You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2016/10/26 20:10:33 UTC
[09/15] incubator-geode git commit: GEODE-2020: for rest api get
request, use utf-8 as response encoding.
GEODE-2020: for rest api get request, use utf-8 as response encoding.
* add more test assertions.
* fix legacy tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/fadd92b0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/fadd92b0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/fadd92b0
Branch: refs/heads/feature/GEODE-2012
Commit: fadd92b0556ac6d3a48ffccbf64100fd94689e62
Parents: af55d92
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Thu Oct 20 15:28:50 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Oct 21 10:37:54 2016 -0700
----------------------------------------------------------------------
.../rest/internal/web/GeodeRestClient.java | 148 +++++++
.../web/RestSecurityIntegrationTest.java | 410 ++++++-------------
.../web/controllers/CommonCrudController.java | 6 +-
.../controllers/FunctionAccessController.java | 2 +-
.../web/controllers/PdxBasedCrudController.java | 4 +-
.../web/controllers/QueryAccessController.java | 4 +-
6 files changed, 290 insertions(+), 284 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java
new file mode 100644
index 0000000..c83cebb
--- /dev/null
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/GeodeRestClient.java
@@ -0,0 +1,148 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geode.rest.internal.web;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.nio.charset.StandardCharsets;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpHead;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.json.JSONTokener;
+import org.junit.Assert;
+
+public class GeodeRestClient {
+
+ public final static String PROTOCOL = "http";
+ public final static String HOSTNAME = "localhost";
+ public final static String CONTEXT = "/geode/v1";
+
+ private int restPort = 0;
+ public GeodeRestClient(int restPort){
+ this.restPort = restPort;
+ }
+
+ public HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException {
+ HttpHead httpHead = new HttpHead(CONTEXT + query);
+ return doRequest(httpHead, username, password);
+ }
+
+ public HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException {
+ HttpPost httpPost = new HttpPost(CONTEXT + query);
+ httpPost.addHeader("content-type", "application/json");
+ httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
+ return doRequest(httpPost, username, password);
+ }
+
+ public HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException {
+ HttpPut httpPut = new HttpPut(CONTEXT + query);
+ httpPut.addHeader("content-type", "application/json");
+ httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
+ return doRequest(httpPut, username, password);
+ }
+
+ public HttpResponse doGet(String uri, String username, String password) throws MalformedURLException {
+ HttpGet getRequest = new HttpGet(CONTEXT + uri);
+ return doRequest(getRequest, username, password);
+ }
+ public HttpResponse doGet(String uri) throws MalformedURLException {
+ return doGet(uri, null, null);
+ }
+
+ public HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException {
+ HttpDelete httpDelete = new HttpDelete(CONTEXT + uri);
+ return doRequest(httpDelete, username, password);
+ }
+
+ public static String getContentType(HttpResponse response){
+ return response.getEntity().getContentType().getValue();
+ }
+
+ /**
+ * Retrieve the status code of the HttpResponse
+ *
+ * @param response The HttpResponse message received from the server
+ *
+ * @return a numeric value
+ */
+ public static int getCode(HttpResponse response) {
+ return response.getStatusLine().getStatusCode();
+ }
+
+ public static JSONTokener getResponseBody(HttpResponse response) throws IOException {
+ HttpEntity entity = response.getEntity();
+ InputStream content = entity.getContent();
+ BufferedReader reader = new BufferedReader(new InputStreamReader(content));
+ String line;
+ StringBuilder str = new StringBuilder();
+ while ((line = reader.readLine()) != null) {
+ str.append(line);
+ }
+ return new JSONTokener(str.toString());
+ }
+
+ private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException {
+ HttpHost targetHost = new HttpHost(HOSTNAME,restPort, PROTOCOL);
+ CloseableHttpClient httpclient = HttpClients.custom().build();
+ HttpClientContext clientContext = HttpClientContext.create();
+ // if username is null, do not put in authentication
+ if (username != null) {
+ CredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password));
+ httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme basicAuth = new BasicScheme();
+ authCache.put(targetHost, basicAuth);
+ clientContext.setCredentialsProvider(credsProvider);
+ clientContext.setAuthCache(authCache);
+ }
+
+ try {
+ return httpclient.execute(targetHost, request, clientContext);
+ } catch (ClientProtocolException e) {
+ e.printStackTrace();
+ Assert.fail("Rest GET should not have thrown ClientProtocolException!");
+ } catch (IOException e) {
+ e.printStackTrace();
+ Assert.fail("Rest GET Request should not have thrown IOException!");
+ }
+ return null;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
index 6e91894..5f66f3b 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
@@ -19,42 +19,16 @@ package org.apache.geode.rest.internal.web;
import static org.apache.geode.distributed.ConfigurationProperties.*;
import static org.junit.Assert.*;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.MalformedURLException;
-import java.nio.charset.StandardCharsets;
import java.util.Properties;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.AuthCache;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpHead;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.BasicAuthCache;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
import org.json.JSONArray;
import org.json.JSONObject;
-import org.json.JSONTokener;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.springframework.http.MediaType;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.internal.AvailablePortHelper;
@@ -69,10 +43,6 @@ public class RestSecurityIntegrationTest {
protected static final String REGION_NAME = "AuthRegion";
- public final static String PROTOCOL = "http";
- public final static String HOSTNAME = "localhost";
- public final static String CONTEXT = "/geode/v1";
-
private static int restPort = AvailablePortHelper.getRandomAvailableTCPPort();
static Properties properties = new Properties() {{
setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json");
@@ -84,6 +54,7 @@ public class RestSecurityIntegrationTest {
@ClassRule
public static ServerStarter serverStarter = new ServerStarter(properties);
+ private final GeodeRestClient restClient = new GeodeRestClient(restPort);
@BeforeClass
public static void before() throws Exception {
@@ -95,95 +66,99 @@ public class RestSecurityIntegrationTest {
public void testFunctions() throws Exception {
String json = "{\"@type\":\"double\",\"@value\":210}";
- HttpResponse response = doGet("/functions", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/functions", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/functions", "dataReader", "1234567");
- assertTrue(isOK(response));
-
- response = doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json);
- assertEquals(401, getCode(response));
- response = doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json);
- assertEquals(403, getCode(response));
- response = doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json);
+ HttpResponse response = restClient.doGet("/functions", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doGet("/functions", "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doGet("/functions", "dataReader", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ response.getEntity();
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
+
+ response = restClient.doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json);
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json);
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json);
// because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
+ assertEquals(500, restClient.getCode(response));
}
@Test
public void testQueries() throws Exception {
- HttpResponse response = doGet("/queries", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/queries", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/queries", "dataReader", "1234567");
- assertEquals(200, getCode(response));
+ HttpResponse response = restClient.doGet("/queries", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doGet("/queries", "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doGet("/queries", "dataReader", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
}
@Test
public void testAdhocQuery() throws Exception {
- HttpResponse response = doGet("/queries/adhoc?q=", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/queries/adhoc?q=", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/queries/adhoc?q=", "dataReader", "1234567");
+ HttpResponse response = restClient.doGet("/queries/adhoc?q=", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doGet("/queries/adhoc?q=", "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doGet("/queries/adhoc?q=", "dataReader", "1234567");
// because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
+ assertEquals(500, restClient.getCode(response));
}
@Test
public void testPostQuery() throws Exception {
- HttpResponse response = doPost("/queries?id=0&q=", "unknown-user", "1234567", "");
- assertEquals(401, getCode(response));
- response = doPost("/queries?id=0&q=", "stranger", "1234567", "");
- assertEquals(403, getCode(response));
- response = doPost("/queries?id=0&q=", "dataReader", "1234567", "");
+ HttpResponse response = restClient.doPost("/queries?id=0&q=", "unknown-user", "1234567", "");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doPost("/queries?id=0&q=", "stranger", "1234567", "");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doPost("/queries?id=0&q=", "dataReader", "1234567", "");
// because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
+ assertEquals(500, restClient.getCode(response));
}
@Test
public void testPostQuery2() throws Exception {
- HttpResponse response = doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(401, getCode(response));
- response = doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(403, getCode(response));
- response = doPost("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}");
+ HttpResponse response = restClient.doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doPost("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}");
// because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
+ assertEquals(500, restClient.getCode(response));
}
@Test
public void testPutQuery() throws Exception {
- HttpResponse response = doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(401, getCode(response));
- response = doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(403, getCode(response));
- response = doPut("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}");
+ HttpResponse response = restClient.doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doPut("/queries/id", "dataReader", "1234567", "{\"id\" : \"foo\"}");
// We should get a 404 because we're trying to update a query that doesn't exist
- assertEquals(404, getCode(response));
+ assertEquals(404, restClient.getCode(response));
}
@Test
public void testDeleteQuery() throws Exception {
- HttpResponse response = doDelete("/queries/id", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doDelete("/queries/id", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doDelete("/queries/id", "dataWriter", "1234567");
+ HttpResponse response = restClient.doDelete("/queries/id", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doDelete("/queries/id", "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doDelete("/queries/id", "dataWriter", "1234567");
// We should get a 404 because we're trying to delete a query that doesn't exist
- assertEquals(404, getCode(response));
+ assertEquals(404, restClient.getCode(response));
}
@Test
public void testServers() throws Exception {
- HttpResponse response = doGet("/servers", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/servers", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/servers", "super-user", "1234567");
- assertTrue(isOK(response));
+ HttpResponse response = restClient.doGet("/servers", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doGet("/servers", "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
+ response = restClient.doGet("/servers", "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
}
/**
@@ -192,27 +167,15 @@ public class RestSecurityIntegrationTest {
*/
@Test
public void testPing() throws Exception {
- HttpResponse response = doHEAD("/ping", "stranger", "1234567");
- assertTrue(isOK(response));
- response = doGet("/ping", "stranger", "1234567");
- assertTrue(isOK(response));
-
- response = doHEAD("/ping", "super-user", "1234567");
- assertTrue(isOK(response));
- response = doGet("/ping", "super-user", "1234567");
- assertTrue(isOK(response));
-
- // TODO - invalid username/password should still respond, but doesn't
- // response = doHEAD("/ping", "unknown-user", "badpassword");
- // assertTrue(isOK(response));
- // response = doGet("/ping", "unknown-user", "badpassword");
- // assertTrue(isOK(response));
-
- // TODO - credentials are currently required and shouldn't be for this endpoint
- // response = doHEAD("/ping", null, null);
- // assertTrue(isOK(response));
- // response = doGet("/ping", null, null);
- // assertTrue(isOK(response));
+ HttpResponse response = restClient.doHEAD("/ping", "stranger", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ response = restClient.doGet("/ping", "stranger", "1234567");
+ assertEquals(200, restClient.getCode(response));
+
+ response = restClient.doHEAD("/ping", "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ response = restClient.doGet("/ping", "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
}
/**
@@ -220,11 +183,11 @@ public class RestSecurityIntegrationTest {
*/
@Test
public void getRegions() throws Exception {
- HttpResponse response = doGet("", "dataReader", "1234567");
- assertEquals("A '200 - OK' was expected", 200, getCode(response));
+ HttpResponse response = restClient.doGet("", "dataReader", "1234567");
+ assertEquals("A '200 - OK' was expected", 200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
- assertTrue(isOK(response));
- JSONObject jsonObject = new JSONObject(getResponseBody(response));
+ JSONObject jsonObject = new JSONObject(restClient.getResponseBody(response));
JSONArray regions = jsonObject.getJSONArray("regions");
assertNotNull(regions);
assertTrue(regions.length() > 0);
@@ -233,12 +196,12 @@ public class RestSecurityIntegrationTest {
assertEquals("REPLICATE", region.get("type"));
// List regions with an unknown user - 401
- response = doGet("", "unknown-user", "badpassword");
- assertEquals(401, getCode(response));
+ response = restClient.doGet("", "unknown-user", "badpassword");
+ assertEquals(401, restClient.getCode(response));
// list regions with insufficent rights - 403
- response = doGet("", "authRegionReader", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doGet("", "authRegionReader", "1234567");
+ assertEquals(403, restClient.getCode(response));
}
/**
@@ -247,16 +210,17 @@ public class RestSecurityIntegrationTest {
@Test
public void getRegion() throws Exception {
// Test an unknown user - 401 error
- HttpResponse response = doGet("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
+ HttpResponse response = restClient.doGet("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
// Test a user with insufficient rights - 403
- response = doGet("/" + REGION_NAME, "stranger", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doGet("/" + REGION_NAME, "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
// Test an authorized user - 200
- response = doGet("/" + REGION_NAME, "super-user", "1234567");
- assertTrue(isOK(response));
+ response = restClient.doGet("/" + REGION_NAME, "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
}
/**
@@ -265,16 +229,16 @@ public class RestSecurityIntegrationTest {
@Test
public void headRegion() throws Exception {
// Test an unknown user - 401 error
- HttpResponse response = doHEAD("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
+ HttpResponse response = restClient.doHEAD("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
// Test a user with insufficient rights - 403
- response = doHEAD("/" + REGION_NAME, "stranger", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doHEAD("/" + REGION_NAME, "stranger", "1234567");
+ assertEquals(403, restClient.getCode(response));
// Test an authorized user - 200
- response = doHEAD("/" + REGION_NAME, "super-user", "1234567");
- assertTrue(isOK(response));
+ response = restClient.doHEAD("/" + REGION_NAME, "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
}
/**
@@ -283,12 +247,12 @@ public class RestSecurityIntegrationTest {
@Test
public void deleteRegion() throws Exception {
// Test an unknown user - 401 error
- HttpResponse response = doDelete("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
+ HttpResponse response = restClient.doDelete("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
// Test a user with insufficient rights - 403
- response = doDelete("/" + REGION_NAME, "dataReader", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doDelete("/" + REGION_NAME, "dataReader", "1234567");
+ assertEquals(403, restClient.getCode(response));
}
/**
@@ -297,11 +261,12 @@ public class RestSecurityIntegrationTest {
@Test
public void getRegionKeys() throws Exception {
// Test an authorized user
- HttpResponse response = doGet("/" + REGION_NAME + "/keys", "super-user", "1234567");
- assertTrue(isOK(response));
+ HttpResponse response = restClient.doGet("/" + REGION_NAME + "/keys", "super-user", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
// Test an unauthorized user
- response = doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567");
+ assertEquals(403, restClient.getCode(response));
}
/**
@@ -310,11 +275,13 @@ public class RestSecurityIntegrationTest {
@Test
public void getRegionKey() throws Exception {
// Test an authorized user
- HttpResponse response = doGet("/" + REGION_NAME + "/key1", "key1User", "1234567");
- assertTrue(isOK(response));
+ HttpResponse response = restClient.doGet("/" + REGION_NAME + "/key1", "key1User", "1234567");
+ assertEquals(200, restClient.getCode(response));
+ assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, restClient.getContentType(response));
+
// Test an unauthorized user
- response = doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567");
+ assertEquals(403, restClient.getCode(response));
}
/**
@@ -323,16 +290,16 @@ public class RestSecurityIntegrationTest {
@Test
public void deleteRegionKey() throws Exception {
// Test an unknown user - 401 error
- HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
+ HttpResponse response = restClient.doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567");
+ assertEquals(401, restClient.getCode(response));
// Test a user with insufficient rights - 403
- response = doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567");
- assertEquals(403, getCode(response));
+ response = restClient.doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567");
+ assertEquals(403, restClient.getCode(response));
// Test an authorized user - 200
- response = doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567");
- assertTrue(isOK(response));
+ response = restClient.doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567");
+ assertEquals(200, restClient.getCode(response));
}
/**
@@ -341,17 +308,16 @@ public class RestSecurityIntegrationTest {
@Test
public void postRegionKey() throws Exception {
// Test an unknown user - 401 error
- HttpResponse response = doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
+ HttpResponse response = restClient.doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, restClient.getCode(response));
// Test a user with insufficient rights - 403
- response = doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(403, getCode(response));
+ response = restClient.doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(403, restClient.getCode(response));
// Test an authorized user - 200
- response = doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(201, getCode(response));
- assertTrue(isOK(response));
+ response = restClient.doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(201, restClient.getCode(response));
}
/**
@@ -363,135 +329,27 @@ public class RestSecurityIntegrationTest {
String json = "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}";
String casJSON = "{\"@old\":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225},\"@new \":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1013,\"description\":\"Order for New Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/25/2014\",\"contact\":\"Vanilla Bean\",\"email\":\"vanillabean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":12345,\"description\":\"part 123\",\"quantity\":12,\"unitPrice\":29.99,\"totalPrice\":149.95}],\"totalPrice\":149.95}}";
// Test an unknown user - 401 error
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
- response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }");
- assertEquals(401, getCode(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(403, getCode(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(403, getCode(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON);
- assertEquals(403, getCode(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(200, getCode(response));
- assertTrue(isOK(response));
-
- response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json);
- assertEquals(200, getCode(response));
- assertTrue(isOK(response));
- }
-
- protected HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException {
- HttpHead httpHead = new HttpHead(CONTEXT + query);
- return doRequest(httpHead, username, password);
- }
-
-
- protected HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException {
- HttpPost httpPost = new HttpPost(CONTEXT + query);
- httpPost.addHeader("content-type", "application/json");
- httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
- return doRequest(httpPost, username, password);
- }
-
+ HttpResponse response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, restClient.getCode(response));
- protected HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException {
- HttpPut httpPut = new HttpPut(CONTEXT + query);
- httpPut.addHeader("content-type", "application/json");
- httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
- return doRequest(httpPut, username, password);
- }
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, restClient.getCode(response));
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }");
+ assertEquals(401, restClient.getCode(response));
- protected HttpResponse doGet(String uri, String username, String password) throws MalformedURLException {
- HttpGet getRequest = new HttpGet(CONTEXT + uri);
- return doRequest(getRequest, username, password);
- }
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(403, restClient.getCode(response));
- protected HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException {
- HttpDelete httpDelete = new HttpDelete(CONTEXT + uri);
- return doRequest(httpDelete, username, password);
- }
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(403, restClient.getCode(response));
- /**
- * Check the HTTP status of the response and return if it's within the OK range
- *
- * @param response The HttpResponse message received from the server
- *
- * @return true if the status code is a 2XX-type code (200-299), otherwise false
- */
- protected boolean isOK(HttpResponse response) {
- int returnCode = response.getStatusLine().getStatusCode();
- return (returnCode < 300 && returnCode >= 200);
- }
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON);
+ assertEquals(403, restClient.getCode(response));
- /**
- * Check the HTTP status of the response and return true if a 401
- *
- * @param response The HttpResponse message received from the server
- *
- * @return true if the status code is 401, otherwise false
- */
- protected boolean isUnauthorized(HttpResponse response) {
- int returnCode = response.getStatusLine().getStatusCode();
- return returnCode == 401;
- }
-
- /**
- * Retrieve the status code of the HttpResponse
- *
- * @param response The HttpResponse message received from the server
- *
- * @return a numeric value
- */
- protected int getCode(HttpResponse response) {
- return response.getStatusLine().getStatusCode();
- }
-
- protected JSONTokener getResponseBody(HttpResponse response) throws IOException {
- HttpEntity entity = response.getEntity();
- InputStream content = entity.getContent();
- BufferedReader reader = new BufferedReader(new InputStreamReader(content));
- String line;
- StringBuilder str = new StringBuilder();
- while ((line = reader.readLine()) != null) {
- str.append(line);
- }
- return new JSONTokener(str.toString());
- }
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(200, restClient.getCode(response));
- private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException {
- HttpHost targetHost = new HttpHost(HOSTNAME, this.restPort, PROTOCOL);
- CloseableHttpClient httpclient = HttpClients.custom().build();
- HttpClientContext clientContext = HttpClientContext.create();
- // if username is null, do not put in authentication
- if (username != null) {
- CredentialsProvider credsProvider = new BasicCredentialsProvider();
- credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password));
- httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();
- AuthCache authCache = new BasicAuthCache();
- BasicScheme basicAuth = new BasicScheme();
- authCache.put(targetHost, basicAuth);
- clientContext.setCredentialsProvider(credsProvider);
- clientContext.setAuthCache(authCache);
- }
-
- try {
- return httpclient.execute(targetHost, request, clientContext);
- } catch (ClientProtocolException e) {
- e.printStackTrace();
- fail("Rest GET should not have thrown ClientProtocolException!");
- } catch (IOException e) {
- e.printStackTrace();
- fail("Rest GET Request should not have thrown IOException!");
- }
- return null;
+ response = restClient.doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json);
+ assertEquals(200, restClient.getCode(response));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
index 30c8b3a..935b3ad 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
@@ -63,7 +63,7 @@ public abstract class CommonCrudController extends AbstractBaseController {
*
* @return JSON document containing result
*/
- @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_JSON_VALUE })
+ @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE})
@ApiOperation(
value = "list all resources (Regions)",
notes = "List all available resources (Regions) in the GemFire cluster",
@@ -92,7 +92,7 @@ public abstract class CommonCrudController extends AbstractBaseController {
* @return JSON document containing result
*/
@RequestMapping(method = RequestMethod.GET, value = "/{region}/keys",
- produces = { MediaType.APPLICATION_JSON_VALUE } )
+ produces = { MediaType.APPLICATION_JSON_UTF8_VALUE } )
@ApiOperation(
value = "list all keys",
notes = "List all keys in region",
@@ -198,7 +198,7 @@ public abstract class CommonCrudController extends AbstractBaseController {
return new ResponseEntity<>(HttpStatus.OK);
}
- @RequestMapping(method = { RequestMethod.GET }, value = "/servers")
+ @RequestMapping(method = { RequestMethod.GET }, value = "/servers", produces = { MediaType.APPLICATION_JSON_UTF8_VALUE } )
@ApiOperation(
value = "fetch all REST enabled servers in the DS",
notes = "Find all gemfire node where developer REST service is up and running!",
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java
index e1ea1ad..831083e 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/FunctionAccessController.java
@@ -86,7 +86,7 @@ public class FunctionAccessController extends AbstractBaseController {
*
* @return result as a JSON document.
*/
- @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
+ @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE })
@ApiOperation(
value = "list all functions",
notes = "list all functions available in the GemFire cluster",
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java
index ebb8ccc..32de04e 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/PdxBasedCrudController.java
@@ -134,7 +134,7 @@ public class PdxBasedCrudController extends CommonCrudController {
* @param limit total number of entries requested
* @return JSON document
*/
- @RequestMapping(method = RequestMethod.GET, value = "/{region}", produces = MediaType.APPLICATION_JSON_VALUE)
+ @RequestMapping(method = RequestMethod.GET, value = "/{region}", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
@ApiOperation(
value = "read all data for region",
notes = "Read all data for region. Use limit param to get fixed or limited number of entries.",
@@ -213,7 +213,7 @@ public class PdxBasedCrudController extends CommonCrudController {
* @return JSON document
*/
@RequestMapping(method = RequestMethod.GET, value = "/{region}/{keys}",
- produces = MediaType.APPLICATION_JSON_VALUE)
+ produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
@ApiOperation(
value = "read data for specific keys",
notes = "Read data for specific set of keys in region.",
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/fadd92b0/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
index d13c99c..e5287b9 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
@@ -91,7 +91,7 @@ public class QueryAccessController extends AbstractBaseController {
* list all parametrized Queries created in a Gemfire data node
* @return result as a JSON document.
*/
- @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
+ @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_UTF8_VALUE })
@ApiOperation(
value = "list all parametrized queries",
notes = "List all parametrized queries by id/name",
@@ -165,7 +165,7 @@ public class QueryAccessController extends AbstractBaseController {
* @param oql OQL query string to be executed
* @return query result as a JSON document
*/
- @RequestMapping(method = RequestMethod.GET, value = "/adhoc", produces = { MediaType.APPLICATION_JSON_VALUE })
+ @RequestMapping(method = RequestMethod.GET, value = "/adhoc", produces = { MediaType.APPLICATION_JSON_UTF8_VALUE })
@ApiOperation(
value = "run an adhoc query",
notes = "Run an unnamed (unidentified), ad-hoc query passed as a URL parameter",