
assertEquals(HttpStatusCode.BAD_REQUEST.intValue(), director.getResponseStatusCode());
assertThat(director.getFilterAction(), equalTo(FilterAction.RETURN));
}
@Test
public void shouldNotUseCachedGroupInfoForExpired() throws InterruptedException {
final AuthToken user = new OpenStackToken(authResponse);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
verify(store, times(1)).get(eq(AUTH_TOKEN_CACHE_PREFIX + "." + user.getTokenId()));
// Service should be called since token has expired
verify(authService, times(0)).getGroups(anyString());
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void shouldNotUseCachedUserInfoForBadTokenId() {
authResponse.getToken().setId("differentId");
final AuthToken user = new OpenStackToken(authResponse);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
when(store.get(eq(AUTH_TOKEN_CACHE_PREFIX + ".104772"))).thenReturn(user);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
verify(authService, times(1)).validateToken(anyString(), anyString());
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void shouldUseCachedUserInfo() {
final AuthToken user = new OpenStackToken(authResponse);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
when(store.get(eq(AUTH_TOKEN_CACHE_PREFIX + "." + user.getTokenId()))).thenReturn(user);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
// Service should not be called if we found the token in the cache
verify(authService, times(0)).validateToken(anyString(), anyString());
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
@Test
public void shouldUseCachedGroupInfo() {
final AuthToken user = new OpenStackToken(authResponse);
when(authService.validateToken(anyString(), anyString())).thenReturn(user);
final AuthGroup authGroup = new OpenStackGroup(group);
final List<AuthGroup> authGroupList = new ArrayList<AuthGroup>();
authGroupList.add(authGroup);
final AuthGroups groups = new AuthGroups(authGroupList);
when(store.get(eq(AUTH_GROUP_CACHE_PREFIX + "." + user.getTokenId()))).thenReturn(groups);
final FilterDirector director = handlerWithCache.handleRequest(request, response);
// Service should not be called if we found the token in the cache
verify(authService, times(0)).getGroups(anyString());
assertEquals(
"Auth component must pass valid requests", FilterAction.PASS, director.getFilterAction());
}
