[ https://issues.apache.org/jira/browse/GEODE-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15644973#comment-15644973 ]
ASF GitHub Bot commented on GEODE-1993: --------------------------------------- Github user jinmeiliao commented on a diff in the pull request: https://github.com/apache/incubator-geode/pull/276#discussion_r86820194 --- Diff: geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java --- @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.rest.internal.web; + +import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS; +import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; +import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getCode; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getContentType; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getJsonArray; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getJsonObject; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import org.apache.commons.io.IOUtils; +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.execute.FunctionService; +import org.apache.geode.internal.AvailablePortHelper; +import org.apache.geode.rest.internal.web.controllers.GetRegions; +import org.apache.geode.security.templates.SamplePostProcessor; +import org.apache.geode.security.templates.SampleSecurityManager; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.apache.http.HttpResponse; +import org.json.JSONArray; +import org.json.JSONObject; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.springframework.http.MediaType; + +import java.net.URLEncoder; +import java.util.Properties; + + +@Category({IntegrationTest.class, SecurityTest.class}) +public class RestSecurityPostProcessorTest { + + static final String REGION_NAME = "AuthRegion"; + + static int restPort = AvailablePortHelper.getRandomAvailableTCPPort(); + static Properties properties = new Properties() { + { + setProperty(SampleSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json"); + setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + setProperty(START_DEV_REST_API, "true"); + setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost"); + setProperty(HTTP_SERVICE_PORT, restPort + ""); + setProperty(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName()); + } + }; + + @ClassRule + public static ServerStarterRule serverStarter = new ServerStarterRule(properties); + private final GeodeRestClient restClient = new GeodeRestClient("localhost", restPort); + + @BeforeClass + public static void before() throws Exception { + serverStarter.startServer(); + Region region = + serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + region.put("key1", + "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.b...@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}"); + region.put("key2", "bar"); + serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create("customers"); + FunctionService.registerFunction(new GetRegions()); + } + + /** + * Test post-processing of a retrieved key from the server. + */ + @Test + public void getRegionKey() throws Exception { + + // Test a single key + HttpResponse response = restClient.doGet("/" + REGION_NAME + "/key1", "key1User", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + String body = IOUtils.toString(response.getEntity().getContent(), "UTF-8"); + assertTrue(body.startsWith("\"key1User/" + REGION_NAME + "/key1/")); --- End diff -- Why the key1User is quoted? > value returned through /region/key rest service needs to be post processed > -------------------------------------------------------------------------- > > Key: GEODE-1993 > URL: https://issues.apache.org/jira/browse/GEODE-1993 > Project: Geode > Issue Type: New Feature > Components: management > Reporter: Jinmei Liao > Assignee: Kevin Duling > Fix For: 1.1.0-incubating > > > The new rest security did not use post processor before returning the value > back to the client. -- This message was sent by Atlassian JIRA (v6.3.4#6332)