ServerResourceIntegrationTest.java example

Explorer
incubator-brooklyn-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.brooklyn.rest.resources;

import static org.apache.brooklyn.util.http.HttpTool.httpClientBuilder;
import static org.testng.Assert.assertEquals;

import java.net.URI;
import java.util.Collections;
import java.util.Map;

import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.mgmt.internal.LocalManagementContext;
import org.apache.brooklyn.core.mgmt.internal.ManagementContextInternal;
import org.apache.brooklyn.rest.BrooklynRestApiLauncher;
import org.apache.brooklyn.rest.BrooklynRestApiLauncherTestFixture;
import org.apache.brooklyn.rest.security.provider.TestSecurityProvider;
import org.apache.brooklyn.test.HttpTestUtils;
import org.apache.brooklyn.util.http.HttpTool;
import org.apache.brooklyn.util.http.HttpToolResponse;
import org.apache.http.HttpStatus;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.eclipse.jetty.server.Server;
import org.testng.annotations.Test;

import com.google.common.collect.ImmutableMap;

public class ServerResourceIntegrationTest extends BrooklynRestApiLauncherTestFixture {

    /**
     * [sam] Other tests rely on brooklyn.properties not containing security properties so ..
     * I think the best way to test this is to set a security provider, then reload properties
     * and check no authentication is required.
     * 
     * [aled] Changing this test so doesn't rely on brooklyn.properties having no security
     * provider (that can lead to failures locally when running just this test). Asserts 
     */
    @Test(groups = "Integration")
    public void testSecurityProviderUpdatesWhenPropertiesReloaded() {
        BrooklynProperties brooklynProperties = BrooklynProperties.Factory.newEmpty();
        brooklynProperties.put("brooklyn.webconsole.security.users", "admin");
        brooklynProperties.put("brooklyn.webconsole.security.user.admin.password", "mypassword");
        UsernamePasswordCredentials defaultCredential = new UsernamePasswordCredentials("admin", "mypassword");

        ManagementContext mgmt = new LocalManagementContext(brooklynProperties);
        
        try {
            Server server = useServerForTest(BrooklynRestApiLauncher.launcher()
                    .managementContext(mgmt)
                    .withoutJsgui()
                    .securityProvider(TestSecurityProvider.class)
                    .start());
            String baseUri = getBaseUri(server);
    
            HttpToolResponse response;
            final URI uri = URI.create(getBaseUri() + "/v1/server/properties/reload");
            final Map<String, String> args = Collections.emptyMap();
    
            // Unauthorised when no credentials, and when default credentials.
            response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).build(), uri, args, args);
            assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
    
            response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(), 
                    uri, args, args);
            assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);

            // Accepts TestSecurityProvider credentials, and we reload.
            response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
                    uri, args, args);
            HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
    
            // Has no gone back to credentials from brooklynProperties; TestSecurityProvider credentials no longer work
            response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(), 
                    uri, args, args);
            HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
            
            response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(), 
                    uri, args, args);
            assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
    
        } finally {
            ((ManagementContextInternal)mgmt).terminate();
        }
    }

    @Test(groups = "Integration")
    public void testGetUser() throws Exception {
        Server server = useServerForTest(BrooklynRestApiLauncher.launcher()
                .securityProvider(TestSecurityProvider.class)
                .withoutJsgui()
                .start());
        assertEquals(getServerUser(server), TestSecurityProvider.USER);
    }

    private String getServerUser(Server server) throws Exception {
        HttpClient client = httpClientBuilder()
                .uri(getBaseUri(server))
                .credentials(TestSecurityProvider.CREDENTIAL)
                .build();
        
        HttpToolResponse response = HttpTool.httpGet(client, URI.create(getBaseUri(server) + "/v1/server/user"),
                ImmutableMap.<String, String>of());
        HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
        return response.getContentAsString();
    }

}