-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
headers filters - adding an IT to highlight #120
- Loading branch information
Showing
2 changed files
with
125 additions
and
0 deletions.
There are no files selected for viewing
76 changes: 76 additions & 0 deletions
76
...test/java/org/georchestra/gateway/security/DefaultVsCustomGeorchestraHeadersConfigIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package org.georchestra.gateway.security; | ||
|
||
import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo; | ||
import com.github.tomakehurst.wiremock.junit5.WireMockTest; | ||
import com.github.tomakehurst.wiremock.stubbing.ServeEvent; | ||
import org.georchestra.gateway.app.GeorchestraGatewayApplication; | ||
import org.georchestra.testcontainers.ldap.GeorchestraLdapContainer; | ||
import org.junit.jupiter.api.AfterAll; | ||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.Test; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient; | ||
import org.springframework.boot.test.context.SpringBootTest; | ||
import org.springframework.test.context.ActiveProfiles; | ||
import org.springframework.test.web.reactive.server.WebTestClient; | ||
|
||
import java.util.List; | ||
|
||
import static com.github.tomakehurst.wiremock.client.WireMock.*; | ||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.hamcrest.Matchers.*; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertTrue; | ||
|
||
@SpringBootTest(classes = GeorchestraGatewayApplication.class) | ||
@WireMockTest | ||
@AutoConfigureWebTestClient | ||
@ActiveProfiles("customgeorheaders") | ||
public class DefaultVsCustomGeorchestraHeadersConfigIT { | ||
public static GeorchestraLdapContainer ldap = new GeorchestraLdapContainer(); | ||
|
||
public static WireMockRuntimeInfo wmri; | ||
|
||
private @Autowired WebTestClient testClient; | ||
|
||
@BeforeAll | ||
public static void setUp(WireMockRuntimeInfo wmri) { | ||
DefaultVsCustomGeorchestraHeadersConfigIT.wmri = wmri; | ||
ldap.start(); | ||
System.setProperty("wmHost", "localhost"); | ||
System.setProperty("wmPort", Integer.toString(wmri.getHttpPort())); | ||
} | ||
|
||
public static @AfterAll void shutDownContainers() { | ||
ldap.stop(); | ||
} | ||
|
||
@Test | ||
/** | ||
* This test checks that the base64-json versions of the http headers are sent | ||
* to proxified services, if specified in the configuration of the service. e.g. | ||
* if they are deactivated by default: | ||
* | ||
* ```yaml georchestra: gateway: default-headers: proxy: true username: true | ||
* roles: true org: true orgname: true ``` but activated at the service level, | ||
* e.g.: | ||
* | ||
* ```yaml georchestra: gateway: services: myservice: [...] headers: json-user: | ||
* true json-organization: true ``` Then the sec-user and sec-organization | ||
* headers should be received by the proxified webapp. | ||
* | ||
*/ | ||
public void testCustomizedHeadersForTarget() { | ||
stubFor(get("/echo/").willReturn(ok())); | ||
|
||
testClient.get().uri("/echo/")// | ||
.header("Host", "localhost")// | ||
.header("Authorization", "Basic dGVzdGFkbWluOnRlc3RhZG1pbg==") // testadmin:testadmin | ||
.exchange(); | ||
|
||
List<ServeEvent> events = getAllServeEvents(); | ||
|
||
assertEquals(1, events.size()); | ||
assertThat(events.getFirst().getRequest().getAllHeaderKeys(), contains("sec-user", "sec-organization")); | ||
} | ||
} |
49 changes: 49 additions & 0 deletions
49
gateway/src/test/resources/application-customgeorheaders.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
georchestra: | ||
gateway: | ||
default-headers: | ||
# Default security headers to append to proxied requests | ||
proxy: true | ||
username: true | ||
roles: true | ||
org: true | ||
orgname: true | ||
security: | ||
createNonExistingUsersInLDAP: false | ||
ldap: | ||
default: | ||
enabled: true | ||
extended: true | ||
url: ldap://${ldapHost}:${ldapPort}/ | ||
baseDn: dc=georchestra,dc=org | ||
adminDn: cn=admin,dc=georchestra,dc=org | ||
adminPassword: secret | ||
users: | ||
rdn: ou=users | ||
searchFilter: (uid={0}) | ||
pendingUsersSearchBaseDN: ou=pendingusers | ||
protectedUsers: geoserver_privileged_user | ||
roles: | ||
rdn: ou=roles | ||
searchFilter: (member={0}) | ||
protectedRoles: ADMINISTRATOR, EXTRACTORAPP, GN_.*, ORGADMIN, REFERENT, USER, SUPERUSER | ||
orgs: | ||
rdn: ou=orgs | ||
orgTypes: Association,Company,NGO,Individual,Other | ||
pendingOrgSearchBaseDN: ou=pendingorgs | ||
services: | ||
echo: | ||
target: http://${wmHost}:${wmPort} | ||
access-rules: | ||
- intercept-url: /echo/** | ||
anonymous: false | ||
headers: | ||
json-user: true | ||
json-organization: true | ||
spring: | ||
cloud: | ||
gateway: | ||
routes: | ||
- id: echo | ||
uri: http://${wmHost}:${wmPort} | ||
predicates: | ||
- Path=/echo/ |