Updated Branches: refs/heads/master 3870f4525 -> 6e2a6980b
JCLOUDS-223: Implement token based auth in Abiquo Properly implemented token based authentication. An initial request is performed using Basic Authentication to request an authentication token. Subsequent requests will use the obtained token to authenticate, and once it expires a new one will be automatically requested. Project: http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/commit/6e2a6980 Tree: http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/tree/6e2a6980 Diff: http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/diff/6e2a6980 Branch: refs/heads/master Commit: 6e2a6980b8d6b45eb24302144f9540763b67562b Parents: 3870f45 Author: Ignasi Barrera <[email protected]> Authored: Mon Aug 5 00:53:56 2013 +0200 Committer: Ignasi Barrera <[email protected]> Committed: Wed Aug 7 23:39:07 2013 +0200 ---------------------------------------------------------------------- .../org/jclouds/abiquo/AbiquoApiMetadata.java | 8 +- .../config/AbiquoAuthenticationModule.java | 93 ++++++++++ .../jclouds/abiquo/config/AbiquoProperties.java | 14 +- .../jclouds/abiquo/config/Authentication.java | 36 ++++ .../abiquo/functions/auth/GetTokenFromApi.java | 113 ++++++++++++ .../functions/auth/GetTokenFromCredentials.java | 47 +++++ .../http/filters/AbiquoAuthentication.java | 35 ++-- .../features/BaseAbiquoApiExpectTest.java | 32 +++- .../abiquo/features/CloudApiExpectTest.java | 4 +- .../features/InfrastructureApiExpectTest.java | 12 +- .../VirtualMachineTemplateApiExpectTest.java | 2 +- .../functions/auth/GetTokenFromApiTest.java | 91 ++++++++++ .../AbiquoAuthenticationLiveApiTest.java | 174 ------------------- .../http/filters/AbiquoAuthenticationTest.java | 50 ++---- 14 files changed, 456 insertions(+), 255 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/AbiquoApiMetadata.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/AbiquoApiMetadata.java b/abiquo/src/main/java/org/jclouds/abiquo/AbiquoApiMetadata.java index bec5d27..daaf72d 100644 --- a/abiquo/src/main/java/org/jclouds/abiquo/AbiquoApiMetadata.java +++ b/abiquo/src/main/java/org/jclouds/abiquo/AbiquoApiMetadata.java @@ -18,12 +18,13 @@ package org.jclouds.abiquo; import static org.jclouds.Constants.PROPERTY_MAX_REDIRECTS; import static org.jclouds.abiquo.config.AbiquoProperties.ASYNC_TASK_MONITOR_DELAY; -import static org.jclouds.abiquo.config.AbiquoProperties.CREDENTIAL_IS_TOKEN; +import static org.jclouds.abiquo.config.AbiquoProperties.CREDENTIAL_TYPE; import java.net.URI; import java.util.Properties; import org.jclouds.abiquo.compute.config.AbiquoComputeServiceContextModule; +import org.jclouds.abiquo.config.AbiquoAuthenticationModule; import org.jclouds.abiquo.config.AbiquoHttpApiModule; import org.jclouds.apis.ApiMetadata; import org.jclouds.concurrent.config.ScheduledExecutorServiceModule; @@ -60,7 +61,7 @@ public class AbiquoApiMetadata extends BaseHttpApiMetadata<AbiquoApi> { // The default polling delay between AsyncTask monitor requests properties.setProperty(ASYNC_TASK_MONITOR_DELAY, "5000"); // By default the provided credential is not a token - properties.setProperty(CREDENTIAL_IS_TOKEN, "false"); + properties.setProperty(CREDENTIAL_TYPE, "password"); return properties; } @@ -81,7 +82,8 @@ public class AbiquoApiMetadata extends BaseHttpApiMetadata<AbiquoApi> { .defaultProperties(AbiquoApiMetadata.defaultProperties()) .defaultModules( ImmutableSet.<Class<? extends Module>> of(AbiquoHttpApiModule.class, - AbiquoComputeServiceContextModule.class, ScheduledExecutorServiceModule.class)); + AbiquoAuthenticationModule.class, AbiquoComputeServiceContextModule.class, + ScheduledExecutorServiceModule.class)); } @Override http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoAuthenticationModule.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoAuthenticationModule.java b/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoAuthenticationModule.java new file mode 100644 index 0000000..0f71766 --- /dev/null +++ b/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoAuthenticationModule.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.abiquo.config; + +import static com.google.common.base.Preconditions.checkArgument; +import static org.jclouds.abiquo.config.AbiquoProperties.CREDENTIAL_TYPE; + +import java.util.Map; +import java.util.concurrent.TimeUnit; + +import javax.inject.Named; +import javax.inject.Singleton; + +import org.jclouds.abiquo.functions.auth.GetTokenFromApi; +import org.jclouds.abiquo.functions.auth.GetTokenFromCredentials; +import org.jclouds.domain.Credentials; +import org.jclouds.location.Provider; + +import com.google.common.base.Function; +import com.google.common.base.Supplier; +import com.google.common.cache.CacheBuilder; +import com.google.common.cache.CacheLoader; +import com.google.common.cache.LoadingCache; +import com.google.common.collect.ImmutableMap; +import com.google.inject.AbstractModule; +import com.google.inject.Provides; + +/** + * Configures the Abiquo authentication. + * + * @author Ignasi Barrera + */ +public class AbiquoAuthenticationModule extends AbstractModule { + + /** The name of the authentication token. */ + public static final String AUTH_TOKEN_NAME = "auth"; + + @Provides + @Singleton + protected Map<String, Function<Credentials, String>> authenticationMethods(GetTokenFromApi tokenFromApi, + GetTokenFromCredentials tokenFromCredentials) { + return ImmutableMap.of("password", tokenFromApi, "token", tokenFromCredentials); + } + + @Provides + @Singleton + protected Function<Credentials, String> authenticationMethodForCredentialType( + Map<String, Function<Credentials, String>> authenticationMethods, @Named(CREDENTIAL_TYPE) String credentialType) { + checkArgument(authenticationMethods.containsKey(credentialType), "credential type %s not in supported list: %s", + credentialType, authenticationMethods.keySet()); + return authenticationMethods.get(credentialType); + } + + // Abiquo authentication tokens have 30 minutes life time + @Provides + @Singleton + protected LoadingCache<Credentials, String> provideTokenCache(Function<Credentials, String> getToken) { + return CacheBuilder.newBuilder().expireAfterWrite(29, TimeUnit.MINUTES).build(CacheLoader.from(getToken)); + } + + @Provides + @Singleton + @Authentication + protected Supplier<String> provideTokenSupplier(final LoadingCache<Credentials, String> cache, + @Provider final Supplier<Credentials> creds) { + return new Supplier<String>() { + @Override + public String get() { + return cache.getUnchecked(creds.get()); + } + }; + } + + @Override + protected void configure() { + // Nothing to do here + } + +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoProperties.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoProperties.java b/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoProperties.java index 9d239a5..b98bb2e 100644 --- a/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoProperties.java +++ b/abiquo/src/main/java/org/jclouds/abiquo/config/AbiquoProperties.java @@ -23,17 +23,23 @@ package org.jclouds.abiquo.config; */ public interface AbiquoProperties { /** - * Boolean property indicating if the provided credential is an api token. + * Credential type to be used to authenticate against the Abiquo Api. * <p> - * Default value: false + * Valid values: password, token (deprecated). */ - public static final String CREDENTIAL_IS_TOKEN = "abiquo.credential-is-token"; + public static final String CREDENTIAL_TYPE = "abiquo.credential-type"; /** - * The delay (in ms) used between requests by the {@link MonitoringService} + * The delay (in ms) used between requests by the + * <code>MonitoringService<code> * when monitoring asynchronous task state. * <p> * Default value: 5000 ms */ public static final String ASYNC_TASK_MONITOR_DELAY = "abiquo.monitor-delay"; + + /** + * The name of the Abiquo logger. + */ + public static final String ABIQUO_LOGGER = "jclouds.abiquo"; } http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/config/Authentication.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/config/Authentication.java b/abiquo/src/main/java/org/jclouds/abiquo/config/Authentication.java new file mode 100644 index 0000000..4319a4f --- /dev/null +++ b/abiquo/src/main/java/org/jclouds/abiquo/config/Authentication.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.abiquo.config; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import javax.inject.Qualifier; + +/** + * Qualifies an authentication object. + * + * @author Ignasi Barrera + */ +@Retention(value = RetentionPolicy.RUNTIME) +@Target(value = { ElementType.TYPE, ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD }) +@Qualifier +public @interface Authentication { + +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromApi.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromApi.java b/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromApi.java new file mode 100644 index 0000000..b0bc7ac --- /dev/null +++ b/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromApi.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.abiquo.functions.auth; + +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.collect.Iterables.transform; +import static com.google.common.collect.Iterables.tryFind; +import static com.google.common.net.HttpHeaders.AUTHORIZATION; +import static org.jclouds.abiquo.config.AbiquoAuthenticationModule.AUTH_TOKEN_NAME; +import static org.jclouds.http.filters.BasicAuthentication.basic; + +import java.net.URI; +import java.util.Collection; + +import javax.annotation.Resource; +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; +import javax.ws.rs.core.Cookie; + +import org.jclouds.abiquo.config.AbiquoProperties; +import org.jclouds.domain.Credentials; +import org.jclouds.http.HttpRequest; +import org.jclouds.http.HttpResponse; +import org.jclouds.logging.Logger; +import org.jclouds.providers.ProviderMetadata; +import org.jclouds.rest.AuthorizationException; +import org.jclouds.rest.HttpClient; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Function; +import com.google.common.base.Optional; +import com.google.common.base.Predicate; +import com.google.common.net.HttpHeaders; + +/** + * Requests a new authentication token. + * + * @author Ignasi Barrera + */ +@Singleton +public class GetTokenFromApi implements Function<Credentials, String> { + + /** Information of the provider. */ + private final ProviderMetadata provider; + + /** The raw HTTP client used to request the authentication token. */ + private final HttpClient http; + + @Resource + @Named(AbiquoProperties.ABIQUO_LOGGER) + protected Logger logger = Logger.NULL; + + @Inject + public GetTokenFromApi(ProviderMetadata provider, HttpClient http) { + this.provider = checkNotNull(provider, "provider must not be null"); + this.http = checkNotNull(http, "http must not be null"); + } + + @Override + public String apply(Credentials input) { + logger.info(">> Requesting an authentication token for user: %s...", input.identity); + + HttpResponse response = http.invoke(HttpRequest.builder() // + .method("GET") // + .endpoint(URI.create(provider.getEndpoint())) // + .addHeader(AUTHORIZATION, basic(input.identity, input.credential)) // + .build()); + + Optional<Cookie> token = readAuthenticationToken(response); + if (!token.isPresent()) { + throw new AuthorizationException("Could not obtain a new authentication token"); + } + + return token.get().getValue(); + } + + @VisibleForTesting + static Optional<Cookie> readAuthenticationToken(final HttpResponse response) { + Collection<String> cookies = response.getHeaders().get(HttpHeaders.SET_COOKIE); + return tryFind(transform(cookies, cookie()), new Predicate<Cookie>() { + @Override + public boolean apply(Cookie input) { + return input.getName().equals(AUTH_TOKEN_NAME); + } + }); + + } + + private static Function<String, Cookie> cookie() { + return new Function<String, Cookie>() { + @Override + public Cookie apply(String input) { + return Cookie.valueOf(input); + } + }; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromCredentials.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromCredentials.java b/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromCredentials.java new file mode 100644 index 0000000..7553afb --- /dev/null +++ b/abiquo/src/main/java/org/jclouds/abiquo/functions/auth/GetTokenFromCredentials.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.abiquo.functions.auth; + +import javax.inject.Singleton; + +import org.jclouds.domain.Credentials; + +import com.google.common.base.Function; + +/** + * Gets the authentication token from the configured credentials. + * <p> + * Note that in order to request an authentication token once it expires, the + * username and password must be provided. This means that when the context is + * created using an already existing token (and thus no username and password + * are provided), jclouds will not be able to request a new token once it + * expires. + * <p> + * If the context is created with an already existing token, it is up to the + * user to renew it when it expires. + * + * @author Ignasi Barrera + */ +@Singleton +public class GetTokenFromCredentials implements Function<Credentials, String> { + + @Override + public String apply(Credentials input) { + return input.credential; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/main/java/org/jclouds/abiquo/http/filters/AbiquoAuthentication.java ---------------------------------------------------------------------- diff --git a/abiquo/src/main/java/org/jclouds/abiquo/http/filters/AbiquoAuthentication.java b/abiquo/src/main/java/org/jclouds/abiquo/http/filters/AbiquoAuthentication.java index c7631dc..6143004 100644 --- a/abiquo/src/main/java/org/jclouds/abiquo/http/filters/AbiquoAuthentication.java +++ b/abiquo/src/main/java/org/jclouds/abiquo/http/filters/AbiquoAuthentication.java @@ -17,22 +17,18 @@ package org.jclouds.abiquo.http.filters; import static com.google.common.base.Preconditions.checkNotNull; -import static org.jclouds.abiquo.config.AbiquoProperties.CREDENTIAL_IS_TOKEN; -import static org.jclouds.http.filters.BasicAuthentication.basic; +import static org.jclouds.abiquo.config.AbiquoAuthenticationModule.AUTH_TOKEN_NAME; import javax.inject.Inject; -import javax.inject.Named; import javax.inject.Singleton; -import javax.ws.rs.core.HttpHeaders; -import org.jclouds.domain.Credentials; +import org.jclouds.abiquo.config.Authentication; import org.jclouds.http.HttpException; import org.jclouds.http.HttpRequest; import org.jclouds.http.HttpRequestFilter; -import org.jclouds.location.Provider; -import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Supplier; +import com.google.common.net.HttpHeaders; /** * Authenticates using Basic Authentication or a generated token from previous @@ -42,30 +38,19 @@ import com.google.common.base.Supplier; */ @Singleton public class AbiquoAuthentication implements HttpRequestFilter { - /** The name of the authentication token. */ - public static final String AUTH_TOKEN_NAME = "auth"; - - protected Supplier<Credentials> creds; - protected boolean credentialIsToken; + private final Supplier<String> authTokenProvider; @Inject - public AbiquoAuthentication(@Provider Supplier<Credentials> creds, - @Named(CREDENTIAL_IS_TOKEN) boolean credentialIsToken) { - this.creds = checkNotNull(creds, "creds"); - this.credentialIsToken = credentialIsToken; + public AbiquoAuthentication(@Authentication Supplier<String> authTokenProvider) { + this.authTokenProvider = checkNotNull(authTokenProvider, "authTokenProvider must not be null"); } @Override - public HttpRequest filter(final HttpRequest request) throws HttpException { - Credentials currentCreds = checkNotNull(creds.get(), "credential supplier returned null"); - String header = credentialIsToken ? tokenAuth(currentCreds.credential) : basic(currentCreds.identity, - currentCreds.credential); - return request.toBuilder() - .replaceHeader(credentialIsToken ? HttpHeaders.COOKIE : HttpHeaders.AUTHORIZATION, header).build(); + public HttpRequest filter(HttpRequest request) throws HttpException { + return request.toBuilder().replaceHeader(HttpHeaders.COOKIE, tokenAuth(authTokenProvider.get())).build(); } - @VisibleForTesting - static String tokenAuth(final String token) { - return AUTH_TOKEN_NAME + "=" + checkNotNull(token, "token"); + private static String tokenAuth(final String token) { + return AUTH_TOKEN_NAME + "=" + checkNotNull(token, "missing authentication token"); } } http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/features/BaseAbiquoApiExpectTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/features/BaseAbiquoApiExpectTest.java b/abiquo/src/test/java/org/jclouds/abiquo/features/BaseAbiquoApiExpectTest.java index 2569f30..4b8d774 100644 --- a/abiquo/src/test/java/org/jclouds/abiquo/features/BaseAbiquoApiExpectTest.java +++ b/abiquo/src/test/java/org/jclouds/abiquo/features/BaseAbiquoApiExpectTest.java @@ -18,16 +18,23 @@ package org.jclouds.abiquo.features; import java.util.Properties; +import javax.inject.Inject; +import javax.inject.Singleton; import javax.ws.rs.core.MediaType; import org.jclouds.abiquo.AbiquoApi; import org.jclouds.abiquo.AbiquoApiMetadata; +import org.jclouds.abiquo.functions.auth.GetTokenFromApi; import org.jclouds.apis.ApiMetadata; +import org.jclouds.domain.Credentials; import org.jclouds.http.HttpRequest; import org.jclouds.http.HttpResponse; +import org.jclouds.providers.ProviderMetadata; +import org.jclouds.rest.HttpClient; import org.jclouds.rest.internal.BaseRestApiExpectTest; import com.google.common.base.Function; +import com.google.inject.AbstractModule; import com.google.inject.Module; /** @@ -36,7 +43,7 @@ import com.google.inject.Module; * @author Ignasi Barrera */ public abstract class BaseAbiquoApiExpectTest<S> extends BaseRestApiExpectTest<S> { - protected final String basicAuth = "Basic aWRlbnRpdHk6Y3JlZGVudGlhbA=="; + protected final String tokenAuth = "auth=mock-token"; public BaseAbiquoApiExpectTest() { provider = "abiquo"; @@ -48,6 +55,16 @@ public abstract class BaseAbiquoApiExpectTest<S> extends BaseRestApiExpectTest<S } @Override + protected Module createModule() { + return new AbstractModule() { + @Override + protected void configure() { + bind(GetTokenFromApi.class).to(MockTokenFromApi.class); + } + }; + } + + @Override public S createClient(final Function<HttpRequest, HttpResponse> fn, final Module module, final Properties props) { return clientFrom(createInjector(fn, module, props).getInstance(AbiquoApi.class)); } @@ -58,4 +75,17 @@ public abstract class BaseAbiquoApiExpectTest<S> extends BaseRestApiExpectTest<S return MediaType.valueOf(mediatType).toString(); } + @Singleton + private static class MockTokenFromApi extends GetTokenFromApi { + @Inject + public MockTokenFromApi(ProviderMetadata provider, HttpClient http) { + super(provider, http); + } + + @Override + public String apply(Credentials input) { + return "mock-token"; + } + } + } http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/features/CloudApiExpectTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/features/CloudApiExpectTest.java b/abiquo/src/test/java/org/jclouds/abiquo/features/CloudApiExpectTest.java index 57da385..27df7cf 100644 --- a/abiquo/src/test/java/org/jclouds/abiquo/features/CloudApiExpectTest.java +++ b/abiquo/src/test/java/org/jclouds/abiquo/features/CloudApiExpectTest.java @@ -47,7 +47,7 @@ public class CloudApiExpectTest extends BaseAbiquoApiExpectTest<CloudApi> { HttpRequest.builder() // .method("GET") // .endpoint(URI.create("http://localhost/api/cloud/virtualmachines";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(VirtualMachinesWithNodeExtendedDto.MEDIA_TYPE)) // .build(), HttpResponse @@ -72,7 +72,7 @@ public class CloudApiExpectTest extends BaseAbiquoApiExpectTest<CloudApi> { .method("POST") .endpoint( URI.create("http://localhost/api/admin/virtualdatacenters/1/virtualappliances/1/virtualmachines/1/action/instance";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(AcceptedRequestDto.MEDIA_TYPE)) // .payload( payloadFromResourceWithContentType("/payloads/vm-snapshot.xml", http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/features/InfrastructureApiExpectTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/features/InfrastructureApiExpectTest.java b/abiquo/src/test/java/org/jclouds/abiquo/features/InfrastructureApiExpectTest.java index 72b58ec..90683ed 100644 --- a/abiquo/src/test/java/org/jclouds/abiquo/features/InfrastructureApiExpectTest.java +++ b/abiquo/src/test/java/org/jclouds/abiquo/features/InfrastructureApiExpectTest.java @@ -45,7 +45,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast HttpRequest.builder() // .method("GET") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(NetworkServiceTypesDto.MEDIA_TYPE)) // .build(), HttpResponse @@ -71,7 +71,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast HttpRequest.builder() // .method("GET") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes/1";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(NetworkServiceTypeDto.MEDIA_TYPE)) // .build(), HttpResponse @@ -96,7 +96,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast InfrastructureApi api = requestSendsResponse(HttpRequest.builder() // .method("GET") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes/1";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(NetworkServiceTypeDto.MEDIA_TYPE)) // .build(), // HttpResponse.builder().statusCode(404).build()); @@ -113,7 +113,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast HttpRequest.builder() // .method("POST") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(NetworkServiceTypeDto.MEDIA_TYPE)) // .payload( @@ -147,7 +147,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast HttpRequest.builder() // .method("PUT") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes/1";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(NetworkServiceTypeDto.MEDIA_TYPE)) // .payload( @@ -179,7 +179,7 @@ public class InfrastructureApiExpectTest extends BaseAbiquoApiExpectTest<Infrast InfrastructureApi api = requestSendsResponse(HttpRequest.builder() // .method("DELETE") // .endpoint(URI.create("http://localhost/api/admin/datacenters/1/networkservicetypes/1";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .build(), // HttpResponse.builder().statusCode(204).build()); http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/features/VirtualMachineTemplateApiExpectTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/features/VirtualMachineTemplateApiExpectTest.java b/abiquo/src/test/java/org/jclouds/abiquo/features/VirtualMachineTemplateApiExpectTest.java index b85ee37..e9aabe4 100644 --- a/abiquo/src/test/java/org/jclouds/abiquo/features/VirtualMachineTemplateApiExpectTest.java +++ b/abiquo/src/test/java/org/jclouds/abiquo/features/VirtualMachineTemplateApiExpectTest.java @@ -45,7 +45,7 @@ public class VirtualMachineTemplateApiExpectTest extends BaseAbiquoApiExpectTest .method("GET") .endpoint( URI.create("http://localhost/api/admin/enterprises/1/datacenterrepositories/1/virtualmachinetemplates";)) // - .addHeader("Authorization", basicAuth) // + .addHeader("Cookie", tokenAuth) // .addHeader("Accept", normalize(VirtualMachineTemplatesDto.MEDIA_TYPE)) // .addQueryParam("limit", "1") // .addQueryParam("has", "text") // http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/functions/auth/GetTokenFromApiTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/functions/auth/GetTokenFromApiTest.java b/abiquo/src/test/java/org/jclouds/abiquo/functions/auth/GetTokenFromApiTest.java new file mode 100644 index 0000000..ec083bc --- /dev/null +++ b/abiquo/src/test/java/org/jclouds/abiquo/functions/auth/GetTokenFromApiTest.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.abiquo.functions.auth; + +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.replay; +import static org.easymock.EasyMock.verify; +import static org.jclouds.abiquo.functions.auth.GetTokenFromApi.readAuthenticationToken; +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertFalse; +import static org.testng.Assert.assertTrue; + +import javax.ws.rs.core.Cookie; + +import org.easymock.EasyMock; +import org.jclouds.http.HttpResponse; +import org.testng.annotations.Test; + +import com.google.common.base.Optional; +import com.google.common.collect.ImmutableMultimap; +import com.google.common.net.HttpHeaders; + +/** + * Unit tests for the {@link GetTokenFromApi} function. + * + * @author Ignasi Barrera + */ +@Test(groups = "unit", testName = "GetTokenFromApiTest") +public class GetTokenFromApiTest { + + public void testGetTokenWithoutHeaders() { + HttpResponse response = EasyMock.createMock(HttpResponse.class); + expect(response.getHeaders()).andReturn(ImmutableMultimap.<String, String> of()); + replay(response); + + Optional<Cookie> token = readAuthenticationToken(response); + assertFalse(token.isPresent()); + + verify(response); + } + + public void testGetTokenWithOtherHeaders() { + HttpResponse response = EasyMock.createMock(HttpResponse.class); + expect(response.getHeaders()).andReturn(ImmutableMultimap.<String, String> of("Accept", "application/xml")); + replay(response); + + Optional<Cookie> token = readAuthenticationToken(response); + assertFalse(token.isPresent()); + + verify(response); + } + + public void testGetTokenWithOtherCookie() { + HttpResponse response = EasyMock.createMock(HttpResponse.class); + expect(response.getHeaders()).andReturn(ImmutableMultimap.<String, String> of(HttpHeaders.SET_COOKIE, "foo=bar")); + replay(response); + + Optional<Cookie> token = readAuthenticationToken(response); + assertFalse(token.isPresent()); + + verify(response); + } + + public void testGetTokenWithAuthenticationCookie() { + HttpResponse response = EasyMock.createMock(HttpResponse.class); + expect(response.getHeaders()).andReturn( + ImmutableMultimap.<String, String> of(HttpHeaders.SET_COOKIE, "auth=the-token")); + replay(response); + + Optional<Cookie> token = readAuthenticationToken(response); + assertTrue(token.isPresent()); + assertEquals(token.get().getName(), "auth"); + assertEquals(token.get().getValue(), "the-token"); + + verify(response); + } +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationLiveApiTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationLiveApiTest.java b/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationLiveApiTest.java deleted file mode 100644 index dfe09f1..0000000 --- a/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationLiveApiTest.java +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.jclouds.abiquo.http.filters; - -import static com.google.common.base.Preconditions.checkNotNull; -import static org.jclouds.http.HttpUtils.releasePayload; -import static org.jclouds.http.filters.BasicAuthentication.basic; -import static org.testng.Assert.assertEquals; -import static org.testng.Assert.assertFalse; -import static org.testng.Assert.assertNotNull; -import static org.testng.Assert.fail; - -import java.io.IOException; -import java.net.URI; -import java.util.Collection; -import java.util.Properties; - -import javax.ws.rs.core.Cookie; -import javax.ws.rs.core.HttpHeaders; - -import org.jclouds.ContextBuilder; -import org.jclouds.abiquo.AbiquoApiMetadata; -import org.jclouds.abiquo.AbiquoContext; -import org.jclouds.abiquo.config.AbiquoProperties; -import org.jclouds.http.HttpRequest; -import org.jclouds.http.HttpResponse; -import org.jclouds.logging.slf4j.config.SLF4JLoggingModule; -import org.jclouds.rest.AuthorizationException; -import org.testng.annotations.BeforeMethod; -import org.testng.annotations.Test; - -import com.abiquo.server.core.enterprise.UserDto; -import com.google.common.collect.ImmutableSet; -import com.google.inject.Module; - -/** - * Live tests for the {@link AbiquoAuthentication} filter. - * - * @author Ignasi Barrera - */ -@Test(groups = "api", testName = "AbiquoAuthenticationLiveApiTest") -public class AbiquoAuthenticationLiveApiTest { - private String identity; - - private String credential; - - private String endpoint; - - @BeforeMethod - public void setupToken() { - identity = checkNotNull(System.getProperty("test.abiquo.identity"), "test.abiquo.identity"); - credential = checkNotNull(System.getProperty("test.abiquo.credential"), "test.abiquo.credential"); - endpoint = checkNotNull(System.getProperty("test.abiquo.endpoint"), "test.abiquo.endpoint"); - } - - @Test - public void testAuthenticateWithToken() throws IOException { - String token = getAuthtenticationToken(); - - Properties props = new Properties(); - props.setProperty(AbiquoProperties.CREDENTIAL_IS_TOKEN, "true"); - - // Create a new context that uses the generated token to perform the API - // calls - AbiquoContext tokenContext = ContextBuilder.newBuilder(new AbiquoApiMetadata()) // - .endpoint(endpoint) // - .credentials("token", token) // - .modules(ImmutableSet.<Module> of(new SLF4JLoggingModule())) // - .overrides(props) // - .build(AbiquoContext.class); - - try { - // Perform a call to get the logged user and verify the identity - UserDto user = tokenContext.getApiContext().getApi().getAdminApi().getCurrentUser(); - assertNotNull(user); - assertEquals(user.getNick(), identity); - } finally { - if (tokenContext != null) { - tokenContext.close(); - } - } - } - - @Test - public void testAuthenticateWithInvalidToken() throws IOException { - String token = getAuthtenticationToken() + "INVALID"; - - Properties props = new Properties(); - props.setProperty(AbiquoProperties.CREDENTIAL_IS_TOKEN, "true"); - - // Create a new context that uses the generated token to perform the API - // calls - AbiquoContext tokenContext = ContextBuilder.newBuilder(new AbiquoApiMetadata()) // - .endpoint(endpoint) // - .credentials("token", token) // - .modules(ImmutableSet.<Module> of(new SLF4JLoggingModule())) // - .overrides(props) // - .build(AbiquoContext.class); - - // Perform a call to get the logged user. It should fail - try { - tokenContext.getApiContext().getApi().getAdminApi().getCurrentUser(); - } catch (AuthorizationException ex) { - // Test succeeded - return; - } finally { - if (tokenContext != null) { - tokenContext.close(); - } - } - - fail("Token authentication should have failed"); - } - - private String getAuthtenticationToken() { - String token = null; - - AbiquoContext context = ContextBuilder.newBuilder(new AbiquoApiMetadata()) // - .endpoint(endpoint) // - .credentials(identity, credential) // - .modules(ImmutableSet.<Module> of(new SLF4JLoggingModule())) // - .build(AbiquoContext.class); - - try { - // Create a request to authenticate to the API and generate the token - HttpRequest request = HttpRequest.builder().method("GET").endpoint(URI.create(endpoint)).build(); - - request = request.toBuilder().replaceHeader(HttpHeaders.AUTHORIZATION, basic(identity, credential)).build(); - - // Execute the request and read the generated token - HttpResponse response = context.utils().http().invoke(request); - assertEquals(response.getStatusCode(), 200); - - token = readAuthenticationToken(response); - assertNotNull(token); - - releasePayload(response); - } finally { - if (context != null) { - context.close(); - } - } - - return token; - } - - private String readAuthenticationToken(final HttpResponse response) { - Collection<String> cookies = response.getHeaders().get(HttpHeaders.SET_COOKIE); - assertFalse(cookies.isEmpty()); - - for (String cookie : cookies) { - Cookie c = Cookie.valueOf(cookie); - if (c.getName().equals(AbiquoAuthentication.AUTH_TOKEN_NAME)) { - return c.getValue(); - } - } - - return null; - } -} http://git-wip-us.apache.org/repos/asf/incubator-jclouds-labs/blob/6e2a6980/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationTest.java ---------------------------------------------------------------------- diff --git a/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationTest.java b/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationTest.java index dc218af..db25b30 100644 --- a/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationTest.java +++ b/abiquo/src/test/java/org/jclouds/abiquo/http/filters/AbiquoAuthenticationTest.java @@ -16,21 +16,17 @@ */ package org.jclouds.abiquo.http.filters; -import static com.google.common.base.Suppliers.ofInstance; -import static org.jclouds.http.filters.BasicAuthentication.basic; import static org.testng.Assert.assertEquals; -import static org.testng.Assert.assertFalse; +import static org.testng.Assert.assertTrue; import java.net.URI; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import javax.ws.rs.core.HttpHeaders; - -import org.jclouds.domain.Credentials; import org.jclouds.http.HttpRequest; import org.testng.annotations.Test; +import com.google.common.base.Suppliers; +import com.google.common.net.HttpHeaders; + /** * Unit tests for the {@link AbiquoAuthentication} filter. * @@ -39,45 +35,21 @@ import org.testng.annotations.Test; @Test(groups = "unit", testName = "AbiquoAuthenticationTest") public class AbiquoAuthenticationTest { - public void testBasicAuthentication() throws NoSuchAlgorithmException, CertificateException { + @Test(expectedExceptions = NullPointerException.class, expectedExceptionsMessageRegExp = "missing authentication token") + public void testAuthenticateWithoutToken() { HttpRequest request = HttpRequest.builder().method("GET").endpoint(URI.create("http://foo";)).build(); - - AbiquoAuthentication filter = new AbiquoAuthentication(ofInstance(new Credentials("identity", "credential")), - false); - HttpRequest filtered = filter.filter(request); - HttpRequest expected = request.toBuilder() - .replaceHeader(HttpHeaders.AUTHORIZATION, basic("identity", "credential")).build(); - - assertFalse(filtered.getHeaders().containsKey(HttpHeaders.COOKIE)); - assertEquals(filtered, expected); - } - - @Test(expectedExceptions = NullPointerException.class) - public void testBasicAuthenticationWithoutIdentity() throws NoSuchAlgorithmException, CertificateException { - HttpRequest request = HttpRequest.builder().method("GET").endpoint(URI.create("http://foo";)).build(); - - AbiquoAuthentication filter = new AbiquoAuthentication(ofInstance(new Credentials(null, "credential")), false); - filter.filter(request); - } - - @Test(expectedExceptions = NullPointerException.class) - public void testBasicAuthenticationWithoutCredential() throws NoSuchAlgorithmException, CertificateException { - HttpRequest request = HttpRequest.builder().method("GET").endpoint(URI.create("http://foo";)).build(); - - AbiquoAuthentication filter = new AbiquoAuthentication(ofInstance(new Credentials("identity", null)), false); + AbiquoAuthentication filter = new AbiquoAuthentication(Suppliers.<String> ofInstance(null)); filter.filter(request); } - public void testTokenAuthentication() throws NoSuchAlgorithmException, CertificateException { + public void testAuthenticateWithToken() { HttpRequest request = HttpRequest.builder().method("GET").endpoint(URI.create("http://foo";)).build(); + AbiquoAuthentication filter = new AbiquoAuthentication(Suppliers.<String> ofInstance("the-token")); - AbiquoAuthentication filter = new AbiquoAuthentication(ofInstance(new Credentials("token-identity", "token")), - true); HttpRequest filtered = filter.filter(request); - HttpRequest expected = request.toBuilder() - .replaceHeader(HttpHeaders.COOKIE, AbiquoAuthentication.tokenAuth("token")).build(); + HttpRequest expected = request.toBuilder().replaceHeader(HttpHeaders.COOKIE, "auth=the-token").build(); - assertFalse(filtered.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)); + assertTrue(filtered.getHeaders().containsKey(HttpHeaders.COOKIE)); assertEquals(filtered, expected); } }
