PulseVerificationTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package org.apache.geode.tools.pulse;

import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_PORT;
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
import static org.assertj.core.api.Assertions.assertThat;

import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.security.SimpleTestSecurityManager;
import org.apache.geode.test.dunit.rules.LocatorStarterRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

import java.util.ArrayList;
import java.util.List;
import java.util.Properties;


@Category(IntegrationTest.class)
public class PulseVerificationTest {

  private static int httpPort = AvailablePortHelper.getRandomAvailableTCPPort();

  // use a random port when fixing GEODE-2671
  private static int jmxPort = 1099; // AvailablePortHelper.getRandomAvailableTCPPort();

  private static HttpHost host;

  private static Properties locatorProps = new Properties() {
    {
      setProperty(HTTP_SERVICE_PORT, httpPort + "");
      setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName());
      setProperty(JMX_MANAGER_PORT, jmxPort + "");
    }
  };

  @ClassRule
  public static LocatorStarterRule locatorRule = new LocatorStarterRule(locatorProps);

  private HttpClient httpClient;
  private HttpContext context;

  @BeforeClass
  public static void beforeClass() throws Exception {
    host = new HttpHost("localhost", httpPort);
  }

  @Before
  public void before() throws Exception {
    httpClient = HttpClients.createDefault();
    context = new BasicHttpContext();
  }

  @Test
  public void loginWithIncorrectPassword() throws Exception {
    HttpPost request = new HttpPost("/pulse/login");
    List<NameValuePair> nvps = new ArrayList<>();
    nvps.add(new BasicNameValuePair("username", "data"));
    nvps.add(new BasicNameValuePair("password", "wrongPassword"));
    request.setEntity(new UrlEncodedFormEntity(nvps));
    HttpResponse response = httpClient.execute(host, request, context);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
    assertThat(response.getFirstHeader("Location").getValue())
        .contains("/pulse/login.html?error=BAD_CREDS");
  }

  @Test
  public void loginWithDataOnly() throws Exception {
    HttpPost post = new HttpPost("/pulse/login");
    List<NameValuePair> nvps = new ArrayList<>();
    nvps.add(new BasicNameValuePair("username", "data"));
    nvps.add(new BasicNameValuePair("password", "data"));
    post.setEntity(new UrlEncodedFormEntity(nvps));

    HttpResponse response = httpClient.execute(host, post, context);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
    assertThat(response.getFirstHeader("Location").getValue())
        .contains("/pulse/clusterDetail.html");

    // this would requiest cluster permission
    HttpGet get = new HttpGet("/pulse/clusterDetail.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(403);

    // this would require both cluster and data permission
    get = new HttpGet("/pulse/dataBrowser.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(403);
  }


  @Test
  public void loginAllAccess() throws Exception {
    HttpPost post = new HttpPost("/pulse/login");
    List<NameValuePair> nvps = new ArrayList<>();
    nvps.add(new BasicNameValuePair("username", "CLUSTER,DATA"));
    nvps.add(new BasicNameValuePair("password", "CLUSTER,DATA"));
    post.setEntity(new UrlEncodedFormEntity(nvps));

    HttpResponse response = httpClient.execute(host, post, context);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
    assertThat(response.getFirstHeader("Location").getValue())
        .contains("/pulse/clusterDetail.html");

    HttpGet get = new HttpGet("/pulse/clusterDetail.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200);

    get = new HttpGet("/pulse/dataBrowser.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200);
  }

  @Test
  public void loginWithClusterOnly() throws Exception {
    HttpPost post = new HttpPost("/pulse/login");
    List<NameValuePair> nvps = new ArrayList<>();
    nvps.add(new BasicNameValuePair("username", "cluster"));
    nvps.add(new BasicNameValuePair("password", "cluster"));
    post.setEntity(new UrlEncodedFormEntity(nvps));

    HttpResponse response = httpClient.execute(host, post, context);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
    assertThat(response.getFirstHeader("Location").getValue())
        .contains("/pulse/clusterDetail.html");

    HttpGet get = new HttpGet("/pulse/clusterDetail.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(200);

    // accessing data browser will be denied
    get = new HttpGet("/pulse/dataBrowser.html");
    response = httpClient.execute(host, get);
    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(403);
  }


}