Google Git
Sign in
apache / qpid-broker-j / 12429de4d2a8abce130e64996fcd54e12ee6123f / . / systests / src / test / java / org / apache / qpid / systest / rest / acl / BrokerACLTest.java
blob: 9a0362ee18005fe971dc7a7379e14f30bdcf0cdd [file] [log] [blame]
/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.systest.rest.acl;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.logging.logback.BrokerFileLogger;
import org.apache.qpid.server.logging.logback.BrokerMemoryLogger;
import org.apache.qpid.server.logging.logback.BrokerNameAndLevelLogInclusionRule;
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet;
import org.apache.qpid.server.model.AccessControlProvider;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerLogger;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ExternalFileBasedAuthenticationManager;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.adapter.FileBasedGroupProvider;
import org.apache.qpid.server.model.adapter.FileBasedGroupProviderImpl;
import org.apache.qpid.server.security.AllowAllAccessControlProvider;
import org.apache.qpid.server.security.FileKeyStore;
import org.apache.qpid.server.security.FileTrustStore;
import org.apache.qpid.server.security.access.plugins.AclFileAccessControlProvider;
import org.apache.qpid.server.security.acl.AbstractACLTestCase;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.PlainPasswordDatabaseAuthenticationManager;
import org.apache.qpid.systest.rest.QpidRestTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestFileUtils;
import org.apache.qpid.test.utils.TestSSLConstants;
public class BrokerACLTest extends QpidRestTestCase
{
private static final String ALLOWED_USER = "user1";
private static final String DENIED_USER = "user2";
private String _secondaryAclFileContent = "";
@Override
protected void customizeConfiguration() throws Exception
{
super.customizeConfiguration();
final TestBrokerConfiguration defaultBrokerConfiguration = getDefaultBrokerConfiguration();
defaultBrokerConfiguration.configureTemporaryPasswordFile(ALLOWED_USER, DENIED_USER);
AbstractACLTestCase.writeACLFileUtil(this, "ACL ALLOW-LOG ALL ACCESS MANAGEMENT",
"ACL ALLOW-LOG " + ALLOWED_USER + " CONFIGURE BROKER",
"ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER",
"ACL ALLOW-LOG " + ALLOWED_USER + " ACCESS_LOGS BROKER",
"ACL DENY-LOG " + DENIED_USER + " ACCESS_LOGS BROKER",
"ACL DENY-LOG ALL ALL");
_secondaryAclFileContent =
"ACL ALLOW-LOG ALL ACCESS MANAGEMENT\n" +
"ACL ALLOW-LOG " + ALLOWED_USER + " CONFIGURE BROKER\n" +
"ACL DENY-LOG " + DENIED_USER + " CONFIGURE BROKER\n" +
"ACL DENY-LOG ALL ALL";
}
/* === AuthenticationProvider === */
public void testCreateAuthenticationProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String authenticationProviderName = getTestName();
int responseCode = createAuthenticationProvider(authenticationProviderName);
assertEquals("Provider creation should be allowed", 201, responseCode);
assertAuthenticationProviderExists(authenticationProviderName);
}
public void testCreateAuthenticationProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String authenticationProviderName = getTestName();
int responseCode = createAuthenticationProvider(authenticationProviderName);
assertEquals("Provider creation should be denied", 403, responseCode);
assertAuthenticationProviderDoesNotExist(authenticationProviderName);
}
public void testDeleteAuthenticationProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String providerName = getTestName();
int responseCode = createAuthenticationProvider(providerName);
assertEquals("Provider creation should be allowed", 201, responseCode);
assertAuthenticationProviderExists(providerName);
responseCode = getRestTestHelper().submitRequest("authenticationprovider/" + providerName, "DELETE");
assertEquals("Provider deletion should be allowed", 200, responseCode);
assertAuthenticationProviderDoesNotExist(TEST2_VIRTUALHOST);
}
public void testDeleteAuthenticationProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String providerName = getTestName();
int responseCode = createAuthenticationProvider(providerName);
assertEquals("Provider creation should be allowed", 201, responseCode);
assertAuthenticationProviderExists(providerName);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
responseCode = getRestTestHelper().submitRequest("authenticationprovider/" + providerName, "DELETE");
assertEquals("Provider deletion should be denied", 403, responseCode);
assertAuthenticationProviderExists(providerName);
}
public void testSetAuthenticationProviderAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String providerName = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
assertAuthenticationProviderExists(providerName);
Map<String, Object> attributes = new HashMap<>();
attributes.put(AuthenticationProvider.NAME, providerName);
attributes.put(AuthenticationProvider.TYPE, PlainPasswordDatabaseAuthenticationManager.PROVIDER_TYPE);
attributes.put(AuthenticationProvider.STATE, State.DELETED.name());
int responseCode = getRestTestHelper().submitRequest("authenticationprovider/" + providerName, "PUT", attributes);
assertEquals("Setting of provider attribites should be allowed", 200, responseCode);
}
public void testSetAuthenticationProviderAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String providerName = TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER;
Map<String, Object> providerData = getRestTestHelper().getJsonAsSingletonList("authenticationprovider/" + providerName);
File file = TestFileUtils.createTempFile(this, ".users", "guest:guest\n" + ALLOWED_USER + ":" + ALLOWED_USER + "\n"
+ DENIED_USER + ":" + DENIED_USER);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(AuthenticationProvider.NAME, providerName);
attributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE);
attributes.put(ExternalFileBasedAuthenticationManager.PATH, file.getAbsolutePath());
int responseCode = getRestTestHelper().submitRequest("authenticationprovider/" + providerName, "PUT", attributes);
assertEquals("Setting of provider attribites should be allowed", 403, responseCode);
Map<String, Object> provider = getRestTestHelper().getJsonAsSingletonList("authenticationprovider/" + providerName);
assertEquals("Unexpected STORE_URL attribute value",
providerData.get(ExternalFileBasedAuthenticationManager.PATH),
provider.get(ExternalFileBasedAuthenticationManager.PATH));
}
/* === Port === */
public void testCreatePortAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String portName = getTestName();
int responseCode = createPort(portName);
assertEquals("Port creation should be allowed", 201, responseCode);
assertPortExists(portName);
}
public void testCreatePortDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String portName = getTestName();
int responseCode = createPort(portName);
assertEquals("Port creation should be denied", 403, responseCode);
assertPortDoesNotExist(portName);
}
public void testDeletePortDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
assertPortExists(portName);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
int responseCode = getRestTestHelper().submitRequest("port/" + portName, "DELETE");
assertEquals("Port deletion should be denied", 403, responseCode);
assertPortExists(portName);
}
public void testDeletePortAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String portName = TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT;
assertPortExists(portName);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
int responseCode = getRestTestHelper().submitRequest("port/" + portName, "DELETE");
assertEquals("Port deletion should be allowed", 200, responseCode);
assertPortDoesNotExist(portName);
}
public void testSetPortAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String portName = getTestName();
int responseCode = createPort(portName);
assertEquals("Port creation should be allowed", 201, responseCode);
assertPortExists(portName);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(Port.NAME, portName);
attributes.put(Port.PROTOCOLS, Arrays.asList(Protocol.AMQP_0_9));
attributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
responseCode = getRestTestHelper().submitRequest("port/" + portName, "PUT", attributes);
assertEquals("Setting of port attribites should be denied", 403, responseCode);
Map<String, Object> port = getRestTestHelper().getJsonAsSingletonList("port/" + portName);
assertEquals("Unexpected authentication provider attribute value",
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, port.get(Port.AUTHENTICATION_PROVIDER));
}
/* === KeyStore === */
public void testCreateKeyStoreAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
}
public void testCreateKeyStoreDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String keyStoreName = getTestName();
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 403, responseCode);
assertKeyStoreExistence(keyStoreName, false);
}
public void testDeleteKeyStoreDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
responseCode = getRestTestHelper().submitRequest("keystore/" + keyStoreName, "DELETE");
assertEquals("keystore deletion should be denied", 403, responseCode);
assertKeyStoreExistence(keyStoreName, true);
}
public void testDeleteKeyStoreAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
responseCode = getRestTestHelper().submitRequest("keystore/" + keyStoreName, "DELETE");
assertEquals("keystore deletion should be allowed", 200, responseCode);
assertKeyStoreExistence(keyStoreName, false);
}
public void testSetKeyStoreAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
String initialCertAlias = TestSSLConstants.CERT_ALIAS_APP1;
String updatedCertAlias = TestSSLConstants.CERT_ALIAS_APP2;
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, initialCertAlias);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
Map<String, Object> keyStore = getRestTestHelper().getJsonAsSingletonList("keystore/" + keyStoreName);
assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(FileKeyStore.CERTIFICATE_ALIAS));
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(KeyStore.NAME, keyStoreName);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, updatedCertAlias);
responseCode = getRestTestHelper().submitRequest("keystore/" + keyStoreName, "PUT", attributes);
assertEquals("Setting of keystore attributes should be allowed", 200, responseCode);
keyStore = getRestTestHelper().getJsonAsSingletonList("keystore/" + keyStoreName);
assertEquals("Unexpected certificateAlias attribute value", updatedCertAlias, keyStore.get(FileKeyStore.CERTIFICATE_ALIAS));
}
public void testSetKeyStoreAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
String initialCertAlias = TestSSLConstants.CERT_ALIAS_APP1;
String updatedCertAlias = TestSSLConstants.CERT_ALIAS_APP2;
assertKeyStoreExistence(keyStoreName, false);
int responseCode = createKeyStore(keyStoreName, initialCertAlias);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
Map<String, Object> keyStore = getRestTestHelper().getJsonAsSingletonList("keystore/" + keyStoreName);
assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(FileKeyStore.CERTIFICATE_ALIAS));
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(KeyStore.NAME, keyStoreName);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, updatedCertAlias);
responseCode = getRestTestHelper().submitRequest("keystore/" + keyStoreName, "PUT", attributes);
assertEquals("Setting of keystore attributes should be denied", 403, responseCode);
keyStore = getRestTestHelper().getJsonAsSingletonList("keystore/" + keyStoreName);
assertEquals("Unexpected certificateAlias attribute value", initialCertAlias, keyStore.get(FileKeyStore.CERTIFICATE_ALIAS));
}
/* === TrustStore === */
public void testCreateTrustStoreAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String trustStoreName = getTestName();
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, false);
assertEquals("trustStore creation should be allowed", 201, responseCode);
assertTrustStoreExistence(trustStoreName, true);
}
public void testCreateTrustStoreDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String trustStoreName = getTestName();
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, false);
assertEquals("trustStore creation should be allowed", 403, responseCode);
assertTrustStoreExistence(trustStoreName, false);
}
public void testDeleteTrustStoreDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String trustStoreName = getTestName();
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, false);
assertEquals("trustStore creation should be allowed", 201, responseCode);
assertTrustStoreExistence(trustStoreName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
responseCode = getRestTestHelper().submitRequest("truststore/" + trustStoreName, "DELETE");
assertEquals("truststore deletion should be denied", 403, responseCode);
assertTrustStoreExistence(trustStoreName, true);
}
public void testDeleteTrustStoreAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String trustStoreName = getTestName();
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, false);
assertEquals("trustStore creation should be allowed", 201, responseCode);
assertTrustStoreExistence(trustStoreName, true);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
responseCode = getRestTestHelper().submitRequest("truststore/" + trustStoreName, "DELETE");
assertEquals("truststore deletion should be allowed", 200, responseCode);
assertTrustStoreExistence(trustStoreName, false);
}
public void testSetTrustStoreAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String trustStoreName = getTestName();
boolean initialPeersOnly = false;
boolean updatedPeersOnly = true;
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, initialPeersOnly);
assertEquals("trustStore creation should be allowed", 201, responseCode);
assertTrustStoreExistence(trustStoreName, true);
Map<String, Object> trustStore = getRestTestHelper().getJsonAsSingletonList("truststore/" + trustStoreName);
assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(FileTrustStore.PEERS_ONLY));
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(TrustStore.NAME, trustStoreName);
attributes.put(FileTrustStore.PEERS_ONLY, updatedPeersOnly);
responseCode = getRestTestHelper().submitRequest("truststore/" + trustStoreName, "PUT", attributes);
assertEquals("Setting of truststore attributes should be allowed", 200, responseCode);
trustStore = getRestTestHelper().getJsonAsSingletonList("truststore/" + trustStoreName);
assertEquals("Unexpected peersOnly attribute value", updatedPeersOnly, trustStore.get(FileTrustStore.PEERS_ONLY));
}
public void testSetTrustStoreAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String trustStoreName = getTestName();
boolean initialPeersOnly = false;
boolean updatedPeersOnly = true;
assertTrustStoreExistence(trustStoreName, false);
int responseCode = createTrustStore(trustStoreName, initialPeersOnly);
assertEquals("trustStore creation should be allowed", 201, responseCode);
assertTrustStoreExistence(trustStoreName, true);
Map<String, Object> trustStore = getRestTestHelper().getJsonAsSingletonList("truststore/" + trustStoreName);
assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(FileTrustStore.PEERS_ONLY));
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(TrustStore.NAME, trustStoreName);
attributes.put(FileTrustStore.PEERS_ONLY, updatedPeersOnly);
responseCode = getRestTestHelper().submitRequest("truststore/" + trustStoreName, "PUT", attributes);
assertEquals("Setting of truststore attributes should be denied", 403, responseCode);
trustStore = getRestTestHelper().getJsonAsSingletonList("truststore/" + trustStoreName);
assertEquals("Unexpected peersOnly attribute value", initialPeersOnly, trustStore.get(FileTrustStore.PEERS_ONLY));
}
/* === Broker === */
public void testSetBrokerAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
int initialSessionCountLimit = 256;
int updatedSessionCountLimit = 299;
Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("broker");
assertEquals("Unexpected alert repeat gap", initialSessionCountLimit,
brokerAttributes.get(Broker.CONNECTION_SESSION_COUNT_LIMIT));
Map<String, Object> newAttributes = new HashMap<String, Object>();
newAttributes.put(Broker.CONNECTION_SESSION_COUNT_LIMIT, updatedSessionCountLimit);
int responseCode = getRestTestHelper().submitRequest("broker", "PUT", newAttributes);
assertEquals("Setting of port attribites should be allowed", 200, responseCode);
brokerAttributes = getRestTestHelper().getJsonAsSingletonList("broker");
assertEquals("Unexpected default alert repeat gap", updatedSessionCountLimit,
brokerAttributes.get(Broker.CONNECTION_SESSION_COUNT_LIMIT));
}
public void testSetBrokerAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
int initialSessionCountLimit = 256;
int updatedSessionCountLimit = 299;
Map<String, Object> brokerAttributes = getRestTestHelper().getJsonAsSingletonList("broker");
assertEquals("Unexpected alert repeat gap", initialSessionCountLimit,
brokerAttributes.get(Broker.CONNECTION_SESSION_COUNT_LIMIT));
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> newAttributes = new HashMap<String, Object>();
newAttributes.put(Broker.CONNECTION_SESSION_COUNT_LIMIT, updatedSessionCountLimit);
int responseCode = getRestTestHelper().submitRequest("broker", "PUT", newAttributes);
assertEquals("Setting of port attribites should be allowed", 403, responseCode);
brokerAttributes = getRestTestHelper().getJsonAsSingletonList("broker");
assertEquals("Unexpected default alert repeat gap", initialSessionCountLimit,
brokerAttributes.get(Broker.CONNECTION_SESSION_COUNT_LIMIT));
}
/* === GroupProvider === */
public void testCreateGroupProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be allowed", 201, responseCode);
assertGroupProviderExistence(groupProviderName, true);
}
public void testCreateGroupProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be denied", 403, responseCode);
assertGroupProviderExistence(groupProviderName, false);
}
public void testDeleteGroupProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be allowed", 201, responseCode);
assertGroupProviderExistence(groupProviderName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
responseCode = getRestTestHelper().submitRequest("groupprovider/" + groupProviderName, "DELETE");
assertEquals("Group provider deletion should be denied", 403, responseCode);
assertGroupProviderExistence(groupProviderName, true);
}
public void testDeleteGroupProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be allowed", 201, responseCode);
assertGroupProviderExistence(groupProviderName, true);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
responseCode = getRestTestHelper().submitRequest("groupprovider/" + groupProviderName, "DELETE");
assertEquals("Group provider deletion should be allowed", 200, responseCode);
assertGroupProviderExistence(groupProviderName, false);
}
public void testSetGroupProviderAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be allowed", 201, responseCode);
assertGroupProviderExistence(groupProviderName, true);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(GroupProvider.NAME, groupProviderName);
attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE);
attributes.put(FileBasedGroupProvider.PATH, "/path/to/file");
responseCode = getRestTestHelper().submitRequest("groupprovider/" + groupProviderName, "PUT", attributes);
assertEquals("Setting of group provider attributes should be allowed but not supported", AbstractServlet.SC_UNPROCESSABLE_ENTITY, responseCode);
}
public void testSetGroupProviderAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String groupProviderName = getTestName();
assertGroupProviderExistence(groupProviderName, false);
int responseCode = createGroupProvider(groupProviderName);
assertEquals("Group provider creation should be allowed", 201, responseCode);
assertGroupProviderExistence(groupProviderName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(GroupProvider.NAME, groupProviderName);
attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE);
attributes.put(FileBasedGroupProvider.PATH, "/path/to/file");
responseCode = getRestTestHelper().submitRequest("groupprovider/" + groupProviderName, "PUT", attributes);
assertEquals("Setting of group provider attributes should be denied", 403, responseCode);
}
/* === AccessControlProvider === */
public void testCreateAccessControlProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
String accessControlProviderName = getTestName();
assertAccessControlProviderExistence(accessControlProviderName, false);
int responseCode = createAccessControlProvider(accessControlProviderName);
assertEquals("Access control provider creation should be denied", 403, responseCode);
assertAccessControlProviderExistence(accessControlProviderName, false);
}
public void testDeleteAccessControlProviderDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
assertAccessControlProviderExistence(accessControlProviderName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
assertEquals("Access control provider deletion should be denied", 403, responseCode);
assertAccessControlProviderExistence(accessControlProviderName, true);
}
public void testDeleteAccessControlProviderAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
assertAccessControlProviderExistence(accessControlProviderName, true);
// add a second, low priority AllowAll provider
Map<String,Object> attributes = new HashMap<>();
final String secondProviderName = "AllowAll";
attributes.put(ConfiguredObject.NAME, secondProviderName);
attributes.put(ConfiguredObject.TYPE, AllowAllAccessControlProvider.ALLOW_ALL);
attributes.put(AccessControlProvider.PRIORITY, 9999);
int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + secondProviderName, "PUT", attributes);
assertEquals("Access control provider creation should be allowed", 201, responseCode);
responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE");
assertEquals("Access control provider deletion should be allowed", 200, responseCode);
assertAccessControlProviderExistence(accessControlProviderName, false);
}
public void testSetAccessControlProviderAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
assertAccessControlProviderExistence(accessControlProviderName, true);
File aclFile = TestFileUtils.createTempFile(this, ".acl", "ACL ALLOW all all");
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(AccessControlProvider.NAME, accessControlProviderName);
attributes.put(FileBasedGroupProvider.PATH, aclFile.getAbsolutePath());
int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
assertEquals("Setting of access control provider attributes should be allowed", 200, responseCode);
}
public void testSetAccessControlProviderAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE;
assertAccessControlProviderExistence(accessControlProviderName, true);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(GroupProvider.NAME, accessControlProviderName);
attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE);
attributes.put(FileBasedGroupProvider.PATH, "/path/to/file");
int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
assertEquals("Setting of access control provider attributes should be denied", 403, responseCode);
}
/* === HTTP management === */
public void testSetHttpManagementAttributesAllowed() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(HttpManagement.NAME, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT);
attributes.put(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.TIME_OUT, 10000);
int responseCode = getRestTestHelper().submitRequest(
"plugin/" + TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, "PUT", attributes);
assertEquals("Setting of http management should be allowed", 200, responseCode);
Map<String, Object> details = getRestTestHelper().getJsonAsSingletonList(
"plugin/" + TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT);
assertEquals("Unexpected session timeout", 10000, details.get(HttpManagement.TIME_OUT));
assertEquals("Unexpected http basic auth enabled", true, details.get(HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED));
assertEquals("Unexpected https basic auth enabled", false, details.get(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED));
assertEquals("Unexpected http sasl auth enabled", false, details.get(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED));
assertEquals("Unexpected https sasl auth enabled", false, details.get(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED));
}
public void testSetHttpManagementAttributesDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(HttpManagement.NAME, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT);
attributes.put(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED, false);
attributes.put(HttpManagement.TIME_OUT, 10000);
int responseCode = getRestTestHelper().submitRequest(
"plugin/" + TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, "PUT", attributes);
assertEquals("Setting of http management should be denied", 403, responseCode);
Map<String, Object> details = getRestTestHelper().getJsonAsSingletonList(
"plugin/" + TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT);
assertEquals("Unexpected session timeout", HttpManagement.DEFAULT_TIMEOUT_IN_SECONDS,
details.get(HttpManagement.TIME_OUT));
assertEquals("Unexpected http basic auth enabled", true,
details.get(HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED));
assertEquals("Unexpected https basic auth enabled", true,
details.get(HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED));
assertEquals("Unexpected http sasl auth enabled", true,
details.get(HttpManagement.HTTP_SASL_AUTHENTICATION_ENABLED));
assertEquals("Unexpected https sasl auth enabled", true,
details.get(HttpManagement.HTTPS_SASL_AUTHENTICATION_ENABLED));
}
/* === Broker Logger === */
public void testCreateBrokerLoggerAllowedDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerLogger.NAME, "testLogger1");
attributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
attributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "testLogger2");
getRestTestHelper().submitRequest("brokerlogger", "PUT", attributes, HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest("brokerlogger/testLogger2", "GET", HttpServletResponse.SC_NOT_FOUND);
}
public void testDeleteBrokerLoggerAllowedDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerLogger.NAME, "testLogger1");
attributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "DELETE", null, HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "DELETE", null, HttpServletResponse.SC_OK);
getRestTestHelper().submitRequest("brokerlogger/testLogger1", "GET", HttpServletResponse.SC_NOT_FOUND);
}
public void testDownloadBrokerLoggerFileAllowedDenied() throws Exception
{
final String loggerName = "testFileLogger";
final String loggerPath = "brokerlogger/" + loggerName;
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerLogger.NAME, loggerName);
attributes.put(ConfiguredObject.TYPE, BrokerFileLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest(loggerPath + "/getFile?fileName=qpid.log", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().submitRequest(loggerPath + "/getFiles?fileName=qpid.log", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().submitRequest(loggerPath + "/getAllFiles", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
getRestTestHelper().submitRequest(loggerPath + "/getFile?fileName=qpid.log", "GET", HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest(loggerPath + "/getFiles?fileName=qpid.log", "GET", HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest(loggerPath + "/getAllFiles", "GET", HttpServletResponse.SC_FORBIDDEN);
}
public void testViewMemoryLoggerEntriesAllowedDenied() throws Exception
{
final String loggerName = "testMemoryLogger";
final String loggerPath = "brokerlogger/" + loggerName;
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerLogger.NAME, loggerName);
attributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest(loggerPath + "/getLogEntries?lastLogId=0", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
getRestTestHelper().submitRequest(loggerPath + "/getLogEntries?lastLogId=0", "GET", HttpServletResponse.SC_FORBIDDEN);
}
/* === Broker Log Inclusion Rules === */
public void testCreateBrokerLoggerRuleAllowedDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> loggerAttributes = new HashMap<>();
loggerAttributes.put(BrokerLogger.NAME, "testLogger1");
loggerAttributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", loggerAttributes, HttpServletResponse.SC_CREATED);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "rule1");
attributes.put(ConfiguredObject.TYPE, BrokerNameAndLevelLogInclusionRule.TYPE);
attributes.put(BrokerNameAndLevelLogInclusionRule.LEVEL, "DEBUG");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
attributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "rule2");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1", "PUT", attributes, HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule2", "GET", HttpServletResponse.SC_NOT_FOUND);
}
public void testUpdateBrokerLoggerRuleAllowedDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> loggerAttributes = new HashMap<>();
loggerAttributes.put(BrokerLogger.NAME, "testLogger1");
loggerAttributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", loggerAttributes, HttpServletResponse.SC_CREATED);
Map<String, Object> ruleAttributes = new HashMap<>();
ruleAttributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "rule1");
ruleAttributes.put(ConfiguredObject.TYPE, BrokerNameAndLevelLogInclusionRule.TYPE);
ruleAttributes.put(BrokerNameAndLevelLogInclusionRule.LEVEL, "INFO");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1", "PUT", ruleAttributes, HttpServletResponse.SC_CREATED);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "rule1");
attributes.put(ConfiguredObject.TYPE, BrokerNameAndLevelLogInclusionRule.TYPE);
attributes.put(BrokerNameAndLevelLogInclusionRule.LEVEL, "DEBUG");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "PUT", attributes, HttpServletResponse.SC_OK);
Map<String,Object> resultAfterUpdate = getRestTestHelper().getJsonAsSingletonList("brokerloginclusionrule/testLogger1/rule1");
assertEquals("Log level was not changed", "DEBUG", resultAfterUpdate.get(BrokerNameAndLevelLogInclusionRule.LEVEL));
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
attributes.put(BrokerNameAndLevelLogInclusionRule.LEVEL, "INFO");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "PUT", attributes, HttpServletResponse.SC_FORBIDDEN);
Map<String,Object> resultAfterDeniedUpdate = getRestTestHelper().getJsonAsSingletonList("brokerloginclusionrule/testLogger1/rule1");
assertEquals("Log level was changed by not allowed user", "DEBUG", resultAfterDeniedUpdate.get(BrokerNameAndLevelLogInclusionRule.LEVEL));
}
public void testDeleteBrokerLoggerRuleAllowedDenied() throws Exception
{
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
Map<String, Object> loggerAttributes = new HashMap<>();
loggerAttributes.put(BrokerLogger.NAME, "testLogger1");
loggerAttributes.put(ConfiguredObject.TYPE, BrokerMemoryLogger.TYPE);
getRestTestHelper().submitRequest("brokerlogger", "PUT", loggerAttributes, HttpServletResponse.SC_CREATED);
Map<String, Object> attributes = new HashMap<>();
attributes.put(BrokerNameAndLevelLogInclusionRule.NAME, "rule1");
attributes.put(ConfiguredObject.TYPE, BrokerNameAndLevelLogInclusionRule.TYPE);
attributes.put(BrokerNameAndLevelLogInclusionRule.LEVEL, "DEBUG");
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1", "PUT", attributes, HttpServletResponse.SC_CREATED);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "DELETE", null, HttpServletResponse.SC_FORBIDDEN);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "GET", HttpServletResponse.SC_OK);
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "DELETE", null, HttpServletResponse.SC_OK);
getRestTestHelper().submitRequest("brokerloginclusionrule/testLogger1/rule1", "GET", HttpServletResponse.SC_NOT_FOUND);
}
/* === Utility Methods === */
private int createPort(String portName) throws Exception
{
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(Port.NAME, portName);
attributes.put(Port.PORT, 0);
attributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
return getRestTestHelper().submitRequest("port/" + portName, "PUT", attributes);
}
private void assertPortExists(String portName) throws Exception
{
assertPortExistence(portName, true);
}
private void assertPortDoesNotExist(String portName) throws Exception
{
assertPortExistence(portName, false);
}
private void assertPortExistence(String portName, boolean exists) throws Exception
{
String path = "port/" + portName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private void assertKeyStoreExistence(String keyStoreName, boolean exists) throws Exception
{
String path = "keystore/" + keyStoreName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private void assertTrustStoreExistence(String trustStoreName, boolean exists) throws Exception
{
String path = "truststore/" + trustStoreName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private int createAuthenticationProvider(String authenticationProviderName) throws Exception
{
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(AuthenticationProvider.NAME, authenticationProviderName);
attributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE);
return getRestTestHelper().submitRequest("authenticationprovider/" + authenticationProviderName, "PUT", attributes);
}
private void assertAuthenticationProviderDoesNotExist(String authenticationProviderName) throws Exception
{
assertAuthenticationProviderExistence(authenticationProviderName, false);
}
private void assertAuthenticationProviderExists(String authenticationProviderName) throws Exception
{
assertAuthenticationProviderExistence(authenticationProviderName, true);
}
private void assertAuthenticationProviderExistence(String authenticationProviderName, boolean exists) throws Exception
{
String path = "authenticationprovider/" + authenticationProviderName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private int createKeyStore(String name, String certAlias) throws IOException
{
Map<String, Object> keyStoreAttributes = new HashMap<String, Object>();
keyStoreAttributes.put(KeyStore.NAME, name);
keyStoreAttributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
keyStoreAttributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias);
return getRestTestHelper().submitRequest("keystore/" + name, "PUT", keyStoreAttributes);
}
private int createTrustStore(String name, boolean peersOnly) throws IOException
{
Map<String, Object> trustStoreAttributes = new HashMap<String, Object>();
trustStoreAttributes.put(TrustStore.NAME, name);
trustStoreAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.KEYSTORE);
trustStoreAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly);
return getRestTestHelper().submitRequest("truststore/" + name, "PUT", trustStoreAttributes);
}
private void assertGroupProviderExistence(String groupProviderName, boolean exists) throws Exception
{
String path = "groupprovider/" + groupProviderName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private int createGroupProvider(String groupProviderName) throws Exception
{
File file = TestFileUtils.createTempFile(this, ".groups");
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(GroupProvider.NAME, groupProviderName);
attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE);
attributes.put(FileBasedGroupProvider.PATH, file.getAbsoluteFile());
return getRestTestHelper().submitRequest("groupprovider/" + groupProviderName, "PUT", attributes);
}
private void assertAccessControlProviderExistence(String accessControlProviderName, boolean exists) throws Exception
{
String path = "accesscontrolprovider/" + accessControlProviderName;
int expectedResponseCode = exists ? HttpServletResponse.SC_OK : HttpServletResponse.SC_NOT_FOUND;
getRestTestHelper().submitRequest(path, "GET", expectedResponseCode);
}
private int createAccessControlProvider(String accessControlProviderName) throws Exception
{
File file = TestFileUtils.createTempFile(this, ".acl", _secondaryAclFileContent);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(AccessControlProvider.NAME, accessControlProviderName);
attributes.put(AccessControlProvider.TYPE, AclFileAccessControlProvider.ACL_FILE_PROVIDER_TYPE);
attributes.put(AclFileAccessControlProvider.PATH, file.getAbsoluteFile());
return getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes);
}
}