gresockj commented on a change in pull request #4976: URL: https://github.com/apache/nifi/pull/4976#discussion_r608586502
########## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java ########## @@ -298,6 +299,56 @@ public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception testPOSTRequestsReceived(HttpServletResponse.SC_OK, true, true); } + @Test + public void testSecureTwoWaySslPOSTRequestsReceivedWithAuthorizedSubjectDn() throws Exception { + configureProcessorSslContextService(ListenHTTP.ClientAuthentication.REQUIRED, serverConfiguration); + + runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort)); + runner.setProperty(ListenHTTP.AUTHORIZED_DN_PATTERN, LOCALHOST_DN); + runner.setProperty(ListenHTTP.BASE_PATH, HTTP_BASE_PATH); + runner.assertValid(); + + testPOSTRequestsReceived(HttpServletResponse.SC_OK, true, true); + } + + @Test + public void testSecureTwoWaySslPOSTRequestsReceivedWithUnauthorizedSubjectDn() throws Exception { + configureProcessorSslContextService(ListenHTTP.ClientAuthentication.REQUIRED, serverConfiguration); + + runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort)); + runner.setProperty(ListenHTTP.AUTHORIZED_DN_PATTERN, "CN=other"); + runner.setProperty(ListenHTTP.BASE_PATH, HTTP_BASE_PATH); + runner.assertValid(); + + testPOSTRequestsReceived(HttpServletResponse.SC_FORBIDDEN, true, true); + } + + @Test + public void testSecureTwoWaySslPOSTRequestsReceivedWithAuthorizedIssuerDn() throws Exception { Review comment: I wanted to show that configuring the subject and issuer DN patterns to something other than .* would actually work if the patterns matched, so I'd like to keep this one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org