View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2022 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet;
25  
26  import java.lang.reflect.Field;
27  import java.util.Collections;
28  import java.util.Enumeration;
29  
30  import javax.servlet.FilterChain;
31  import javax.servlet.FilterConfig;
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  
35  import mockit.Expectations;
36  import mockit.Mocked;
37  import mockit.Tested;
38  import mockit.Verifications;
39  
40  import org.junit.jupiter.api.Assertions;
41  import org.junit.jupiter.api.Test;
42  
43  import waffle.util.CorsPreFlightCheck;
44  
45  /**
46   * Negotiate Security Filter Test.
47   */
48  class NegotiateSecurityFilterTest {
49  
50      /** The negotiate security filter. */
51      @Tested
52      private NegotiateSecurityFilter negotiateSecurityFilter;
53  
54      /** The init parameter names. */
55      private final Enumeration<String> initParameterNames = Collections.enumeration(new java.util.ArrayList<String>() {
56  
57          /** The Constant serialVersionUID. */
58          private static final long serialVersionUID = 1L;
59  
60          {
61              this.add("principalFormat");
62              this.add("principalFormat");
63              this.add("roleFormat");
64              this.add("allowGuestLogin");
65              this.add("impersonate");
66              this.add("securityFilterProviders");
67              this.add("excludePatterns");
68              this.add("excludeCorsPreflight");
69              this.add("excludeBearerAuthorization");
70          }
71      });
72  
73      /**
74       * Test cors and bearer authorization I init.
75       *
76       * @param filterConfig
77       *            the filter config
78       *
79       * @throws Exception
80       *             the exception
81       */
82      @Test
83      void testCorsAndBearerAuthorizationI_init(@Mocked final FilterConfig filterConfig) throws Exception {
84          this.getClass().getClassLoader().getResource("logback.xml");
85  
86          new Expectations() {
87              {
88                  filterConfig.getInitParameterNames();
89                  this.result = NegotiateSecurityFilterTest.this.initParameterNames;
90                  filterConfig.getInitParameter("principalFormat");
91                  this.result = "fqn";
92                  filterConfig.getInitParameter("roleFormat");
93                  this.result = "fqn";
94                  filterConfig.getInitParameter("allowGuestLogin");
95                  this.result = "false";
96                  filterConfig.getInitParameter("impersonate");
97                  this.result = "true";
98                  filterConfig.getInitParameter("securityFilterProviders");
99                  this.result = "waffle.servlet.spi.BasicSecurityFilterProvider\nwaffle.servlet.spi.NegotiateSecurityFilterProvider";
100                 filterConfig.getInitParameter("excludePatterns");
101                 this.result = ".*/peter/.*";
102                 filterConfig.getInitParameter("excludeCorsPreflight");
103                 this.result = "true";
104                 filterConfig.getInitParameter("excludeBearerAuthorization");
105                 this.result = "true";
106             }
107         };
108 
109         this.negotiateSecurityFilter.init(filterConfig);
110 
111         final Field excludeCorsPreflight = this.negotiateSecurityFilter.getClass()
112                 .getDeclaredField("excludeCorsPreflight");
113         final Field excludeBearerAuthorization = this.negotiateSecurityFilter.getClass()
114                 .getDeclaredField("excludeBearerAuthorization");
115         excludeCorsPreflight.setAccessible(true);
116         excludeBearerAuthorization.setAccessible(true);
117         Assertions.assertTrue(excludeCorsPreflight.getBoolean(this.negotiateSecurityFilter));
118         Assertions.assertTrue(excludeBearerAuthorization.getBoolean(this.negotiateSecurityFilter));
119         Assertions.assertTrue(this.negotiateSecurityFilter.isImpersonate());
120         Assertions.assertFalse(this.negotiateSecurityFilter.isAllowGuestLogin());
121 
122         new Verifications() {
123             {
124                 filterConfig.getInitParameter(this.withInstanceOf(String.class));
125                 this.minTimes = 8;
126             }
127         };
128 
129     }
130 
131     /**
132      * Test exclude cors and OAUTH bearer authorization do filter.
133      *
134      * @param request
135      *            the request
136      * @param response
137      *            the response
138      * @param chain
139      *            the chain
140      * @param filterConfig
141      *            the filter config
142      *
143      * @throws Exception
144      *             the exception
145      */
146     @Test
147     void testExcludeCorsAndOAUTHBearerAuthorization_doFilter(@Mocked final HttpServletRequest request,
148             @Mocked final HttpServletResponse response, @Mocked final FilterChain chain,
149             @Mocked final FilterConfig filterConfig) throws Exception {
150         this.getClass().getClassLoader().getResource("logback.xml");
151 
152         new Expectations() {
153             {
154                 filterConfig.getInitParameterNames();
155                 this.result = NegotiateSecurityFilterTest.this.initParameterNames;
156                 filterConfig.getInitParameter("principalFormat");
157                 this.result = "fqn";
158                 filterConfig.getInitParameter("roleFormat");
159                 this.result = "fqn";
160                 filterConfig.getInitParameter("allowGuestLogin");
161                 this.result = "false";
162                 filterConfig.getInitParameter("impersonate");
163                 this.result = "false";
164                 filterConfig.getInitParameter("securityFilterProviders");
165                 this.result = "waffle.servlet.spi.BasicSecurityFilterProvider\nwaffle.servlet.spi.NegotiateSecurityFilterProvider";
166                 filterConfig.getInitParameter("excludePatterns");
167                 this.result = ".*/peter/.*";
168                 filterConfig.getInitParameter("excludeCorsPreflight");
169                 this.result = "true";
170                 filterConfig.getInitParameter("excludeBearerAuthorization");
171                 this.result = "true";
172                 CorsPreFlightCheck.isPreflight(request);
173                 this.result = true;
174                 request.getHeader("Authorization");
175                 this.result = "Bearer aBase64hash";
176             }
177         };
178 
179         this.negotiateSecurityFilter.init(filterConfig);
180         this.negotiateSecurityFilter.doFilter(request, response, chain);
181 
182         new Verifications() {
183             {
184                 chain.doFilter(request, response);
185                 this.times = 1;
186             }
187         };
188 
189     }
190 
191 }