Repository: eagle Updated Branches: refs/heads/master a7df69e3a -> 94b597b77
http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java ---------------------------------------------------------------------- diff --git a/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java new file mode 100644 index 0000000..c848d19 --- /dev/null +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java @@ -0,0 +1,164 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.resource; + +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.UniformInterfaceException; +import io.dropwizard.testing.junit.DropwizardAppRule; +import org.apache.eagle.common.Base64; +import org.apache.eagle.common.security.User; +import org.apache.eagle.server.ServerApplication; +import org.apache.eagle.server.ServerConfig; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.Test; + +public class BasicAuthenticationTestCase { + + @ClassRule + public static final DropwizardAppRule<ServerConfig> RULE = + new DropwizardAppRule<>(ServerApplication.class, + BasicAuthenticationTestCase.class.getResource("/configuration.yml").getPath()); + + private static final String USER_AUTH_KEY = "Basic " + Base64.encode("user:secret"); + private static final String ADMIN_AUTH_KEY = "Basic " + Base64.encode("admin:secret"); + private static final String BAD_AUTH_KEY = "Basic " + Base64.encode("bad:bad"); + + @Test + public void testAuthUserOnly() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly";, RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } + + @Test (expected = UniformInterfaceException.class) + public void testAuthUserOnlyWitBadKey() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly";, RULE.getLocalPort())) + .header("Authorization", BAD_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAuthAdminOnly() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnly";, RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAdminOnlyWithoutAuth() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth";, RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(String.class); + } + + + @Test + public void testUserWithoutRole() { + Client client = new Client(); + User user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole";, RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(User.class); + Assert.assertEquals("admin", user.getName()); + + user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole";, RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + Assert.assertEquals("user", user.getName()); + + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole";, RULE.getLocalPort())) + .get(User.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(401, e.getResponse().getStatus()); + } + } + + @Test + public void testUserWithoutRequiredAuth() { + Client client = new Client(); + String response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth";, RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(String.class); + Assert.assertNotNull(response); + Assert.assertEquals("User found admin", response); + + response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth";, RULE.getLocalPort())) + .get(String.class); + Assert.assertEquals("User not found", response); + } + + + @Test + public void testAdminOnlyWithoutAuthByUser() { + try { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth";, RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(String.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(403, e.getResponse().getStatus()); + } + } + + @Test + public void testAuthPermitAll() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll";, RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAuthPermitAllWithoutKeyShouldPass() { + Client client = new Client(); + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll";, RULE.getLocalPort())) + .get(User.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(204, e.getResponse().getStatus()); + } + } + + @Test + public void testAuthPermitAllWithBadKeyShouldAccept401() { + Client client = new Client(); + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll";, RULE.getLocalPort())) + .header("Authorization", BAD_AUTH_KEY) + .get(User.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(401, e.getResponse().getStatus()); + } + } + + @Test(expected = UniformInterfaceException.class) + public void testAuthDenyAll() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/denyAll";, RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } +} http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java ---------------------------------------------------------------------- diff --git a/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java new file mode 100644 index 0000000..9e4ebf9 --- /dev/null +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.resource; + +import io.dropwizard.auth.Auth; +import org.apache.eagle.common.security.DenyAll; +import org.apache.eagle.common.security.PermitAll; +import org.apache.eagle.common.security.RolesAllowed; +import org.apache.eagle.common.security.User; +import org.junit.Ignore; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.SecurityContext; + +@Ignore +@Path("/testAuth") +public class TestBasicAuthenticationResource { + @GET + @Path("/userOnly") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed(User.Role.USER) + public User getUser(@Auth User user) { + return user; + } + + @GET + @Path("/adminOnly") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed(User.Role.ADMINISTRATOR) + public User getAdminUser(@Auth User user) { + return user; + } + + @GET + @Path("/adminOnlyWithoutAuth") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed(User.Role.ADMINISTRATOR) + public String getAdminUserWithoutAuth() { + return "Success"; + } + + @GET + @Path("/userWithoutRole") + @Produces(MediaType.APPLICATION_JSON) + public User getUserWithoutRole(@Auth User user) { + return user; + } + + @GET + @Path("/userWithNotRequiredAuth") + @Produces(MediaType.APPLICATION_JSON) + public String getUserWithNotRequiredAuth(@Auth(required = false) User user) { + if (user == null) { + return "User not found"; + } + return "User found " + user.getName(); + } + + @GET + @Path("/userOrAdmin") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed({User.Role.ADMINISTRATOR, User.Role.USER}) + public User getUserOrAdmin(@Auth User user) { + return user; + } + + @GET + @Path("/securityContext") + @Produces(MediaType.APPLICATION_JSON) + public SecurityContext getSecurityContext(@Context SecurityContext securityContext) { + return securityContext; + } + + @GET + @Path("/permitAll") + @Produces(MediaType.APPLICATION_JSON) + @PermitAll + public User getPermitAllUser(@Auth(required = false) User user) { + return user; + } + + @GET + @Path("/denyAll") + @Produces(MediaType.APPLICATION_JSON) + @DenyAll + public User getDenyAllUser(@Auth User user) { + return user; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/resources/configuration.yml ---------------------------------------------------------------------- diff --git a/eagle-server/src/test/resources/configuration.yml b/eagle-server/src/test/resources/configuration.yml index eabb8a1..b49da04 100644 --- a/eagle-server/src/test/resources/configuration.yml +++ b/eagle-server/src/test/resources/configuration.yml @@ -26,7 +26,7 @@ server: # --------------------------------------------- auth: # indicating if authentication is enabled, true for enabled, false for disabled - enabled: false + enabled: true # indicating authentication mode, "simple" or "ldap" mode: simple @@ -38,18 +38,28 @@ auth: # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000, expireAfterWrite=10m cachePolicy: maximumSize=10000, expireAfterWrite=1m - # indicating whether authorization is needed - authorization: false - - # indicating whether @Auth annotation on parameters is needed - annotated: true - # for basic authentication, effective only when auth.mode=simple + # default password is "secret" simple: - # username for basic authentication, effective only when auth.mode=simple - username: admin - # password for basic authentication, effective only when auth.mode=simple - password: secret + accounts: + - name: admin + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb + roles: ADMINISTRATOR + firstName: Admin + lastName: Test + email: [email protected] + - name: user + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb + roles: USER + firstName: User + lastName: Test + email: [email protected] + - name: app + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb + firstName: Application + lastName: Test + roles: APPLICATION + email: [email protected] # for ldap authentication, effective only when auth.mode=ldap ldap: @@ -58,7 +68,7 @@ auth: providerUrl: ldap://server.address.or.domain:port # template string containing ${USERNAME} placeholder. This is designed for some orgs who don't use plain usernames - # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org. When username + # to authenticate, e.g. they may use its members' email address as the name: ${USERNAME}@some.org. When name # is supposed to be recognized originally, just configure this parameter as ${USERNAME} principalTemplate: ${USERNAME}@maybe.email.suffix http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index daa24a2..34f73ef 100755 --- a/pom.xml +++ b/pom.xml @@ -234,6 +234,7 @@ <metrics.version>3.1.0</metrics.version> <mapdb.version>3.0.0-M6</mapdb.version> <asm.version>5.0</asm.version> + <jasypt.version>1.9.2</jasypt.version> <!-- Streaming --> <!--<kafka.version>0.10.0.0</kafka.version>--> @@ -486,6 +487,11 @@ <artifactId>reflections</artifactId> <version>${reflections.version}</version> </dependency> + <dependency> + <groupId>org.jasypt</groupId> + <artifactId>jasypt</artifactId> + <version>${jasypt.version}</version> + </dependency> <!-- Serialization --> <dependency> @@ -1318,6 +1324,11 @@ </build> <repositories> <repository> + <id>maven.central</id> + <name>Maven Central Repository</name> + <url>http://central.maven.org/maven2</url> + </repository> + <repository> <id>maven.repo1</id> <name>Maven Repo1 Repository</name> <url>http://repo1.maven.org/maven2</url>
