1 package com.atlassian.asap.it;
2
3 import com.atlassian.asap.api.Jwt;
4 import com.atlassian.asap.api.exception.AuthenticationFailedException;
5 import com.atlassian.asap.api.exception.AuthorizationFailedException;
6 import com.atlassian.asap.api.server.http.RequestAuthenticator;
7 import com.atlassian.asap.core.server.AuthenticationContext;
8 import com.atlassian.asap.core.server.http.RequestAuthenticatorFactory;
9 import com.atlassian.asap.core.server.http.RequestAuthenticatorImpl;
10 import com.atlassian.asap.core.server.jersey.JerseyRequestAuthorizer;
11 import com.atlassian.asap.core.server.jersey.JerseyRequestAuthorizerFactory;
12 import com.atlassian.asap.core.server.jersey.JwtAuth;
13 import com.atlassian.asap.core.server.jersey.JwtAuthProvider;
14 import com.atlassian.asap.core.server.jersey.JwtInjectable;
15 import com.atlassian.asap.core.server.jersey.WhitelistJerseyRequestAuthorizer;
16 import com.google.common.collect.ImmutableMap;
17 import com.sun.jersey.api.core.ClassNamesResourceConfig;
18 import com.sun.jersey.api.core.HttpRequestContext;
19 import com.sun.jersey.api.core.ResourceConfig;
20 import com.sun.jersey.core.spi.component.ComponentContext;
21 import com.sun.jersey.core.spi.component.ComponentScope;
22 import com.sun.jersey.core.spi.component.ioc.IoCComponentProviderFactory;
23 import com.sun.jersey.server.impl.application.WebApplicationImpl;
24 import org.junit.Test;
25 import org.junit.runner.RunWith;
26 import org.mockito.Mock;
27 import org.mockito.runners.MockitoJUnitRunner;
28
29 import javax.ws.rs.GET;
30 import javax.ws.rs.Path;
31 import java.util.Map;
32
33 import static org.junit.Assert.assertEquals;
34 import static org.junit.Assert.assertNotNull;
35 import static org.mockito.Mockito.mock;
36 import static org.mockito.Mockito.when;
37
38 @RunWith(MockitoJUnitRunner.class)
39 public class JwtValidatorInitialisationTest {
40
41 private static final String DUMMY_ISSUER = "dummy";
42
43 @Mock
44 private JwtAuth mockJwtAuth;
45
46 @Test
47 public void shouldUseDefaultFactories() throws Exception {
48 Map<Class, Object> injectables = ImmutableMap.<Class, Object>of(
49 AuthenticationContext.class, new AuthenticationContext(DUMMY_ISSUER, "file:///some/path")
50 );
51 IoCComponentProviderFactory noFactoryIoCProvider = JerseyTestUtil.ioCProviderFactoryfromMap(injectables);
52
53 JwtInjectable jwtInjectable = getJwtInjectable(noFactoryIoCProvider);
54
55 assertNotNull(jwtInjectable.getRequestAuthenticator());
56 assertEquals(RequestAuthenticatorImpl.class, jwtInjectable.getRequestAuthenticator().getClass());
57
58 assertNotNull(jwtInjectable.getJerseyRequestAuthorizer());
59 assertEquals(WhitelistJerseyRequestAuthorizer.class, jwtInjectable.getJerseyRequestAuthorizer().getClass());
60 }
61
62 @Test
63 public void shouldWireCustomFactoriesIfAvailableInTheContext() throws Exception {
64 Map<Class, Object> injectables = ImmutableMap.<Class, Object>of(
65 AuthenticationContext.class, new AuthenticationContext(DUMMY_ISSUER, "file:///some/path"),
66 RequestAuthenticatorFactory.class, new CustomRequestAuthenticatorFactory(),
67 JerseyRequestAuthorizerFactory.class, new CustomJerseyRequestAuthorizerFactory()
68 );
69 IoCComponentProviderFactory customFactoryIoCProvider = JerseyTestUtil.ioCProviderFactoryfromMap(injectables);
70
71 JwtInjectable jwtInjectable = getJwtInjectable(customFactoryIoCProvider);
72
73 assertNotNull(jwtInjectable.getRequestAuthenticator());
74 assertEquals(CustomRequestAuthenticator.class, jwtInjectable.getRequestAuthenticator().getClass());
75
76 assertNotNull(jwtInjectable.getJerseyRequestAuthorizer());
77 assertEquals(CustomJerseyRequestAuthorizer.class, jwtInjectable.getJerseyRequestAuthorizer().getClass());
78 }
79
80 private JwtInjectable getJwtInjectable(IoCComponentProviderFactory ioCComponentProviderFactory) throws IllegalAccessException {
81 WebApplicationImpl webApplication = createWebApplication(ioCComponentProviderFactory);
82
83 when(mockJwtAuth.authorizedSubjects()).thenReturn(new String[]{DUMMY_ISSUER});
84 when(mockJwtAuth.authorizedIssuers()).thenReturn(new String[]{});
85
86 return (JwtInjectable) (webApplication.getServerInjectableProviderFactory()
87 .getInjectable(JwtAuth.class, mock(ComponentContext.class), mockJwtAuth, Jwt.class, ComponentScope.PerRequest));
88 }
89
90 private WebApplicationImpl createWebApplication(IoCComponentProviderFactory ioCComponentProviderFactory) {
91 ResourceConfig rc = new ClassNamesResourceConfig(
92 JwtAuthProvider.class,
93 Controller.class
94 );
95 rc.getSingletons().add(ioCComponentProviderFactory);
96 WebApplicationImpl webApplication = new WebApplicationImpl();
97 webApplication.initiate(rc);
98
99 return webApplication;
100 }
101
102 public class CustomRequestAuthenticatorFactory extends RequestAuthenticatorFactory {
103 @Override
104 public RequestAuthenticator create(AuthenticationContext authContext) {
105 return new CustomRequestAuthenticator();
106 }
107 }
108
109 public class CustomRequestAuthenticator implements RequestAuthenticator {
110 @Override
111 public Jwt authenticateRequest(String authorizationHeader) throws AuthenticationFailedException {
112 return mock(Jwt.class);
113 }
114 }
115
116 public class CustomJerseyRequestAuthorizerFactory extends JerseyRequestAuthorizerFactory {
117 @Override
118 public JerseyRequestAuthorizer create(JwtAuth jwtAuth) {
119 return new CustomJerseyRequestAuthorizer();
120 }
121 }
122
123 public class CustomJerseyRequestAuthorizer implements JerseyRequestAuthorizer {
124
125 @Override
126 public void authorize(Jwt authenticJwt, HttpRequestContext requestContext) throws AuthorizationFailedException {
127
128 }
129 }
130
131 @Path("/")
132 public static class Controller {
133 @GET
134 public String resourceIssuer1(
135 @JwtAuth(authorizedSubjects = {"NOBODY"}) Jwt jwt
136 ) {
137 return "OK";
138 }
139 }
140
141 }