Github user kjduling commented on a diff in the pull request:
https://github.com/apache/incubator-geode/pull/276#discussion_r86852018
--- Diff:
geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java
---
@@ -0,0 +1,185 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for
additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express
+ * or implied. See the License for the specific language governing
permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.rest.internal.web;
+
+import static
org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS;
+import static
org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT;
+import static
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static
org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
+import static
org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API;
+import static org.apache.geode.rest.internal.web.GeodeRestClient.getCode;
+import static
org.apache.geode.rest.internal.web.GeodeRestClient.getContentType;
+import static
org.apache.geode.rest.internal.web.GeodeRestClient.getJsonArray;
+import static
org.apache.geode.rest.internal.web.GeodeRestClient.getJsonObject;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.execute.FunctionService;
+import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.rest.internal.web.controllers.GetRegions;
+import org.apache.geode.security.templates.SamplePostProcessor;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.http.HttpResponse;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.springframework.http.MediaType;
+
+import java.net.URLEncoder;
+import java.util.Properties;
+
+
+@Category({IntegrationTest.class, SecurityTest.class})
+public class RestSecurityPostProcessorTest {
+
+ static final String REGION_NAME = "AuthRegion";
+
+ static int restPort = AvailablePortHelper.getRandomAvailableTCPPort();
+ static Properties properties = new Properties() {
+ {
+ setProperty(SampleSecurityManager.SECURITY_JSON,
+
"org/apache/geode/management/internal/security/clientServer.json");
+ setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ setProperty(START_DEV_REST_API, "true");
+ setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
+ setProperty(HTTP_SERVICE_PORT, restPort + "");
+ setProperty(SECURITY_POST_PROCESSOR,
SamplePostProcessor.class.getName());
+ }
+ };
+
+ @ClassRule
+ public static ServerStarterRule serverStarter = new
ServerStarterRule(properties);
+ private final GeodeRestClient restClient = new
GeodeRestClient("localhost", restPort);
+
+ @BeforeClass
+ public static void before() throws Exception {
+ serverStarter.startServer();
+ Region region =
+
serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
+ region.put("key1",
+
"{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order
for XYZ
Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly
Bean\",\"email\":\"jelly.b...@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}");
+ region.put("key2", "bar");
+
serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create("customers");
+ FunctionService.registerFunction(new GetRegions());
+ }
+
+ /**
+ * Test post-processing of a retrieved key from the server.
+ */
+ @Test
+ public void getRegionKey() throws Exception {
+
+ // Test a single key
+ HttpResponse response = restClient.doGet("/" + REGION_NAME + "/key1",
"key1User", "1234567");
+ assertEquals(200, getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE,
getContentType(response));
+
+ String body = IOUtils.toString(response.getEntity().getContent(),
"UTF-8");
+ assertTrue(body.startsWith("\"key1User/" + REGION_NAME + "/key1/"));
+
+ // Test multiple keys
+ response = restClient.doGet("/" + REGION_NAME + "/key1,key2",
"dataReader", "1234567");
+ assertEquals(200, getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE,
getContentType(response));
+
+ JSONObject jsonObject = getJsonObject(response);
+ JSONArray jsonArray = jsonObject.getJSONArray(REGION_NAME);
+ final int length = jsonArray.length();
+ for (int index = 0; index < length; ++index) {
+ String data = jsonArray.getString(index);
+ assertTrue(data.contains("dataReader/" + REGION_NAME + "/"));
+ }
+ }
+
+ @Test
+ public void getRegion() throws Exception {
+ HttpResponse response = restClient.doGet("/" + REGION_NAME,
"dataReader", "1234567");
+ assertEquals(200, getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE,
getContentType(response));
+
+ JSONObject jsonObject = getJsonObject(response);
+ JSONArray jsonArray = jsonObject.getJSONArray(REGION_NAME);
+ final int length = jsonArray.length();
+ for (int index = 0; index < length; ++index) {
+ String data = jsonArray.getString(index);
+ assertTrue(data.contains("dataReader/" + REGION_NAME + "/"));
+ }
+ }
+
+ @Test
+ public void adhocQuery() throws Exception {
+ String query =
+ "/queries/adhoc?q=" + URLEncoder.encode("SELECT * FROM /" +
REGION_NAME, "UTF-8");
+ HttpResponse response = restClient.doGet(query, "dataReader",
"1234567");
+ assertEquals(200, getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE,
getContentType(response));
+
+ JSONArray jsonArray = getJsonArray(response);
+ final int length = jsonArray.length();
+ for (int index = 0; index < length; ++index) {
+ String data = jsonArray.getString(index);
+ assertTrue(data.contains("dataReader/" + REGION_NAME + "/"));
+ }
+ }
+
+ @Test
+ public void namedQuery() throws Exception {
+ String namedQuery = "SELECT c FROM /customers c WHERE c.customerId =
$1";
+
+ HttpResponse response =
+ restClient.doPost("/queries?id=selectCustomer&q=" +
URLEncoder.encode(namedQuery, "UTF-8"),
+ "dataReader", "1234567", "");
+ assertEquals(201, getCode(response));
+
+ String query = "/queries";
+ response = restClient.doGet(query, "dataReader", "1234567");
+ assertEquals(200, getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE,
getContentType(response));
+
+ String customerJson =
--- End diff --
This breaks from the pattern RestAPIsQueryAndFEJUnitTest follows. But as
you said in an earlier comment about the Orders, it will read cleaner.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
