syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject svn commit: r1423524 - in /syncope/branches/cxf: common/src/main/java/org/apache/syncope/exceptions/ core/src/main/java/org/apache/syncope/core/rest/ core/src/test/java/org/apache/syncope/core/rest/ core/src/test/resources/
Date Tue, 18 Dec 2012 16:29:19 GMT
Author: jbernhardt
Date: Tue Dec 18 16:29:16 2012
New Revision: 1423524

URL: http://svn.apache.org/viewvc?rev=1423524&view=rev
Log:
[SYNCOPE-231], [SYNCOPE-256]
Updated EntitlementService
Updated Authentication Exception Handling

Added:
    syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/ClientAuthorizationTestITCase.java
Modified:
    syncope/branches/cxf/common/src/main/java/org/apache/syncope/exceptions/RestClientExceptionMapper.java
    syncope/branches/cxf/core/src/main/java/org/apache/syncope/core/rest/RestServiceExceptionMapper.java
    syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/AbstractAuthenticationTestITCase.java
    syncope/branches/cxf/core/src/test/resources/restClientContext.xml

Modified: syncope/branches/cxf/common/src/main/java/org/apache/syncope/exceptions/RestClientExceptionMapper.java
URL: http://svn.apache.org/viewvc/syncope/branches/cxf/common/src/main/java/org/apache/syncope/exceptions/RestClientExceptionMapper.java?rev=1423524&r1=1423523&r2=1423524&view=diff
==============================================================================
--- syncope/branches/cxf/common/src/main/java/org/apache/syncope/exceptions/RestClientExceptionMapper.java
(original)
+++ syncope/branches/cxf/common/src/main/java/org/apache/syncope/exceptions/RestClientExceptionMapper.java
Tue Dec 18 16:29:16 2012
@@ -42,14 +42,14 @@ public class RestClientExceptionMapper i
 			
 			// 2. Map  SC_FORBIDDEN
 		} else if (statusCode == HttpStatus.SC_FORBIDDEN) {
-			ex = new AccessControlException("Remote exception with status code: FORBIDDEN");
-			
-			// 3. Map  SC_UNAUTHORIZED
-		} else if (statusCode == HttpStatus.SC_UNAUTHORIZED) {
 //			// TODO find a way to enhance this error message with correct
 //			// RoleNumbers.
 			ex = new UnauthorizedRoleException(-1L);
 			
+			// 3. Map  SC_UNAUTHORIZED
+		} else if (statusCode == HttpStatus.SC_UNAUTHORIZED) {
+			ex = new AccessControlException("Remote unauthorized exception");
+			
 		} else {
 			// 3. All other codes are mapped to runtime exception with HTTP code information 
 			ex = new RuntimeException(String.format(

Modified: syncope/branches/cxf/core/src/main/java/org/apache/syncope/core/rest/RestServiceExceptionMapper.java
URL: http://svn.apache.org/viewvc/syncope/branches/cxf/core/src/main/java/org/apache/syncope/core/rest/RestServiceExceptionMapper.java?rev=1423524&r1=1423523&r2=1423524&view=diff
==============================================================================
--- syncope/branches/cxf/core/src/main/java/org/apache/syncope/core/rest/RestServiceExceptionMapper.java
(original)
+++ syncope/branches/cxf/core/src/main/java/org/apache/syncope/core/rest/RestServiceExceptionMapper.java
Tue Dec 18 16:29:16 2012
@@ -4,6 +4,7 @@ import java.util.Map.Entry;
 import java.util.Set;
 
 import javax.persistence.PersistenceException;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.ext.ExceptionMapper;
@@ -32,6 +33,7 @@ import org.springframework.orm.jpa.JpaSy
 public class RestServiceExceptionMapper implements ExceptionMapper<Exception>,
 		ResponseExceptionMapper<Exception> {
 
+	private static final String BASIC_REALM_UNAUTHORIZED = "Basic realm=\"Spring Security Application\"";
 	private static final Logger LOG = LoggerFactory
 			.getLogger(RestServiceExceptionMapper.class);
 	public static final String EXCEPTION_TYPE_HEADER = "ExceptionType";
@@ -127,9 +129,13 @@ public class RestServiceExceptionMapper 
 		Response response = null;
 		ResponseBuilder responseBuilder = Response.status(Response.Status.FORBIDDEN);
 
-		if (ex instanceof org.springframework.security.access.AccessDeniedException) {
+		if (ex instanceof UnauthorizedRoleException) {
+			responseBuilder.header(
+					SyncopeClientErrorHandler.EXCEPTION_TYPE_HEADER,
+					SyncopeClientExceptionType.UnauthorizedRole.getHeaderValue());
+			responseBuilder.header(SyncopeClientExceptionType.UnauthorizedRole
+					.getElementHeaderName(), ex.getMessage());
 			response = responseBuilder.build();
-
 		}
 		return response;
 	}
@@ -138,14 +144,8 @@ public class RestServiceExceptionMapper 
 		Response response = null;
 		ResponseBuilder responseBuilder = Response.status(Response.Status.UNAUTHORIZED);
 
-		if (ex instanceof UnauthorizedRoleException) {
-			responseBuilder.header(
-					SyncopeClientErrorHandler.EXCEPTION_TYPE_HEADER,
-					SyncopeClientExceptionType.UnauthorizedRole
-							.getHeaderValue());
-			responseBuilder.header(SyncopeClientExceptionType.UnauthorizedRole
-					.getElementHeaderName(), ex.getMessage());
-			response = responseBuilder.build();
+		if (ex instanceof org.springframework.security.access.AccessDeniedException) {
+			response = responseBuilder.header(HttpHeaders.WWW_AUTHENTICATE, BASIC_REALM_UNAUTHORIZED).build();
		
 		}
 		return response;
 	}

Modified: syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/AbstractAuthenticationTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/AbstractAuthenticationTestITCase.java?rev=1423524&r1=1423523&r2=1423524&view=diff
==============================================================================
--- syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/AbstractAuthenticationTestITCase.java
(original)
+++ syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/AbstractAuthenticationTestITCase.java
Tue Dec 18 16:29:16 2012
@@ -27,9 +27,11 @@ import static org.junit.Assert.fail;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.UUID;
 
 import javax.ws.rs.core.Response;
 
+import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.syncope.NotFoundException;
 import org.apache.syncope.exceptions.InvalidSearchConditionException;
 import org.apache.syncope.exceptions.UnauthorizedRoleException;
@@ -81,7 +83,7 @@ public abstract class AbstractAuthentica
             WorkflowException, NotFoundException {
         // 0. create a role that can only read schemas
         RoleTO authRoleTO = new RoleTO();
-        authRoleTO.setName("authRole");
+        authRoleTO.setName("authRole" + UUID.randomUUID().toString().substring(0,8));
         authRoleTO.setParent(8L);
         authRoleTO.addEntitlement("SCHEMA_READ");
 
@@ -94,8 +96,15 @@ public abstract class AbstractAuthentica
         schemaTO.setMandatoryCondition("false");
         schemaTO.setType(SchemaType.String);
 
-        SchemaTO newSchemaTO = restTemplate.postForObject(BASE_URL + "schema/user/create",
schemaTO,
-                SchemaTO.class);
+        SchemaTO newSchemaTO = null;
+        try {
+            WebClient wc = super.createWebClient("schema/user");
+            newSchemaTO = wc.path(schemaTO.getName()).get(SchemaTO.class);
+        } catch (Exception e) {
+            newSchemaTO = restTemplate.postForObject(BASE_URL + "schema/user/create", schemaTO,
+                    SchemaTO.class);
+        }
+
         assertEquals(schemaTO, newSchemaTO);
 
         // 2. create an user with the role created above (as admin)
@@ -294,7 +303,7 @@ public abstract class AbstractAuthentica
     @Test
     public void checkUserSuspension() throws UnauthorizedRoleException, WorkflowException,
             PropagationException, NotFoundException {
-        UserTO userTO = AbstractUserTestITCase.getSampleTO("checkSuspension@syncope.apache.org");
+        UserTO userTO = AbstractUserTestITCase.getSampleTO();
 
         MembershipTO membershipTO = new MembershipTO();
         membershipTO.setRoleId(7L);
@@ -404,7 +413,7 @@ public abstract class AbstractAuthentica
             NotFoundException {
         // Parent role, able to create users with role 1
         RoleTO parentRole = new RoleTO();
-        parentRole.setName("parentAdminRole");
+        parentRole.setName("parentAdminRole" + UUID.randomUUID().toString().substring(0,8));
         parentRole.addEntitlement("USER_CREATE");
         parentRole.addEntitlement("ROLE_1");
         parentRole.setParent(1L);
@@ -415,10 +424,10 @@ public abstract class AbstractAuthentica
 
         // Child role, with no entitlements
         RoleTO childRole = new RoleTO();
-        childRole.setName("childAdminRole");
+        childRole.setName("childAdminRole" + UUID.randomUUID().toString().substring(0,8));
         childRole.setParent(parentRole.getId());
 
-        r = rs.create(parentRole);
+        r = rs.create(childRole);
         childRole = resolve(RoleTO.class, r, rs);
         assertNotNull(childRole);
 

Added: syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/ClientAuthorizationTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/ClientAuthorizationTestITCase.java?rev=1423524&view=auto
==============================================================================
--- syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/ClientAuthorizationTestITCase.java
(added)
+++ syncope/branches/cxf/core/src/test/java/org/apache/syncope/core/rest/ClientAuthorizationTestITCase.java
Tue Dec 18 16:29:16 2012
@@ -0,0 +1,36 @@
+package org.apache.syncope.core.rest;
+
+import java.net.URI;
+
+import javax.ws.rs.core.Response;
+
+import junit.framework.Assert;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.http.HttpStatus;
+import org.apache.syncope.to.RoleTO;
+import org.junit.Before;
+import org.junit.Test;
+
+public class ClientAuthorizationTestITCase extends AbstractTest {
+	@Override
+	@Before
+	public void setupService() {
+	}
+
+	@Test
+	/**
+	 *  Test checks if response has WWW-Authenticate header by unathorized request
+	 */
+    public void unauthorizedAccessResponseHeader() {
+        RoleTO roleTO = new RoleTO();
+        roleTO.setName("test");
+        URI baseUri = restClientFactory.createWebClient().getBaseURI();
+    	WebClient webClient = WebClient.create(baseUri).path("roles");
+    	Response response = webClient.post(roleTO);
+    	Assert.assertNotNull(response);
+    	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatus());
+    	Assert.assertNotNull(response.getHeaderString("WWW-Authenticate"));
+    }
+
+}

Modified: syncope/branches/cxf/core/src/test/resources/restClientContext.xml
URL: http://svn.apache.org/viewvc/syncope/branches/cxf/core/src/test/resources/restClientContext.xml?rev=1423524&r1=1423523&r2=1423524&view=diff
==============================================================================
--- syncope/branches/cxf/core/src/test/resources/restClientContext.xml (original)
+++ syncope/branches/cxf/core/src/test/resources/restClientContext.xml Tue Dec 18 16:29:16
2012
@@ -11,10 +11,13 @@
    language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util"
+   xmlns:cxf="http://cxf.apache.org/core"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd
         http://cxf.apache.org/jaxrs
         http://cxf.apache.org/schemas/jaxrs.xsd
+        http://cxf.apache.org/core 
+        http://cxf.apache.org/schemas/core.xsd
         http://www.springframework.org/schema/util 
         http://www.springframework.org/schema/util/spring-util.xsd"
 >
@@ -70,6 +73,12 @@
       <property name="username" value="admin" />
       <property name="password" value="password" />
       <property name="inheritHeaders" value="true" />
+      <property name="features">
+         <list>
+            <!--bean class="org.apache.cxf.feature.LoggingFeature" /-->
+            <cxf:logging/>
+         </list>
+      </property>
       <property name="providers">
          <list>
             <ref bean="xmlProvider" />
@@ -95,6 +104,6 @@
 
    <bean id="exceptionMapper" class="org.apache.syncope.exceptions.RestClientExceptionMapper"
/>
    <!-- bean id="exceptionMapper" class="org.apache.syncope.exceptions.RestHttpStatusCodeMapper"
/-->
-   
+
 
 </beans>
\ No newline at end of file



Mime
View raw message