Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 50D2B200BAC for ; Wed, 26 Oct 2016 22:10:38 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 4F6C6160AEE; Wed, 26 Oct 2016 20:10:38 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A1DAB160AE1 for ; Wed, 26 Oct 2016 22:10:36 +0200 (CEST) Received: (qmail 46313 invoked by uid 500); 26 Oct 2016 20:10:35 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 46304 invoked by uid 99); 26 Oct 2016 20:10:35 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Oct 2016 20:10:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 3990618068F for ; Wed, 26 Oct 2016 20:10:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -6.209 X-Spam-Level: X-Spam-Status: No, score=-6.209 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.999, T_FILL_THIS_FORM_SHORT=0.01] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id nVldudVgqgUX for ; Wed, 26 Oct 2016 20:10:28 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 5220B5FC6C for ; Wed, 26 Oct 2016 20:10:26 +0000 (UTC) Received: (qmail 44993 invoked by uid 99); 26 Oct 2016 20:10:25 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Oct 2016 20:10:25 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 2DD95E00DB; Wed, 26 Oct 2016 20:10:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klund@apache.org To: commits@geode.incubator.apache.org Date: Wed, 26 Oct 2016 20:10:33 -0000 Message-Id: <0d09806f9fb04cd6aa48fb6535698a7b@git.apache.org> In-Reply-To: <7cb97f476ce24770b4298509f9df2a16@git.apache.org> References: <7cb97f476ce24770b4298509f9df2a16@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [09/15] incubator-geode git commit: GEODE-2020: for rest api get request, use utf-8 as response encoding. archived-at: Wed, 26 Oct 2016 20:10:38 -0000 GEODE-2020: for rest api get request, use utf-8 as response encoding. * add more test assertions. * fix legacy tests Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/fadd92b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/fadd92b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/fadd92b0 Branch: refs/heads/feature/GEODE-2012 Commit: fadd92b0556ac6d3a48ffccbf64100fd94689e62 Parents: af55d92 Author: Jinmei Liao Authored: Thu Oct 20 15:28:50 2016 -0700 Committer: Jinmei Liao Committed: Fri Oct 21 10:37:54 2016 -0700 ---------------------------------------------------------------------- .../rest/internal/web/GeodeRestClient.java | 148 +++++++ .../web/RestSecurityIntegrationTest.java | 410 ++++++------------- .../web/controllers/CommonCrudController.java | 6 +- .../controllers/FunctionAccessController.java | 2 +- .../web/controllers/PdxBasedCrudController.java | 4 +- .../web/controllers/QueryAccessController.java | 4 +- 6 files changed, 290 insertions(+), 284 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java ---------------------------------------------------------------------- diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java new file mode 100644 index 0000000..c83cebb --- /dev/null +++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geode.rest.internal.web; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.MalformedURLException; +import java.nio.charset.StandardCharsets; + +import org.apache.http.HttpEntity; +import org.apache.http.HttpHost; +import org.apache.http.HttpResponse; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.AuthCache; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpHead; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.impl.client.BasicAuthCache; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.json.JSONTokener; +import org.junit.Assert; + +public class GeodeRestClient { + + public final static String PROTOCOL = "http"; + public final static String HOSTNAME = "localhost"; + public final static String CONTEXT = "/geode/v1"; + + private int restPort = 0; + public GeodeRestClient(int restPort){ + this.restPort = restPort; + } + + public HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException { + HttpHead httpHead = new HttpHead(CONTEXT + query); + return doRequest(httpHead, username, password); + } + + public HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException { + HttpPost httpPost = new HttpPost(CONTEXT + query); + httpPost.addHeader("content-type", "application/json"); + httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8)); + return doRequest(httpPost, username, password); + } + + public HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException { + HttpPut httpPut = new HttpPut(CONTEXT + query); + httpPut.addHeader("content-type", "application/json"); + httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8)); + return doRequest(httpPut, username, password); + } + + public HttpResponse doGet(String uri, String username, String password) throws MalformedURLException { + HttpGet getRequest = new HttpGet(CONTEXT + uri); + return doRequest(getRequest, username, password); + } + public HttpResponse doGet(String uri) throws MalformedURLException { + return doGet(uri, null, null); + } + + public HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException { + HttpDelete httpDelete = new HttpDelete(CONTEXT + uri); + return doRequest(httpDelete, username, password); + } + + public static String getContentType(HttpResponse response){ + return response.getEntity().getContentType().getValue(); + } + + /** + * Retrieve the status code of the HttpResponse + * + * @param response The HttpResponse message received from the server + * + * @return a numeric value + */ + public static int getCode(HttpResponse response) { + return response.getStatusLine().getStatusCode(); + } + + public static JSONTokener getResponseBody(HttpResponse response) throws IOException { + HttpEntity entity = response.getEntity(); + InputStream content = entity.getContent(); + BufferedReader reader = new BufferedReader(new InputStreamReader(content)); + String line; + StringBuilder str = new StringBuilder(); + while ((line = reader.readLine()) != null) { + str.append(line); + } + return new JSONTokener(str.toString()); + } + + private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException { + HttpHost targetHost = new HttpHost(HOSTNAME,restPort, PROTOCOL); + CloseableHttpClient httpclient = HttpClients.custom().build(); + HttpClientContext clientContext = HttpClientContext.create(); + // if username is null, do not put in authentication + if (username != null) { + CredentialsProvider credsProvider = new BasicCredentialsProvider(); + credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password)); + httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build(); + AuthCache authCache = new BasicAuthCache(); + BasicScheme basicAuth = new BasicScheme(); + authCache.put(targetHost, basicAuth); + clientContext.setCredentialsProvider(credsProvider); + clientContext.setAuthCache(authCache); + } + + try { + return httpclient.execute(targetHost, request, clientContext); + } catch (ClientProtocolException e) { + e.printStackTrace(); + Assert.fail("Rest GET should not have thrown ClientProtocolException!"); + } catch (IOException e) { + e.printStackTrace(); + Assert.fail("Rest GET Request should not have thrown IOException!"); + } + return null; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java index 6e91894..5f66f3b 100644 --- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java +++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java @@ -19,42 +19,16 @@ package org.apache.geode.rest.internal.web; import static org.apache.geode.distributed.ConfigurationProperties.*; import static org.junit.Assert.*; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.net.MalformedURLException; -import java.nio.charset.StandardCharsets; import java.util.Properties; -import org.apache.http.HttpEntity; -import org.apache.http.HttpHost; import org.apache.http.HttpResponse; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.AuthCache; -import org.apache.http.client.ClientProtocolException; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpHead; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.client.protocol.HttpClientContext; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.impl.client.BasicAuthCache; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; import org.json.JSONArray; import org.json.JSONObject; -import org.json.JSONTokener; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.springframework.http.MediaType; import org.apache.geode.cache.RegionShortcut; import org.apache.geode.internal.AvailablePortHelper; @@ -69,10 +43,6 @@ public class RestSecurityIntegrationTest { protected static final String REGION_NAME = "AuthRegion"; - public final static String PROTOCOL = "http"; - public final static String HOSTNAME = "localhost"; - public final static String CONTEXT = "/geode/v1"; - private static int restPort = AvailablePortHelper.getRandomAvailableTCPPort(); static Properties properties = new Properties() {{ setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json"); @@ -84,6 +54,7 @@ public class RestSecurityIntegrationTest { @ClassRule public static ServerStarter serverStarter = new ServerStarter(properties); + private final GeodeRestClient restClient = new GeodeRestClient(restPort); @BeforeClass public static void before() throws Exception { @@ -95,95 +66,99 @@ public class RestSecurityIntegrationTest { public void testFunctions() throws Exception { String json = "{\"@type\":\"double\",\"@value\":210}"; - HttpResponse response = doGet("/functions", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); - response = doGet("/functions", "stranger", "1234567"); - assertEquals(403, getCode(response)); - response = doGet("/functions", "dataReader", "1234567"); - assertTrue(isOK(response)); - - response = doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json); - assertEquals(401, getCode(response)); - response = doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json); - assertEquals(403, getCode(response)); - response = doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json); + HttpResponse response = restClient.doGet("/functions", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doGet("/functions", "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doGet("/functions", "dataReader", "1234567"); + assertEquals(200, restClient.getCode(response)); + response.getEntity(); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); + + response = restClient.doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json); + assertEquals(401, restClient.getCode(response)); + response = restClient.doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json); + assertEquals(403, restClient.getCode(response)); + response = restClient.doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json); // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable - assertEquals(500, getCode(response)); + assertEquals(500, restClient.getCode(response)); } @Test public void testQueries() throws Exception { - HttpResponse response = doGet("/queries", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); - response = doGet("/queries", "stranger", "1234567"); - assertEquals(403, getCode(response)); - response = doGet("/queries", "dataReader", "1234567"); - assertEquals(200, getCode(response)); + HttpResponse response = restClient.doGet("/queries", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doGet("/queries", "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doGet("/queries", "dataReader", "1234567"); + assertEquals(200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); } @Test public void testAdhocQuery() throws Exception { - HttpResponse response = doGet("/queries/adhoc?q=", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); - response = doGet("/queries/adhoc?q=", "stranger", "1234567"); - assertEquals(403, getCode(response)); - response = doGet("/queries/adhoc?q=", "dataReader", "1234567"); + HttpResponse response = restClient.doGet("/queries/adhoc?q=", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doGet("/queries/adhoc?q=", "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doGet("/queries/adhoc?q=", "dataReader", "1234567"); // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable - assertEquals(500, getCode(response)); + assertEquals(500, restClient.getCode(response)); } @Test public void testPostQuery() throws Exception { - HttpResponse response = doPost("/queries?id=0&q=", "unknown-user", "1234567", ""); - assertEquals(401, getCode(response)); - response = doPost("/queries?id=0&q=", "stranger", "1234567", ""); - assertEquals(403, getCode(response)); - response = doPost("/queries?id=0&q=", "dataReader", "1234567", ""); + HttpResponse response = restClient.doPost("/queries?id=0&q=", "unknown-user", "1234567", ""); + assertEquals(401, restClient.getCode(response)); + response = restClient.doPost("/queries?id=0&q=", "stranger", "1234567", ""); + assertEquals(403, restClient.getCode(response)); + response = restClient.doPost("/queries?id=0&q=", "dataReader", "1234567", ""); // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable - assertEquals(500, getCode(response)); + assertEquals(500, restClient.getCode(response)); } @Test public void testPostQuery2() throws Exception { - HttpResponse response = doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}"); - assertEquals(401, getCode(response)); - response = doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}"); - assertEquals(403, getCode(response)); - response = doPost("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}"); + HttpResponse response = restClient.doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doPost("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}"); // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable - assertEquals(500, getCode(response)); + assertEquals(500, restClient.getCode(response)); } @Test public void testPutQuery() throws Exception { - HttpResponse response = doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}"); - assertEquals(401, getCode(response)); - response = doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}"); - assertEquals(403, getCode(response)); - response = doPut("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}"); + HttpResponse response = restClient.doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doPut("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}"); // We should get a 404 because we're trying to update a query that doesn't exist - assertEquals(404, getCode(response)); + assertEquals(404, restClient.getCode(response)); } @Test public void testDeleteQuery() throws Exception { - HttpResponse response = doDelete("/queries/id", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); - response = doDelete("/queries/id", "stranger", "1234567"); - assertEquals(403, getCode(response)); - response = doDelete("/queries/id", "dataWriter", "1234567"); + HttpResponse response = restClient.doDelete("/queries/id", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doDelete("/queries/id", "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doDelete("/queries/id", "dataWriter", "1234567"); // We should get a 404 because we're trying to delete a query that doesn't exist - assertEquals(404, getCode(response)); + assertEquals(404, restClient.getCode(response)); } @Test public void testServers() throws Exception { - HttpResponse response = doGet("/servers", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); - response = doGet("/servers", "stranger", "1234567"); - assertEquals(403, getCode(response)); - response = doGet("/servers", "super-user", "1234567"); - assertTrue(isOK(response)); + HttpResponse response = restClient.doGet("/servers", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doGet("/servers", "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); + response = restClient.doGet("/servers", "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); } /** @@ -192,27 +167,15 @@ public class RestSecurityIntegrationTest { */ @Test public void testPing() throws Exception { - HttpResponse response = doHEAD("/ping", "stranger", "1234567"); - assertTrue(isOK(response)); - response = doGet("/ping", "stranger", "1234567"); - assertTrue(isOK(response)); - - response = doHEAD("/ping", "super-user", "1234567"); - assertTrue(isOK(response)); - response = doGet("/ping", "super-user", "1234567"); - assertTrue(isOK(response)); - - // TODO - invalid username/password should still respond, but doesn't - // response = doHEAD("/ping", "unknown-user", "badpassword"); - // assertTrue(isOK(response)); - // response = doGet("/ping", "unknown-user", "badpassword"); - // assertTrue(isOK(response)); - - // TODO - credentials are currently required and shouldn't be for this endpoint - // response = doHEAD("/ping", null, null); - // assertTrue(isOK(response)); - // response = doGet("/ping", null, null); - // assertTrue(isOK(response)); + HttpResponse response = restClient.doHEAD("/ping", "stranger", "1234567"); + assertEquals(200, restClient.getCode(response)); + response = restClient.doGet("/ping", "stranger", "1234567"); + assertEquals(200, restClient.getCode(response)); + + response = restClient.doHEAD("/ping", "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); + response = restClient.doGet("/ping", "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); } /** @@ -220,11 +183,11 @@ public class RestSecurityIntegrationTest { */ @Test public void getRegions() throws Exception { - HttpResponse response = doGet("", "dataReader", "1234567"); - assertEquals("A '200 - OK' was expected", 200, getCode(response)); + HttpResponse response = restClient.doGet("", "dataReader", "1234567"); + assertEquals("A '200 - OK' was expected", 200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); - assertTrue(isOK(response)); - JSONObject jsonObject = new JSONObject(getResponseBody(response)); + JSONObject jsonObject = new JSONObject(restClient.getResponseBody(response)); JSONArray regions = jsonObject.getJSONArray("regions"); assertNotNull(regions); assertTrue(regions.length() > 0); @@ -233,12 +196,12 @@ public class RestSecurityIntegrationTest { assertEquals("REPLICATE", region.get("type")); // List regions with an unknown user - 401 - response = doGet("", "unknown-user", "badpassword"); - assertEquals(401, getCode(response)); + response = restClient.doGet("", "unknown-user", "badpassword"); + assertEquals(401, restClient.getCode(response)); // list regions with insufficent rights - 403 - response = doGet("", "authRegionReader", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doGet("", "authRegionReader", "1234567"); + assertEquals(403, restClient.getCode(response)); } /** @@ -247,16 +210,17 @@ public class RestSecurityIntegrationTest { @Test public void getRegion() throws Exception { // Test an unknown user - 401 error - HttpResponse response = doGet("/" + REGION_NAME, "unknown-user", "1234567"); - assertEquals(401, getCode(response)); + HttpResponse response = restClient.doGet("/" + REGION_NAME, "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); // Test a user with insufficient rights - 403 - response = doGet("/" + REGION_NAME, "stranger", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doGet("/" + REGION_NAME, "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); // Test an authorized user - 200 - response = doGet("/" + REGION_NAME, "super-user", "1234567"); - assertTrue(isOK(response)); + response = restClient.doGet("/" + REGION_NAME, "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); } /** @@ -265,16 +229,16 @@ public class RestSecurityIntegrationTest { @Test public void headRegion() throws Exception { // Test an unknown user - 401 error - HttpResponse response = doHEAD("/" + REGION_NAME, "unknown-user", "1234567"); - assertEquals(401, getCode(response)); + HttpResponse response = restClient.doHEAD("/" + REGION_NAME, "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); // Test a user with insufficient rights - 403 - response = doHEAD("/" + REGION_NAME, "stranger", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doHEAD("/" + REGION_NAME, "stranger", "1234567"); + assertEquals(403, restClient.getCode(response)); // Test an authorized user - 200 - response = doHEAD("/" + REGION_NAME, "super-user", "1234567"); - assertTrue(isOK(response)); + response = restClient.doHEAD("/" + REGION_NAME, "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); } /** @@ -283,12 +247,12 @@ public class RestSecurityIntegrationTest { @Test public void deleteRegion() throws Exception { // Test an unknown user - 401 error - HttpResponse response = doDelete("/" + REGION_NAME, "unknown-user", "1234567"); - assertEquals(401, getCode(response)); + HttpResponse response = restClient.doDelete("/" + REGION_NAME, "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); // Test a user with insufficient rights - 403 - response = doDelete("/" + REGION_NAME, "dataReader", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doDelete("/" + REGION_NAME, "dataReader", "1234567"); + assertEquals(403, restClient.getCode(response)); } /** @@ -297,11 +261,12 @@ public class RestSecurityIntegrationTest { @Test public void getRegionKeys() throws Exception { // Test an authorized user - HttpResponse response = doGet("/" + REGION_NAME + "/keys", "super-user", "1234567"); - assertTrue(isOK(response)); + HttpResponse response = restClient.doGet("/" + REGION_NAME + "/keys", "super-user", "1234567"); + assertEquals(200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); // Test an unauthorized user - response = doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567"); + assertEquals(403, restClient.getCode(response)); } /** @@ -310,11 +275,13 @@ public class RestSecurityIntegrationTest { @Test public void getRegionKey() throws Exception { // Test an authorized user - HttpResponse response = doGet("/" + REGION_NAME + "/key1", "key1User", "1234567"); - assertTrue(isOK(response)); + HttpResponse response = restClient.doGet("/" + REGION_NAME + "/key1", "key1User", "1234567"); + assertEquals(200, restClient.getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response)); + // Test an unauthorized user - response = doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567"); + assertEquals(403, restClient.getCode(response)); } /** @@ -323,16 +290,16 @@ public class RestSecurityIntegrationTest { @Test public void deleteRegionKey() throws Exception { // Test an unknown user - 401 error - HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567"); - assertEquals(401, getCode(response)); + HttpResponse response = restClient.doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567"); + assertEquals(401, restClient.getCode(response)); // Test a user with insufficient rights - 403 - response = doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567"); - assertEquals(403, getCode(response)); + response = restClient.doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567"); + assertEquals(403, restClient.getCode(response)); // Test an authorized user - 200 - response = doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567"); - assertTrue(isOK(response)); + response = restClient.doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567"); + assertEquals(200, restClient.getCode(response)); } /** @@ -341,17 +308,16 @@ public class RestSecurityIntegrationTest { @Test public void postRegionKey() throws Exception { // Test an unknown user - 401 error - HttpResponse response = doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }"); - assertEquals(401, getCode(response)); + HttpResponse response = restClient.doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }"); + assertEquals(401, restClient.getCode(response)); // Test a user with insufficient rights - 403 - response = doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }"); - assertEquals(403, getCode(response)); + response = restClient.doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }"); + assertEquals(403, restClient.getCode(response)); // Test an authorized user - 200 - response = doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }"); - assertEquals(201, getCode(response)); - assertTrue(isOK(response)); + response = restClient.doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }"); + assertEquals(201, restClient.getCode(response)); } /** @@ -363,135 +329,27 @@ public class RestSecurityIntegrationTest { String json = "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}"; String casJSON = "{\"@old\":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225},\"@new \":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1013,\"description\":\"Order for New Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/25/2014\",\"contact\":\"Vanilla Bean\",\"email\":\"vanillabean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":12345,\"description\":\"part 123\",\"quantity\":12,\"unitPrice\":29.99,\"totalPrice\":149.95}],\"totalPrice\":149.95}}"; // Test an unknown user - 401 error - HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }"); - assertEquals(401, getCode(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }"); - assertEquals(401, getCode(response)); - response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }"); - assertEquals(401, getCode(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }"); - assertEquals(403, getCode(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }"); - assertEquals(403, getCode(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON); - assertEquals(403, getCode(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }"); - assertEquals(200, getCode(response)); - assertTrue(isOK(response)); - - response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json); - assertEquals(200, getCode(response)); - assertTrue(isOK(response)); - } - - protected HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException { - HttpHead httpHead = new HttpHead(CONTEXT + query); - return doRequest(httpHead, username, password); - } - - - protected HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException { - HttpPost httpPost = new HttpPost(CONTEXT + query); - httpPost.addHeader("content-type", "application/json"); - httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8)); - return doRequest(httpPost, username, password); - } - + HttpResponse response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }"); + assertEquals(401, restClient.getCode(response)); - protected HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException { - HttpPut httpPut = new HttpPut(CONTEXT + query); - httpPut.addHeader("content-type", "application/json"); - httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8)); - return doRequest(httpPut, username, password); - } + response = restClient.doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }"); + assertEquals(401, restClient.getCode(response)); + response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }"); + assertEquals(401, restClient.getCode(response)); - protected HttpResponse doGet(String uri, String username, String password) throws MalformedURLException { - HttpGet getRequest = new HttpGet(CONTEXT + uri); - return doRequest(getRequest, username, password); - } + response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }"); + assertEquals(403, restClient.getCode(response)); - protected HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException { - HttpDelete httpDelete = new HttpDelete(CONTEXT + uri); - return doRequest(httpDelete, username, password); - } + response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }"); + assertEquals(403, restClient.getCode(response)); - /** - * Check the HTTP status of the response and return if it's within the OK range - * - * @param response The HttpResponse message received from the server - * - * @return true if the status code is a 2XX-type code (200-299), otherwise false - */ - protected boolean isOK(HttpResponse response) { - int returnCode = response.getStatusLine().getStatusCode(); - return (returnCode < 300 && returnCode >= 200); - } + response = restClient.doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON); + assertEquals(403, restClient.getCode(response)); - /** - * Check the HTTP status of the response and return true if a 401 - * - * @param response The HttpResponse message received from the server - * - * @return true if the status code is 401, otherwise false - */ - protected boolean isUnauthorized(HttpResponse response) { - int returnCode = response.getStatusLine().getStatusCode(); - return returnCode == 401; - } - - /** - * Retrieve the status code of the HttpResponse - * - * @param response The HttpResponse message received from the server - * - * @return a numeric value - */ - protected int getCode(HttpResponse response) { - return response.getStatusLine().getStatusCode(); - } - - protected JSONTokener getResponseBody(HttpResponse response) throws IOException { - HttpEntity entity = response.getEntity(); - InputStream content = entity.getContent(); - BufferedReader reader = new BufferedReader(new InputStreamReader(content)); - String line; - StringBuilder str = new StringBuilder(); - while ((line = reader.readLine()) != null) { - str.append(line); - } - return new JSONTokener(str.toString()); - } + response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }"); + assertEquals(200, restClient.getCode(response)); - private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException { - HttpHost targetHost = new HttpHost(HOSTNAME, this.restPort, PROTOCOL); - CloseableHttpClient httpclient = HttpClients.custom().build(); - HttpClientContext clientContext = HttpClientContext.create(); - // if username is null, do not put in authentication - if (username != null) { - CredentialsProvider credsProvider = new BasicCredentialsProvider(); - credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password)); - httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build(); - AuthCache authCache = new BasicAuthCache(); - BasicScheme basicAuth = new BasicScheme(); - authCache.put(targetHost, basicAuth); - clientContext.setCredentialsProvider(credsProvider); - clientContext.setAuthCache(authCache); - } - - try { - return httpclient.execute(targetHost, request, clientContext); - } catch (ClientProtocolException e) { - e.printStackTrace(); - fail("Rest GET should not have thrown ClientProtocolException!"); - } catch (IOException e) { - e.printStackTrace(); - fail("Rest GET Request should not have thrown IOException!"); - } - return null; + response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json); + assertEquals(200, restClient.getCode(response)); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java ---------------------------------------------------------------------- diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java index 30c8b3a..935b3ad 100644 --- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java +++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java @@ -63,7 +63,7 @@ public abstract class CommonCrudController extends AbstractBaseController { * * @return JSON document containing result */ - @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_JSON_VALUE }) + @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE}) @ApiOperation( value = "list all resources (Regions)", notes = "List all available resources (Regions) in the GemFire cluster", @@ -92,7 +92,7 @@ public abstract class CommonCrudController extends AbstractBaseController { * @return JSON document containing result */ @RequestMapping(method = RequestMethod.GET, value = "/{region}/keys", - produces = { MediaType.APPLICATION_JSON_VALUE } ) + produces = { MediaType.APPLICATION_JSON_UTF8_VALUE } ) @ApiOperation( value = "list all keys", notes = "List all keys in region", @@ -198,7 +198,7 @@ public abstract class CommonCrudController extends AbstractBaseController { return new ResponseEntity<>(HttpStatus.OK); } - @RequestMapping(method = { RequestMethod.GET }, value = "/servers") + @RequestMapping(method = { RequestMethod.GET }, value = "/servers", produces = { MediaType.APPLICATION_JSON_UTF8_VALUE } ) @ApiOperation( value = "fetch all REST enabled servers in the DS", notes = "Find all gemfire node where developer REST service is up and running!", http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java ---------------------------------------------------------------------- diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java index e1ea1ad..831083e 100644 --- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java +++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java @@ -86,7 +86,7 @@ public class FunctionAccessController extends AbstractBaseController { * * @return result as a JSON document. */ - @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) + @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE }) @ApiOperation( value = "list all functions", notes = "list all functions available in the GemFire cluster", http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java ---------------------------------------------------------------------- diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java index ebb8ccc..32de04e 100644 --- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java +++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java @@ -134,7 +134,7 @@ public class PdxBasedCrudController extends CommonCrudController { * @param limit total number of entries requested * @return JSON document */ - @RequestMapping(method = RequestMethod.GET, value = "/{region}", produces = MediaType.APPLICATION_JSON_VALUE) + @RequestMapping(method = RequestMethod.GET, value = "/{region}", produces = MediaType.APPLICATION_JSON_UTF8_VALUE) @ApiOperation( value = "read all data for region", notes = "Read all data for region. Use limit param to get fixed or limited number of entries.", @@ -213,7 +213,7 @@ public class PdxBasedCrudController extends CommonCrudController { * @return JSON document */ @RequestMapping(method = RequestMethod.GET, value = "/{region}/{keys}", - produces = MediaType.APPLICATION_JSON_VALUE) + produces = MediaType.APPLICATION_JSON_UTF8_VALUE) @ApiOperation( value = "read data for specific keys", notes = "Read data for specific set of keys in region.", http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java ---------------------------------------------------------------------- diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java index d13c99c..e5287b9 100644 --- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java +++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java @@ -91,7 +91,7 @@ public class QueryAccessController extends AbstractBaseController { * list all parametrized Queries created in a Gemfire data node * @return result as a JSON document. */ - @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) + @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE }) @ApiOperation( value = "list all parametrized queries", notes = "List all parametrized queries by id/name", @@ -165,7 +165,7 @@ public class QueryAccessController extends AbstractBaseController { * @param oql OQL query string to be executed * @return query result as a JSON document */ - @RequestMapping(method = RequestMethod.GET, value = "/adhoc", produces = { MediaType.APPLICATION_JSON_VALUE }) + @RequestMapping(method = RequestMethod.GET, value = "/adhoc", produces = { MediaType.APPLICATION_JSON_UTF8_VALUE }) @ApiOperation( value = "run an adhoc query", notes = "Run an unnamed (unidentified), ad-hoc query passed as a URL parameter",