You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/11/21 21:06:37 UTC
ambari git commit: AMBARI-14004. Return HTTP 403 on REST API
authorization failures (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk fa2f120e8 -> 45bb354c7
AMBARI-14004. Return HTTP 403 on REST API authorization failures (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/45bb354c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/45bb354c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/45bb354c
Branch: refs/heads/trunk
Commit: 45bb354c771e6438158a1475a4f987d5a5553f09
Parents: fa2f120
Author: Robert Levas <rl...@hortonworks.com>
Authored: Sat Nov 21 15:06:27 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Sat Nov 21 15:06:27 2015 -0500
----------------------------------------------------------------------
.../server/api/handlers/CreateHandler.java | 3 +
.../server/api/handlers/DeleteHandler.java | 3 +
.../server/api/handlers/QueryCreateHandler.java | 3 +
.../ambari/server/api/handlers/ReadHandler.java | 3 +
.../server/api/handlers/UpdateHandler.java | 3 +
.../server/api/handlers/CreateHandlerTest.java | 32 ++++++
.../server/api/handlers/DeleteHandlerTest.java | 30 ++++++
.../api/handlers/QueryCreateHandlerTest.java | 102 +++++++++++++++++++
.../server/api/handlers/ReadHandlerTest.java | 35 +++++++
.../server/api/handlers/UpdateHandlerTest.java | 33 ++++++
10 files changed, 247 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/CreateHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/CreateHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/CreateHandler.java
index 706d2be..691a3ee 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/CreateHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/CreateHandler.java
@@ -22,6 +22,7 @@ import org.apache.ambari.server.api.resources.*;
import org.apache.ambari.server.api.services.*;
import org.apache.ambari.server.api.services.ResultStatus;
import org.apache.ambari.server.controller.spi.*;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
/**
@@ -47,6 +48,8 @@ public class CreateHandler extends BaseManagementHandler {
result.setResultStatus(new ResultStatus(ResultStatus.STATUS.ACCEPTED));
}
+ } catch (AuthorizationException e) {
+ result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.FORBIDDEN, e.getMessage()));
} catch (UnsupportedPropertyException e) {
result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e.getMessage()));
} catch (NoSuchParentResourceException e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/DeleteHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/DeleteHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/DeleteHandler.java
index 55385a5..8580196 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/DeleteHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/DeleteHandler.java
@@ -30,6 +30,7 @@ import org.apache.ambari.server.controller.spi.NoSuchResourceException;
import org.apache.ambari.server.controller.spi.RequestStatus;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
/**
* Responsible for delete requests.
@@ -49,6 +50,8 @@ public class DeleteHandler extends BaseManagementHandler implements RequestHandl
} else {
result.setResultStatus(new ResultStatus(ResultStatus.STATUS.ACCEPTED));
}
+ } catch (AuthorizationException e) {
+ result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.FORBIDDEN, e.getMessage()));
} catch (SystemException e) {
result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.SERVER_ERROR, e));
} catch (NoSuchParentResourceException e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/QueryCreateHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/QueryCreateHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/QueryCreateHandler.java
index 1bc4a0f..534ee7b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/QueryCreateHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/QueryCreateHandler.java
@@ -26,6 +26,7 @@ import org.apache.ambari.server.api.services.*;
import org.apache.ambari.server.api.services.Request;
import org.apache.ambari.server.api.util.TreeNode;
import org.apache.ambari.server.controller.spi.*;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import java.util.*;
@@ -178,6 +179,8 @@ public class QueryCreateHandler extends BaseManagementHandler {
} else {
result.setResultStatus(new ResultStatus(ResultStatus.STATUS.ACCEPTED));
}
+ } catch (AuthorizationException e) {
+ result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.FORBIDDEN, e.getMessage()));
} catch (UnsupportedPropertyException e) {
result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
} catch (ResourceAlreadyExistsException e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/ReadHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/ReadHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/ReadHandler.java
index a71ad0c..95e45d6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/ReadHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/ReadHandler.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.TemporalInfo;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -67,6 +68,8 @@ public class ReadHandler implements RequestHandler {
result = query.execute();
result.setResultStatus(new ResultStatus(ResultStatus.STATUS.OK));
+ } catch (AuthorizationException e) {
+ result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.FORBIDDEN, e.getMessage()));
} catch (SystemException e) {
result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.SERVER_ERROR, e));
} catch (NoSuchParentResourceException e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/UpdateHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/UpdateHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/UpdateHandler.java
index 338d411..bb66fae 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/UpdateHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/handlers/UpdateHandler.java
@@ -28,6 +28,7 @@ import org.apache.ambari.server.controller.spi.NoSuchResourceException;
import org.apache.ambari.server.controller.spi.RequestStatus;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
/**
@@ -48,6 +49,8 @@ public class UpdateHandler extends BaseManagementHandler {
result.setResultStatus(new ResultStatus(ResultStatus.STATUS.ACCEPTED));
}
+ } catch (AuthorizationException e) {
+ result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.FORBIDDEN, e.getMessage()));
} catch (UnsupportedPropertyException e) {
result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
} catch (IllegalArgumentException e) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/CreateHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/CreateHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/CreateHandlerTest.java
index 2b50064..757bc36 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/CreateHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/CreateHandlerTest.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.api.util.TreeNode;
import org.apache.ambari.server.controller.spi.RequestStatus;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.view.ViewRegistry;
import org.junit.Before;
import org.junit.Test;
@@ -238,6 +239,37 @@ public class CreateHandlerTest {
requestResource);
}
+ @Test
+ public void testHandleRequest__AuthorizationFailure() throws Exception {
+ Request request = createMock(Request.class);
+ RequestBody body = createMock(RequestBody.class);
+ ResourceInstance resource = createMock(ResourceInstance.class);
+ ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class);
+ Query query = createStrictMock(Query.class);
+ PersistenceManager pm = createStrictMock(PersistenceManager.class);
+ Renderer renderer = new DefaultRenderer();
+
+ // expectations
+ expect(request.getResource()).andReturn(resource).atLeastOnce();
+ expect(request.getBody()).andReturn(body).atLeastOnce();
+ expect(request.getQueryPredicate()).andReturn(null).atLeastOnce();
+ expect(request.getRenderer()).andReturn(renderer);
+
+ expect(resource.getQuery()).andReturn(query);
+ query.setRenderer(renderer);
+ expect(resource.getResourceDefinition()).andReturn(resourceDefinition).anyTimes();
+ expect(resourceDefinition.isCreatable()).andReturn(true).anyTimes();
+
+ expect(pm.create(resource, body)).andThrow(new AuthorizationException());
+
+ replay(request, body, resource, resourceDefinition, query, pm);
+
+ Result result = new TestCreateHandler(pm).handleRequest(request);
+
+ assertEquals(ResultStatus.STATUS.FORBIDDEN, result.getStatus().getStatus());
+ verify(request, body, resource, resourceDefinition, query, pm);
+ }
+
private class TestCreateHandler extends CreateHandler {
private PersistenceManager m_testPm;
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/DeleteHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/DeleteHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/DeleteHandlerTest.java
index 4f053fd..fb70be6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/DeleteHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/DeleteHandlerTest.java
@@ -32,6 +32,7 @@ import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.RequestStatus;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.view.ViewRegistry;
import org.junit.Before;
import org.junit.Test;
@@ -242,6 +243,35 @@ public class DeleteHandlerTest {
}
@Test
+ public void testHandleRequest__AuthorizationFailure() throws Exception {
+ Request request = createMock(Request.class);
+ RequestBody body = createMock(RequestBody.class);
+ ResourceInstance resource = createMock(ResourceInstance.class);
+ PersistenceManager pm = createStrictMock(PersistenceManager.class);
+ Query query = createMock(Query.class);
+ Renderer renderer = new DefaultRenderer();
+
+ // expectations
+ expect(request.getResource()).andReturn(resource).anyTimes();
+ expect(request.getBody()).andReturn(body).atLeastOnce();
+ // test delete with no user predicate
+ expect(request.getQueryPredicate()).andReturn(null).atLeastOnce();
+ expect(resource.getQuery()).andReturn(query).atLeastOnce();
+ expect(request.getRenderer()).andReturn(renderer);
+ query.setRenderer(renderer);
+
+ expect(pm.delete(resource, body)).andThrow(new AuthorizationException());
+
+ replay(request, body, resource, pm, query);
+
+ Result result = new TestDeleteHandler(pm).handleRequest(request);
+
+ assertEquals(ResultStatus.STATUS.FORBIDDEN, result.getStatus().getStatus());
+
+ verify(request, body, resource, pm, query);
+ }
+
+ @Test
public void testIdempotentPersist() throws Exception {
Request request = createNiceMock(Request.class);
RequestBody body = createNiceMock(RequestBody.class);
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/QueryCreateHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/QueryCreateHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/QueryCreateHandlerTest.java
index fa35940..89d13c3 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/QueryCreateHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/QueryCreateHandlerTest.java
@@ -30,6 +30,7 @@ import org.apache.ambari.server.api.util.TreeNode;
import org.apache.ambari.server.api.util.TreeNodeImpl;
import org.apache.ambari.server.controller.spi.*;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.easymock.*;
import org.junit.Test;
@@ -614,6 +615,107 @@ public class QueryCreateHandlerTest {
readHandler, queryResultStatus);
}
+ @Test
+ public void testHandleRequest_AuthorizationFailure() throws Exception {
+ final String BODY_STRING = "Body string";
+ Request request = createMock(Request.class);
+ RequestBody body = createMock(RequestBody.class);
+ ResourceInstance resourceInstance = createMock(ResourceInstance.class);
+ ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class);
+ ResourceInstanceFactory resourceInstanceFactory = createMock(ResourceInstanceFactory.class);
+ Query query = createMock(Query.class);
+ Predicate predicate = createMock(Predicate.class);
+ Result result = createMock(Result.class);
+ ResourceInstance subResource = createMock(ResourceInstance.class);
+ ResourceDefinition subResourceDefinition = createMock(ResourceDefinition.class);
+ ClusterController controller = createMock(ClusterController.class);
+ Schema serviceSchema = createMock(Schema.class);
+ Schema componentSchema = createMock(Schema.class);
+ String resourceKeyProperty = "resourceKeyProperty";
+ String createKeyProperty = "createKeyProperty";
+ Resource resource1 = createMock(Resource.class);
+ Resource resource2 = createMock(Resource.class);
+ PersistenceManager pm = createMock(PersistenceManager.class);
+ ResourceInstance createResource = createMock(ResourceInstance.class);
+ RequestHandler readHandler = createStrictMock(RequestHandler.class);
+ ResultStatus resultStatus = createMock(ResultStatus.class);
+
+ Map<Resource.Type, String> mapIds = new HashMap<Resource.Type, String>();
+
+ Set<NamedPropertySet> setRequestProps = new HashSet<NamedPropertySet>();
+
+ Map<String, Object> mapProperties = new HashMap<String, Object>();
+ Set<Map<String, Object>> arraySet = new HashSet<Map<String, Object>>();
+
+ mapProperties.put("components", arraySet);
+
+ Map<String, Object> map = new HashMap<String, Object>();
+ map.put(PropertyHelper.getPropertyId("ServiceComponentInfo", "component_name"), "SECONDARY_NAMENODE");
+ arraySet.add(map);
+
+ map = new HashMap<String, Object>();
+ map.put(PropertyHelper.getPropertyId("ServiceComponentInfo", "component_name"), "HDFS_CLIENT");
+ arraySet.add(map);
+
+ setRequestProps.add(new NamedPropertySet("", mapProperties));
+
+ Map<String, ResourceInstance> mapSubResources = new HashMap<String, ResourceInstance>();
+ mapSubResources.put("components", subResource);
+
+ TreeNode<Resource> resultTree = new TreeNodeImpl<Resource>(null, null, "result");
+ resultTree.addChild(resource1, "resource1");
+ resultTree.addChild(resource2, "resource2");
+
+ //expectations
+ expect(readHandler.handleRequest(request)).andReturn(result).atLeastOnce();
+ expect(result.getStatus()).andReturn(resultStatus).atLeastOnce();
+ expect(resultStatus.isErrorState()).andReturn(false).atLeastOnce();
+
+ expect(body.getBody()).andReturn(BODY_STRING).atLeastOnce();
+
+ expect(request.getResource()).andReturn(resourceInstance).atLeastOnce();
+ expect(request.getBody()).andReturn(body).atLeastOnce();
+ expect(body.getNamedPropertySets()).andReturn(setRequestProps).atLeastOnce();
+
+ expect(resourceInstance.getResourceDefinition()).andReturn(resourceDefinition).atLeastOnce();
+ expect(resourceInstance.getKeyValueMap()).andReturn(mapIds).atLeastOnce();
+ expect(resourceInstance.getSubResources()).andReturn(mapSubResources).atLeastOnce();
+
+ expect(resourceDefinition.getType()).andReturn(Resource.Type.Service).atLeastOnce();
+
+ expect(subResource.getResourceDefinition()).andReturn(subResourceDefinition).atLeastOnce();
+ expect(subResourceDefinition.getType()).andReturn(Resource.Type.Component).atLeastOnce();
+
+ expect(controller.getSchema(Resource.Type.Service)).andReturn(serviceSchema).atLeastOnce();
+ expect(controller.getSchema(Resource.Type.Component)).andReturn(componentSchema).atLeastOnce();
+
+ expect(serviceSchema.getKeyPropertyId(Resource.Type.Service)).andReturn(resourceKeyProperty).atLeastOnce();
+ expect(componentSchema.getKeyPropertyId(Resource.Type.Service)).andReturn(createKeyProperty).atLeastOnce();
+
+ expect(result.getResultTree()).andReturn(resultTree).atLeastOnce();
+ expect(resource1.getPropertyValue(resourceKeyProperty)).andReturn("id1").atLeastOnce();
+ expect(resource2.getPropertyValue(resourceKeyProperty)).andReturn("id2").atLeastOnce();
+
+ expect(resourceInstanceFactory.createResource(Resource.Type.Component, mapIds)).
+ andReturn(createResource).atLeastOnce();
+
+ expect(pm.create(anyObject(ResourceInstance.class), anyObject(RequestBody.class))).andThrow(new AuthorizationException());
+
+ replay(request, body, resourceInstance, resourceDefinition, query, predicate, result, subResource,
+ subResourceDefinition, controller, serviceSchema, componentSchema, resource1, resource2,
+ pm, resourceInstanceFactory, createResource, readHandler, resultStatus);
+
+ //test
+ Result testResult = new TestQueryCreateHandler(resourceInstanceFactory, controller, pm, readHandler).
+ handleRequest(request);
+
+ assertEquals(ResultStatus.STATUS.FORBIDDEN, testResult.getStatus().getStatus());
+
+ verify(request, body, resourceInstance, resourceDefinition, query, predicate, result, subResource,
+ subResourceDefinition, controller, serviceSchema, componentSchema, resource1, resource2,
+ pm, resourceInstanceFactory, createResource, readHandler, resultStatus);
+ }
+
static class TestQueryCreateHandler extends QueryCreateHandler {
private ResourceInstanceFactory m_resourceFactory;
private ClusterController m_controller;
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/ReadHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/ReadHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/ReadHandlerTest.java
index c3fc13b..5cb601e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/ReadHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/ReadHandlerTest.java
@@ -26,6 +26,7 @@ import org.apache.ambari.server.api.services.Request;
import org.apache.ambari.server.api.services.Result;
import org.apache.ambari.server.api.services.ResultStatus;
import org.apache.ambari.server.controller.spi.*;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.easymock.Capture;
import org.junit.Test;
@@ -295,4 +296,38 @@ public class ReadHandlerTest {
assertEquals(exception.getMessage(), result.getStatus().getMessage());
verify(request, resource, query);
}
+
+ @Test
+ public void testHandleRequest__AuthorizationException() throws Exception {
+ Request request = createStrictMock(Request.class);
+ ResourceInstance resource = createStrictMock(ResourceInstance.class);
+ Query query = createMock(Query.class);
+ Predicate predicate = createMock(Predicate.class);
+ Renderer renderer = new DefaultRenderer();
+
+ expect(request.getResource()).andReturn(resource);
+ expect(resource.getQuery()).andReturn(query);
+
+ expect(request.getPageRequest()).andReturn(null);
+ expect(request.getSortRequest()).andReturn(null);
+ expect(request.getRenderer()).andReturn(renderer);
+ expect(request.getFields()).andReturn(Collections.<String, TemporalInfo>emptyMap());
+
+ expect(request.getQueryPredicate()).andReturn(predicate);
+ query.setUserPredicate(predicate);
+ query.setPageRequest(null);
+ query.setSortRequest(null);
+ query.setRenderer(renderer);
+ AuthorizationException authorizationException = new AuthorizationException("testMsg");
+ expect(query.execute()).andThrow(authorizationException);
+
+ replay(request, resource, query, predicate);
+
+ //test
+ ReadHandler handler = new ReadHandler();
+ Result result = handler.handleRequest(request);
+ assertEquals(ResultStatus.STATUS.FORBIDDEN, result.getStatus().getStatus());
+ assertEquals(authorizationException.getMessage(), result.getStatus().getMessage());
+ verify(request, resource, query, predicate);
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/45bb354c/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/UpdateHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/UpdateHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/UpdateHandlerTest.java
index c88a0ec..85eea31 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/UpdateHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/handlers/UpdateHandlerTest.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.RequestStatus;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.view.ViewRegistry;
import org.junit.Before;
import org.junit.Test;
@@ -234,6 +235,38 @@ public class UpdateHandlerTest {
verify(request, body, resource, pm, status, resource1, resource2, requestResource, userPredicate, query);
}
+ @Test
+ public void testHandleRequest__AuthorizationFailure() throws Exception {
+ Request request = createMock(Request.class);
+ RequestBody body = createMock(RequestBody.class);
+ ResourceInstance resource = createMock(ResourceInstance.class);
+ PersistenceManager pm = createStrictMock(PersistenceManager.class);
+ Predicate userPredicate = createMock(Predicate.class);
+ Query query = createMock(Query.class);
+ Renderer renderer = new DefaultRenderer();
+
+ // expectations
+ expect(request.getResource()).andReturn(resource).atLeastOnce();
+ expect(request.getBody()).andReturn(body).atLeastOnce();
+ expect(request.getQueryPredicate()).andReturn(userPredicate).atLeastOnce();
+ expect(request.getRenderer()).andReturn(renderer).atLeastOnce();
+
+ expect(resource.getQuery()).andReturn(query).atLeastOnce();
+ query.setRenderer(renderer);
+ query.setUserPredicate(userPredicate);
+
+ expect(pm.update(resource, body)).andThrow(new AuthorizationException());
+
+ replay(request, body, resource, pm, userPredicate, query);
+
+ Result result = new TestUpdateHandler(pm).handleRequest(request);
+
+ assertNotNull(result);
+
+ assertEquals(ResultStatus.STATUS.FORBIDDEN, result.getStatus().getStatus());
+ verify(request, body, resource, pm, userPredicate, query);
+ }
+
private class TestUpdateHandler extends UpdateHandler {
private PersistenceManager m_testPm;