org.apache.http.HttpStatus.SC_FORBIDDEN

Here are the examples of the java api org.apache.http.HttpStatus.SC_FORBIDDEN taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

234 Examples 7

19 Source : RolesMappingApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

private void checkAllSfForbidden() throws Exception {
    rh.sendAdminCertificate = false;
    checkReadAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
    checkWriteAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
}

19 Source : RolesMappingApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

private void checkAllSfForbidden() throws Exception {
    rh.sendHTTPClientCertificate = false;
    checkReadAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
    checkWriteAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
}

19 Source : EventHelper.java
with MIT License
from dikhan

/**
 * Helper method to create an unexpected event result, by default containing a forbidden status code
 * @return error event result
 */
public static EventResult unexpectedErrorEvent() {
    return EventResult.errorEvent(String.valueOf(HttpStatus.SC_FORBIDDEN), "", "{}");
}

18 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void otherUserShouldNotSeeRepository() {
    callRepository(USER_OTHER, USER_Preplaced, repositoryType, HttpStatus.SC_FORBIDDEN);
}

18 Source : SchemaAuthTest.java
with Apache License 2.0
from personium

/**
 * access Dav resources with token with non confidential app auth and check the access control.
 */
private void checkResourcesWithSchema(String path, String file, String token, String boxName, String cellPath) {
    // Succeed: when p:requireSchemaAuthz does not present
    this.checkResourceSchema(path, file, token, "", HttpStatus.SC_OK, boxName, cellPath);
    // Succeed: when p:requireSchemaAuthz value is NONE
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.NONE, HttpStatus.SC_OK, boxName, cellPath);
    // Succeed: when p:requireSchemaAuthz value is PUBLIC
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.PUBLIC, HttpStatus.SC_OK, boxName, cellPath);
    // Fail: when p:requireSchemaAuthz value is CONFIDENTIAL
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.CONFIDENTIAL, HttpStatus.SC_FORBIDDEN, boxName, cellPath);
}

18 Source : IntegrationTests.java
with GNU General Public License v3.0
from hantsy

@Test
public void testDeleteAPost_withUserAuth_shouldReturn403() throws Exception {
    // @formatter:off
    given().auth().basic("user", "preplacedword").when().delete("/posts/" + this.slug).then().statusCode(HttpStatus.SC_FORBIDDEN);
// @formatter:on
}

17 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void otherUserShouldNotCloneRepository() {
    TestData.callRepository(USER_OTHER, USER_Preplaced, repositoryType, HttpStatus.SC_FORBIDDEN);
}

17 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void userWithWritePermissionShouldNotBeAuthorizedToDeleteRepository() {
    replacedertDeleteRepositoryOperation(HttpStatus.SC_FORBIDDEN, HttpStatus.SC_OK, USER_WRITE, repositoryType);
}

17 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void userWithReadPermissionShouldNotBeAuthorizedToDeleteRepository() {
    replacedertDeleteRepositoryOperation(HttpStatus.SC_FORBIDDEN, HttpStatus.SC_OK, USER_READ, repositoryType);
}

17 Source : JpaSecurityRealmTest.java
with Apache License 2.0
from quarkusio

@Test
@Order(4)
void shouldNotAccessUserWhenAdminAuthenticated() {
    given().auth().preemptive().basic("admin", "admin").when().get("/api/users/me").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : SchemaAuthTest.java
with Apache License 2.0
from personium

/**
 * access Dav resources with token without app auth and check the access control.
 */
private void checkDavAccessWithoutAppAuth(String path, String file, String token, String cellPath) {
    // Succeed: when p:requireSchemaAuthz does not present
    this.checkResourceSchema(path, file, token, "", HttpStatus.SC_OK, Setup.TEST_BOX1, cellPath);
    // Succeed: when p:requireSchemaAuthz value is NONE
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.NONE, HttpStatus.SC_OK, Setup.TEST_BOX1, cellPath);
    // Fail: when p:requireSchemaAuthz value is PUBLIC
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.PUBLIC, HttpStatus.SC_FORBIDDEN, Setup.TEST_BOX1, cellPath);
    // Fail: when p:requireSchemaAuthz value is CONFIDENTIAL
    this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.CONFIDENTIAL, HttpStatus.SC_FORBIDDEN, Setup.TEST_BOX1, cellPath);
}

17 Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

/**
 * Tests that a whitelisted API with an extra '/' does not cause an issue
 * i.e if only GET /_cluster/settings/ is whitelisted, then:
 * GET /_cluster/settings/  - OK
 * GET /_cluster/settings - OK
 * PUT /_cluster/settings/  - FORBIDDEN
 * PUT /_cluster/settings - FORBIDDEN
 * @throws Exception
 */
@Test
public void testWhitelistedApiWithExtraSlash() throws Exception {
    setup();
    // WHITELIST GET /_cluster/settings/ -  extra / in the request
    rh.keystore = "restapi/kirk-keystore.jks";
    rh.sendAdminCertificate = true;
    response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings/\": [\"GET\"]}}", nonAdminCredsHeader);
    // NON ADMIN ACCESS GET /_cluster/settings/ - OK
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cluster/settings/", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    // NON ADMIN ACCESS GET /_cluster/settings - OK
    response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    // NON ADMIN ACCESS PUT /_cluster/settings/ - FORBIDDEN
    response = rh.executePutRequest("_cluster/settings/", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // NON ADMIN ACCESS PUT /_cluster/settings - FORBIDDEN
    response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
}

17 Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

/**
 * Tests that non-whitelisted APIs are only accessible by superadmin
 *
 * @throws Exception
 */
@Test
public void checkNonWhitelistedApisAccessibleOnlyBySuperAdmin() throws Exception {
    setup();
    // ADD SOME WHITELISTED APIs - /_cat/nodes and /_cat/indices
    rh.keystore = "restapi/kirk-keystore.jks";
    rh.sendAdminCertificate = true;
    response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cat/nodes\": [\"GET\"],\"/_cat/indices\": [\"GET\"] }}", nonAdminCredsHeader);
    // NON ADMIN TRIES ACCESSING A NON-WHITELISTED API - FORBIDDEN
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cat/plugins", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // ADMIN TRIES ACCESSING A NON-WHITELISTED API - FORBIDDEN
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cat/plugins", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // SUPERADMIN TRIES ACCESSING A NON-WHITELISTED API - OK
    rh.sendAdminCertificate = true;
    response = rh.executeGetRequest("_cat/plugins", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
}

17 Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

/**
 * Tests that a whitelisted API without an extra '/' does not cause an issue
 * i.e if only GET /_cluster/settings is whitelisted, then:
 * GET /_cluster/settings/ - OK
 * GET /_cluster/settings - OK
 * PUT /_cluster/settings/ - FORBIDDEN
 * PUT /_cluster/settings - FORBIDDEN
 * @throws Exception
 */
@Test
public void testWhitelistedApiWithoutExtraSlash() throws Exception {
    setup();
    // WHITELIST GET /_cluster/settings (no extra / in request)
    rh.keystore = "restapi/kirk-keystore.jks";
    rh.sendAdminCertificate = true;
    response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader);
    // NON ADMIN ACCESS GET /_cluster/settings/ - OK
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cluster/settings/", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    // NON ADMIN ACCESS GET /_cluster/settings - OK
    response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    // NON ADMIN ACCESS PUT /_cluster/settings/ - FORBIDDEN
    response = rh.executePutRequest("_cluster/settings/", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // NON ADMIN ACCESS PUT /_cluster/settings - FORBIDDEN
    response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
}

17 Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

/**
 * Checks that request method specific whitelisting works properly.
 * Checks that if only GET /_cluster/settings is whitelisted, then:
 * non admin user can access GET /_cluster/settings, but not PUT /_cluster/settings
 * admin user can access GET /_cluster/settings, but not PUT /_cluster/settings
 * SuperAdmin can access GET /_cluster/settings and PUT /_cluster/settings
 */
@Test
public void checkSpecificRequestMethodWhitelisting() throws Exception {
    setup();
    // WHITELIST GET /_cluster/settings
    rh.keystore = "restapi/kirk-keystore.jks";
    rh.sendAdminCertificate = true;
    response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader);
    // NON-ADMIN TRIES ACCESSING GET - OK, PUT - FORBIDDEN
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", nonAdminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // ADMIN USER TRIES ACCESSING GET - OK, PUT - FORBIDDEN
    rh.sendAdminCertificate = false;
    response = rh.executeGetRequest("_cluster/settings", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
    // SUPERADMIN TRIES ACCESSING GET - OK, PUT - OK
    rh.sendAdminCertificate = true;
    response = rh.executeGetRequest("_cluster/settings", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
    response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
    replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
}

17 Source : EWSMethod.java
with GNU General Public License v2.0
from mguessan

public int getStatusCode() {
    if ("ErrorAccessDenied".equals(errorDetail)) {
        return HttpStatus.SC_FORBIDDEN;
    } else if ("ErrorItemNotFound".equals(errorDetail)) {
        return HttpStatus.SC_NOT_FOUND;
    } else {
        return response.getStatusLine().getStatusCode();
    }
}

17 Source : MockServerUtils.java
with MIT License
from dikhan

/**
 * Prepare the mock server to receive the given event and reply with a predefined forbidden response with no content
 * @param mockServerClient mock client to configure the incident/event upon
 * @param event expected to be received in the mock server from the client
 * @throws JsonProcessingException
 */
public static void prepareMockServerWithUnexpectedErrorResponse(MockServerClient mockServerClient, PagerDutyEvent event) throws JsonProcessingException {
    String noContentResponseBody = "{}";
    prepareMockServer(mockServerClient, event, HttpStatus.SC_FORBIDDEN, noContentResponseBody);
}

17 Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang

@Test
public void get_publish_log_anonymous_forbidden() {
    given().contentType(ContentType.JSON).when().get("/marketplace/publish/{taskId}/log", 1).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang

@Test
public void get_component_repo_publish_task_anonymous_forbidden() {
    given().contentType(ContentType.JSON).when().get("/marketplace/publish/{taskId}", 1).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang

@Test
public void list_my_component_repo_publishing_tasks_anonymous_forbidden() {
    given().contentType(ContentType.JSON).when().get("/user/component-repos/publishing-tasks").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : ComponentRepoControllerTest.java
with MIT License
from blocklang

@Test
public void list_my_component_repos_anonymous_forbidden() {
    given().contentType(ContentType.JSON).when().get("/user/component-repos").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : RepositoryControllerTest.java
with MIT License
from blocklang

@Test
public void get_deploy_setting_anonymous_can_not_get() {
    given().contentType(ContentType.JSON).when().get("/projects/{owner}/{project}/deploy_setting", "zhangsan", "my-project").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : RepositoryControllerTest.java
with MIT License
from blocklang

@Test
public void getYourReposAnonymousCanNotGet() {
    given().contentType(ContentType.JSON).when().get("/user/repos").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang

@Test
public void deleteDependencyAnonymousCanNotDelete() {
    String owner = "jack";
    String repoName = "repo1";
    String projectName = "project1";
    Integer dependencyId = 1;
    given().contentType(ContentType.JSON).when().delete("/repos/{owner}/{repoName}/{projectName}/dependencies/{dependencyId}", owner, repoName, projectName, dependencyId).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : CommitControllerTest.java
with MIT License
from blocklang

@Test
public void unstageChangesAnonymousCanNotUnstage() {
    String[] param = new String[] {};
    given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/unstage-changes", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : CommitControllerTest.java
with MIT License
from blocklang

@Test
public void stageChangesAnonymousCanNotStage() {
    String[] param = new String[] {};
    given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/stage-changes", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : LoggedUserControllerTest.java
with MIT License
from blocklang

@Test
public void get_profile_user_not_logged() {
    given().contentType(ContentType.JSON).when().get("/user/profile").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

17 Source : OIDCResourceOwnerPasswordCredentialRealmTest.java
with MIT License
from bakdata

private static void initOIDCServer() {
    OIDC_SERVER = startClientAndServer(MOCK_SERVER_PORT);
    // Mock well-known discovery endpoint (this is actually the output of keycloak)
    OIDC_SERVER.when(request().withMethod("GET").withPath(String.format("/realms/%s/.well-known/uma2-configuration", REALM_NAME))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"issuer\":\"" + MOCK_SERVER_URL + "/realms/EVA\"," + "\"authorization_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/auth\"," + "\"token_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/token\"," + "\"introspection_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/token/introspect\"" + ",\"end_session_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/logout\"," + "\"jwks_uri\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/certs\"," + "\"grant_types_supported\":[\"authorization_code\",\"implicit\",\"refresh_token\",\"preplacedword\",\"client_credentials\"]," + "\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\",\"id_token token\",\"code id_token\",\"code token\",\"code id_token token\"]," + "\"response_modes_supported\":[\"query\",\"fragment\",\"form_post\"]," + "\"registration_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/clients-registrations/openid-connect\"," + "\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]," + "\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"ES384\",\"RS384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]," + "\"scopes_supported\":[\"openid\",\"address\",\"email\",\"microprofile-jwt\",\"offline_access\",\"phone\",\"profile\",\"roles\",\"web-origins\"]," + "\"resource_registration_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/resource_set\"," + "\"permission_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/permission\"," + "\"policy_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/uma-policy\"}"));
    // Mock username-preplacedword-for-token exchange
    OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("preplacedword", USER_1_PreplacedWORD), param("grant_type", "preplacedword"), param("username", USER_1_NAME), param("scope", "openid")))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"token_type\" : \"Bearer\",\"access_token\" : \"" + USER_1_TOKEN + "\"}"));
    // Block other exchange requests (this has a lower prio than the above)
    OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token", REALM_NAME))).respond(response().withStatusCode(HttpStatus.SC_FORBIDDEN).withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"error\" : \"Wrong username or preplacedword\""));
    // Mock token introspection
    // For USER 1
    OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_1_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_1_NAME + "\", \"active\": true}"));
    // For USER 2
    OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_2_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_2_NAME + "\",\"name\" : \"" + USER_2_LABEL + "\", \"active\": true, \"groups\":[\"" + GROUPNAME_1 + "\",\"" + GROUPNAME_2 + "\"]}"));
    // For USER 3
    OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_3_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_3_NAME + "\",\"name\" : \"" + USER_3_LABEL + "\", \"active\": true}"));
    // At last (so it has the lowest priority): initialize a trap for debugging, that captures all unmapped requests
    OIDC_SERVER.when(request()).respond(new ExpectationResponseCallback() {

        @Override
        public HttpResponse handle(HttpRequest httpRequest) throws Exception {
            log.error("{} on {}\n\t Headers: {}n\tBody {}", httpRequest.getMethod(), httpRequest.getPath(), httpRequest.getHeaderList(), httpRequest.getBodyreplacedtring());
            fail("Trapped because request did not match. See log.");
            return null;
        }
    });
}

16 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void otherUserShouldNotSeeBruteForcePermissions() {
    given(VndMediaType.REPOSITORY_PERMISSION, USER_OTHER, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void writeUserShouldNotSeeBruteForcePermissions() {
    given(VndMediaType.REPOSITORY_PERMISSION, USER_WRITE, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : PermissionsITCase.java
with MIT License
from scm-manager

@Test
public void readUserShouldNotSeeBruteForcePermissions() {
    given(VndMediaType.REPOSITORY_PERMISSION, USER_READ, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : DavValidateTest.java
with Apache License 2.0
from personium

/**
 * コレクション名のバリデートチェック.
 */
@Test
public final void コレクション名のバリデートチェック() {
    String name;
    for (int i = 0; i < validNames.size(); i++) {
        name = validNames.get(i);
        final Http theReq = this.mkColRequest(name);
        theReq.returns().statusCode(HttpStatus.SC_FORBIDDEN);
    }
}

16 Source : WhitelistApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

/**
 * Tests 4 scenarios for accessing and using the API.
 * No creds, no admin certificate - UNAUTHORIZED
 * non admin creds, no admin certificate - FORBIDDEN
 * admin creds, no admin certificate - FORBIDDEN
 * any creds, admin certificate - OK
 *
 * @throws Exception
 */
@Test
public void testWhitelistApi() throws Exception {
    setupWithRestRoles(null);
    rh.keystore = "restapi/kirk-keystore.jks";
    // No creds, no admin certificate - UNAUTHORIZED
    testGetAndPut(HttpStatus.SC_UNAUTHORIZED, false);
    // non admin creds, no admin certificate - FORBIDDEN
    testGetAndPut(HttpStatus.SC_FORBIDDEN, false, nonAdminCredsHeader);
    // admin creds, no admin certificate - FORBIDDEN
    testGetAndPut(HttpStatus.SC_FORBIDDEN, false, adminCredsHeader);
    // any creds, admin certificate - OK
    testGetAndPut(HttpStatus.SC_OK, true, nonAdminCredsHeader);
}

16 Source : OpenDistroSecurityApiAccessTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

@Test
public void testRestApi() throws Exception {
    setup();
    // test with no cert, must fail
    replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
    replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
    // test with non-admin cert, must fail
    rh.keystore = "restapi/node-0-keystore.jks";
    rh.sendAdminCertificate = true;
    replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
    replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
}

16 Source : OpenDistroSecurityApiAccessTest.java
with Apache License 2.0
from opendistro-for-elasticsearch

@Test
public void testRestApi() throws Exception {
    setup();
    // test with no cert, must fail
    replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
    replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
    // test with non-admin cert, must fail
    rh.keystore = "restapi/node-0-keystore.jks";
    rh.sendHTTPClientCertificate = true;
    replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
    replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
}

16 Source : ReleaseControllerTest.java
with MIT License
from blocklang

@Test
public void check_version_user_is_unauthorization_not_login() {
    CheckReleaseVersionParam param = new CheckReleaseVersionParam();
    given().contentType(ContentType.JSON).body(param).when().post("/projects/{owner}/{projectName}/releases/check-version", "jack", "project").then().statusCode(HttpStatus.SC_FORBIDDEN).body(equalTo(""));
}

16 Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang

@Test
public void updateDependencyAnonymousCanNotUpdate() {
    String owner = "jack";
    String repoName = "repo1";
    String projectName = "project1";
    Integer dependencyId = 2;
    UpdateDependencyParam param = new UpdateDependencyParam();
    given().contentType(ContentType.JSON).body(param).when().put("/repos/{owner}/{repoName}/{projectName}/dependencies/{dependencyId}", owner, repoName, projectName, dependencyId).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang

// FIXME: 新增依赖需进一步优化,等重构完成后再优化。
@Test
public void addDependencyAnonymousCanNotAdd() {
    String owner = "jack";
    String repoName = "repo1";
    String projectName = "project1";
    AddDependencyParam param = new AddDependencyParam();
    given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/{projectName}/dependencies", owner, repoName, projectName).then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : PageDesignerControllerTest.java
with MIT License
from blocklang

@Test
public void update_page_model_anonymous_can_not_update() {
    PageModel model = new PageModel();
    given().contentType(ContentType.JSON).body(model).when().put("/designer/pages/{pageId}/model", "1").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

16 Source : CommitControllerTest.java
with MIT License
from blocklang

@Test
public void commitAnonymousCanNotCommit() {
    CommitMessage param = new CommitMessage();
    given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/commits", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaResponsesIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessWithNonMatchingConstraintResponse() {
    // given
    mock(200, "{\n" + "  \"result\": {\n" + "    \"allow\": false,\n" + "    \"abc\": {\n" + "    }\n" + "  }\n" + "}");
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaResponsesIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccess() {
    // given
    mock(200, "{\n" + "  \"result\": {\n" + "    \"allow\": false\n" + "    }\n" + "  }\n" + "}");
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaResponsesIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseIsBroken() {
    // given
    mock(500, "");
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaResponsesIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseEmpty() {
    // given
    // given
    mock(200, "");
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessWithConstraints() {
    // given
    OPA_RULE.mock(onRequest().withHttpMethod(method).withPath(path).deny().withConstraint(new ConstraintModel().addConstraint("customer_is", "1")));
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseIsBroken() {
    // given
    OPA_RULE.mock(onAnyRequest().serverError());
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseEmpty() {
    // given
    OPA_RULE.mock(onAnyRequest().emptyResponse());
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaIT.java
with MIT License
from SDA-SE

@Test
@Retry(5)
public void shouldDenyAccess() {
    // given
    OPA_RULE.mock(onRequest().withHttpMethod(method).withPath(path).deny());
    // when
    Response response = doGetRequest();
    // then
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : OpaConnectionMisconfiguredIT.java
with MIT License
from SDA-SE

@Test
public void shouldDenyAccess() {
    Response response = DW.client().target(// NOSONAR
    "http://localhost:" + DW.getLocalPort()).path("resources").request().get();
    replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}

15 Source : LogListTest.java
with Apache License 2.0
from personium

/**
 * アーカイブログファイル一覧取得_Depthヘッダにinfinityを指定した場合に403が返却されること.
 */
@Test
public final void アーカイブログファイル一覧取得_Depthヘッダにinfinityを指定した場合に403が返却されること() {
    String body = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + "<D:propfind xmlns:D=\"DAV:\"><D:allprop/></D:propfind>";
    Http.request("cell/log-propfind-with-body.txt").with("METHOD", io.personium.common.utils.CommonUtils.HttpMethod.PROPFIND).with("token", AbstractCase.MASTER_TOKEN_NAME).with("cellPath", Setup.TEST_CELL_EVENTLOG).with("collection", ARCHIVE_COLLECTION).with("depth", "infinity").with("body", body).returns().debug().statusCode(HttpStatus.SC_FORBIDDEN);
}

See More Examples