Here are the examples of the java api org.apache.http.HttpStatus.SC_FORBIDDEN taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
234 Examples
19
Source : RolesMappingApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
private void checkAllSfForbidden() throws Exception {
rh.sendAdminCertificate = false;
checkReadAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
checkWriteAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
}
19
Source : RolesMappingApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
private void checkAllSfForbidden() throws Exception {
rh.sendHTTPClientCertificate = false;
checkReadAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
checkWriteAccess(HttpStatus.SC_FORBIDDEN, "picard", "picard", "sf", "ships", 1);
}
19
Source : EventHelper.java
with MIT License
from dikhan
with MIT License
from dikhan
/**
* Helper method to create an unexpected event result, by default containing a forbidden status code
* @return error event result
*/
public static EventResult unexpectedErrorEvent() {
return EventResult.errorEvent(String.valueOf(HttpStatus.SC_FORBIDDEN), "", "{}");
}
18
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void otherUserShouldNotSeeRepository() {
callRepository(USER_OTHER, USER_Preplaced, repositoryType, HttpStatus.SC_FORBIDDEN);
}
18
Source : SchemaAuthTest.java
with Apache License 2.0
from personium
with Apache License 2.0
from personium
/**
* access Dav resources with token with non confidential app auth and check the access control.
*/
private void checkResourcesWithSchema(String path, String file, String token, String boxName, String cellPath) {
// Succeed: when p:requireSchemaAuthz does not present
this.checkResourceSchema(path, file, token, "", HttpStatus.SC_OK, boxName, cellPath);
// Succeed: when p:requireSchemaAuthz value is NONE
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.NONE, HttpStatus.SC_OK, boxName, cellPath);
// Succeed: when p:requireSchemaAuthz value is PUBLIC
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.PUBLIC, HttpStatus.SC_OK, boxName, cellPath);
// Fail: when p:requireSchemaAuthz value is CONFIDENTIAL
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.CONFIDENTIAL, HttpStatus.SC_FORBIDDEN, boxName, cellPath);
}
18
Source : IntegrationTests.java
with GNU General Public License v3.0
from hantsy
with GNU General Public License v3.0
from hantsy
@Test
public void testDeleteAPost_withUserAuth_shouldReturn403() throws Exception {
// @formatter:off
given().auth().basic("user", "preplacedword").when().delete("/posts/" + this.slug).then().statusCode(HttpStatus.SC_FORBIDDEN);
// @formatter:on
}
17
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void otherUserShouldNotCloneRepository() {
TestData.callRepository(USER_OTHER, USER_Preplaced, repositoryType, HttpStatus.SC_FORBIDDEN);
}
17
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void userWithWritePermissionShouldNotBeAuthorizedToDeleteRepository() {
replacedertDeleteRepositoryOperation(HttpStatus.SC_FORBIDDEN, HttpStatus.SC_OK, USER_WRITE, repositoryType);
}
17
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void userWithReadPermissionShouldNotBeAuthorizedToDeleteRepository() {
replacedertDeleteRepositoryOperation(HttpStatus.SC_FORBIDDEN, HttpStatus.SC_OK, USER_READ, repositoryType);
}
17
Source : JpaSecurityRealmTest.java
with Apache License 2.0
from quarkusio
with Apache License 2.0
from quarkusio
@Test
@Order(4)
void shouldNotAccessUserWhenAdminAuthenticated() {
given().auth().preemptive().basic("admin", "admin").when().get("/api/users/me").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : SchemaAuthTest.java
with Apache License 2.0
from personium
with Apache License 2.0
from personium
/**
* access Dav resources with token without app auth and check the access control.
*/
private void checkDavAccessWithoutAppAuth(String path, String file, String token, String cellPath) {
// Succeed: when p:requireSchemaAuthz does not present
this.checkResourceSchema(path, file, token, "", HttpStatus.SC_OK, Setup.TEST_BOX1, cellPath);
// Succeed: when p:requireSchemaAuthz value is NONE
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.NONE, HttpStatus.SC_OK, Setup.TEST_BOX1, cellPath);
// Fail: when p:requireSchemaAuthz value is PUBLIC
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.PUBLIC, HttpStatus.SC_FORBIDDEN, Setup.TEST_BOX1, cellPath);
// Fail: when p:requireSchemaAuthz value is CONFIDENTIAL
this.checkResourceSchema(path, file, token, OAuth2Helper.SchemaLevel.CONFIDENTIAL, HttpStatus.SC_FORBIDDEN, Setup.TEST_BOX1, cellPath);
}
17
Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
/**
* Tests that a whitelisted API with an extra '/' does not cause an issue
* i.e if only GET /_cluster/settings/ is whitelisted, then:
* GET /_cluster/settings/ - OK
* GET /_cluster/settings - OK
* PUT /_cluster/settings/ - FORBIDDEN
* PUT /_cluster/settings - FORBIDDEN
* @throws Exception
*/
@Test
public void testWhitelistedApiWithExtraSlash() throws Exception {
setup();
// WHITELIST GET /_cluster/settings/ - extra / in the request
rh.keystore = "restapi/kirk-keystore.jks";
rh.sendAdminCertificate = true;
response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings/\": [\"GET\"]}}", nonAdminCredsHeader);
// NON ADMIN ACCESS GET /_cluster/settings/ - OK
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cluster/settings/", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
// NON ADMIN ACCESS GET /_cluster/settings - OK
response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
// NON ADMIN ACCESS PUT /_cluster/settings/ - FORBIDDEN
response = rh.executePutRequest("_cluster/settings/", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// NON ADMIN ACCESS PUT /_cluster/settings - FORBIDDEN
response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
}
17
Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
/**
* Tests that non-whitelisted APIs are only accessible by superadmin
*
* @throws Exception
*/
@Test
public void checkNonWhitelistedApisAccessibleOnlyBySuperAdmin() throws Exception {
setup();
// ADD SOME WHITELISTED APIs - /_cat/nodes and /_cat/indices
rh.keystore = "restapi/kirk-keystore.jks";
rh.sendAdminCertificate = true;
response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cat/nodes\": [\"GET\"],\"/_cat/indices\": [\"GET\"] }}", nonAdminCredsHeader);
// NON ADMIN TRIES ACCESSING A NON-WHITELISTED API - FORBIDDEN
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cat/plugins", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// ADMIN TRIES ACCESSING A NON-WHITELISTED API - FORBIDDEN
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cat/plugins", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// SUPERADMIN TRIES ACCESSING A NON-WHITELISTED API - OK
rh.sendAdminCertificate = true;
response = rh.executeGetRequest("_cat/plugins", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
}
17
Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
/**
* Tests that a whitelisted API without an extra '/' does not cause an issue
* i.e if only GET /_cluster/settings is whitelisted, then:
* GET /_cluster/settings/ - OK
* GET /_cluster/settings - OK
* PUT /_cluster/settings/ - FORBIDDEN
* PUT /_cluster/settings - FORBIDDEN
* @throws Exception
*/
@Test
public void testWhitelistedApiWithoutExtraSlash() throws Exception {
setup();
// WHITELIST GET /_cluster/settings (no extra / in request)
rh.keystore = "restapi/kirk-keystore.jks";
rh.sendAdminCertificate = true;
response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader);
// NON ADMIN ACCESS GET /_cluster/settings/ - OK
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cluster/settings/", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
// NON ADMIN ACCESS GET /_cluster/settings - OK
response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
// NON ADMIN ACCESS PUT /_cluster/settings/ - FORBIDDEN
response = rh.executePutRequest("_cluster/settings/", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// NON ADMIN ACCESS PUT /_cluster/settings - FORBIDDEN
response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
}
17
Source : OpenDistroSecurityRestFilterTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
/**
* Checks that request method specific whitelisting works properly.
* Checks that if only GET /_cluster/settings is whitelisted, then:
* non admin user can access GET /_cluster/settings, but not PUT /_cluster/settings
* admin user can access GET /_cluster/settings, but not PUT /_cluster/settings
* SuperAdmin can access GET /_cluster/settings and PUT /_cluster/settings
*/
@Test
public void checkSpecificRequestMethodWhitelisting() throws Exception {
setup();
// WHITELIST GET /_cluster/settings
rh.keystore = "restapi/kirk-keystore.jks";
rh.sendAdminCertificate = true;
response = rh.executePutRequest("_opendistro/_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader);
// NON-ADMIN TRIES ACCESSING GET - OK, PUT - FORBIDDEN
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cluster/settings", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", nonAdminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// ADMIN USER TRIES ACCESSING GET - OK, PUT - FORBIDDEN
rh.sendAdminCertificate = false;
response = rh.executeGetRequest("_cluster/settings", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
// SUPERADMIN TRIES ACCESSING GET - OK, PUT - OK
rh.sendAdminCertificate = true;
response = rh.executeGetRequest("_cluster/settings", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
response = rh.executePutRequest("_cluster/settings", "{\"persistent\": { }, \"transient\": {\"indices.recovery.max_bytes_per_sec\": \"15mb\" }}", adminCredsHeader);
replacedertThat(response.getBody(), response.getStatusCode(), equalTo(HttpStatus.SC_OK));
}
17
Source : EWSMethod.java
with GNU General Public License v2.0
from mguessan
with GNU General Public License v2.0
from mguessan
public int getStatusCode() {
if ("ErrorAccessDenied".equals(errorDetail)) {
return HttpStatus.SC_FORBIDDEN;
} else if ("ErrorItemNotFound".equals(errorDetail)) {
return HttpStatus.SC_NOT_FOUND;
} else {
return response.getStatusLine().getStatusCode();
}
}
17
Source : MockServerUtils.java
with MIT License
from dikhan
with MIT License
from dikhan
/**
* Prepare the mock server to receive the given event and reply with a predefined forbidden response with no content
* @param mockServerClient mock client to configure the incident/event upon
* @param event expected to be received in the mock server from the client
* @throws JsonProcessingException
*/
public static void prepareMockServerWithUnexpectedErrorResponse(MockServerClient mockServerClient, PagerDutyEvent event) throws JsonProcessingException {
String noContentResponseBody = "{}";
prepareMockServer(mockServerClient, event, HttpStatus.SC_FORBIDDEN, noContentResponseBody);
}
17
Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void get_publish_log_anonymous_forbidden() {
given().contentType(ContentType.JSON).when().get("/marketplace/publish/{taskId}/log", 1).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void get_component_repo_publish_task_anonymous_forbidden() {
given().contentType(ContentType.JSON).when().get("/marketplace/publish/{taskId}", 1).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : GitRepoPublishTaskControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void list_my_component_repo_publishing_tasks_anonymous_forbidden() {
given().contentType(ContentType.JSON).when().get("/user/component-repos/publishing-tasks").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : ComponentRepoControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void list_my_component_repos_anonymous_forbidden() {
given().contentType(ContentType.JSON).when().get("/user/component-repos").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : RepositoryControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void get_deploy_setting_anonymous_can_not_get() {
given().contentType(ContentType.JSON).when().get("/projects/{owner}/{project}/deploy_setting", "zhangsan", "my-project").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : RepositoryControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void getYourReposAnonymousCanNotGet() {
given().contentType(ContentType.JSON).when().get("/user/repos").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void deleteDependencyAnonymousCanNotDelete() {
String owner = "jack";
String repoName = "repo1";
String projectName = "project1";
Integer dependencyId = 1;
given().contentType(ContentType.JSON).when().delete("/repos/{owner}/{repoName}/{projectName}/dependencies/{dependencyId}", owner, repoName, projectName, dependencyId).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : CommitControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void unstageChangesAnonymousCanNotUnstage() {
String[] param = new String[] {};
given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/unstage-changes", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : CommitControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void stageChangesAnonymousCanNotStage() {
String[] param = new String[] {};
given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/stage-changes", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : LoggedUserControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void get_profile_user_not_logged() {
given().contentType(ContentType.JSON).when().get("/user/profile").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
17
Source : OIDCResourceOwnerPasswordCredentialRealmTest.java
with MIT License
from bakdata
with MIT License
from bakdata
private static void initOIDCServer() {
OIDC_SERVER = startClientAndServer(MOCK_SERVER_PORT);
// Mock well-known discovery endpoint (this is actually the output of keycloak)
OIDC_SERVER.when(request().withMethod("GET").withPath(String.format("/realms/%s/.well-known/uma2-configuration", REALM_NAME))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"issuer\":\"" + MOCK_SERVER_URL + "/realms/EVA\"," + "\"authorization_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/auth\"," + "\"token_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/token\"," + "\"introspection_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/token/introspect\"" + ",\"end_session_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/logout\"," + "\"jwks_uri\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/protocol/openid-connect/certs\"," + "\"grant_types_supported\":[\"authorization_code\",\"implicit\",\"refresh_token\",\"preplacedword\",\"client_credentials\"]," + "\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\",\"id_token token\",\"code id_token\",\"code token\",\"code id_token token\"]," + "\"response_modes_supported\":[\"query\",\"fragment\",\"form_post\"]," + "\"registration_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/clients-registrations/openid-connect\"," + "\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]," + "\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"ES384\",\"RS384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]," + "\"scopes_supported\":[\"openid\",\"address\",\"email\",\"microprofile-jwt\",\"offline_access\",\"phone\",\"profile\",\"roles\",\"web-origins\"]," + "\"resource_registration_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/resource_set\"," + "\"permission_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/permission\"," + "\"policy_endpoint\":\"" + MOCK_SERVER_URL + "/realms/" + REALM_NAME + "/authz/protection/uma-policy\"}"));
// Mock username-preplacedword-for-token exchange
OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("preplacedword", USER_1_PreplacedWORD), param("grant_type", "preplacedword"), param("username", USER_1_NAME), param("scope", "openid")))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"token_type\" : \"Bearer\",\"access_token\" : \"" + USER_1_TOKEN + "\"}"));
// Block other exchange requests (this has a lower prio than the above)
OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token", REALM_NAME))).respond(response().withStatusCode(HttpStatus.SC_FORBIDDEN).withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"error\" : \"Wrong username or preplacedword\""));
// Mock token introspection
// For USER 1
OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_1_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_1_NAME + "\", \"active\": true}"));
// For USER 2
OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_2_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_2_NAME + "\",\"name\" : \"" + USER_2_LABEL + "\", \"active\": true, \"groups\":[\"" + GROUPNAME_1 + "\",\"" + GROUPNAME_2 + "\"]}"));
// For USER 3
OIDC_SERVER.when(request().withMethod("POST").withPath(String.format("/realms/%s/protocol/openid-connect/token/introspect", REALM_NAME)).withHeaders(header("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")).withBody(params(param("token_type_hint", "access_token"), param("token", USER_3_TOKEN)))).respond(response().withContentType(MediaType.APPLICATION_JSON_UTF_8).withBody("{\"username\" : \"" + USER_3_NAME + "\",\"name\" : \"" + USER_3_LABEL + "\", \"active\": true}"));
// At last (so it has the lowest priority): initialize a trap for debugging, that captures all unmapped requests
OIDC_SERVER.when(request()).respond(new ExpectationResponseCallback() {
@Override
public HttpResponse handle(HttpRequest httpRequest) throws Exception {
log.error("{} on {}\n\t Headers: {}n\tBody {}", httpRequest.getMethod(), httpRequest.getPath(), httpRequest.getHeaderList(), httpRequest.getBodyreplacedtring());
fail("Trapped because request did not match. See log.");
return null;
}
});
}
16
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void otherUserShouldNotSeeBruteForcePermissions() {
given(VndMediaType.REPOSITORY_PERMISSION, USER_OTHER, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void writeUserShouldNotSeeBruteForcePermissions() {
given(VndMediaType.REPOSITORY_PERMISSION, USER_WRITE, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : PermissionsITCase.java
with MIT License
from scm-manager
with MIT License
from scm-manager
@Test
public void readUserShouldNotSeeBruteForcePermissions() {
given(VndMediaType.REPOSITORY_PERMISSION, USER_READ, USER_Preplaced).when().get(TestData.getDefaultPermissionUrl(USER_SCM_ADMIN, USER_SCM_ADMIN, repositoryType)).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : DavValidateTest.java
with Apache License 2.0
from personium
with Apache License 2.0
from personium
/**
* コレクション名のバリデートチェック.
*/
@Test
public final void コレクション名のバリデートチェック() {
String name;
for (int i = 0; i < validNames.size(); i++) {
name = validNames.get(i);
final Http theReq = this.mkColRequest(name);
theReq.returns().statusCode(HttpStatus.SC_FORBIDDEN);
}
}
16
Source : WhitelistApiTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
/**
* Tests 4 scenarios for accessing and using the API.
* No creds, no admin certificate - UNAUTHORIZED
* non admin creds, no admin certificate - FORBIDDEN
* admin creds, no admin certificate - FORBIDDEN
* any creds, admin certificate - OK
*
* @throws Exception
*/
@Test
public void testWhitelistApi() throws Exception {
setupWithRestRoles(null);
rh.keystore = "restapi/kirk-keystore.jks";
// No creds, no admin certificate - UNAUTHORIZED
testGetAndPut(HttpStatus.SC_UNAUTHORIZED, false);
// non admin creds, no admin certificate - FORBIDDEN
testGetAndPut(HttpStatus.SC_FORBIDDEN, false, nonAdminCredsHeader);
// admin creds, no admin certificate - FORBIDDEN
testGetAndPut(HttpStatus.SC_FORBIDDEN, false, adminCredsHeader);
// any creds, admin certificate - OK
testGetAndPut(HttpStatus.SC_OK, true, nonAdminCredsHeader);
}
16
Source : OpenDistroSecurityApiAccessTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
@Test
public void testRestApi() throws Exception {
setup();
// test with no cert, must fail
replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
// test with non-admin cert, must fail
rh.keystore = "restapi/node-0-keystore.jks";
rh.sendAdminCertificate = true;
replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
}
16
Source : OpenDistroSecurityApiAccessTest.java
with Apache License 2.0
from opendistro-for-elasticsearch
with Apache License 2.0
from opendistro-for-elasticsearch
@Test
public void testRestApi() throws Exception {
setup();
// test with no cert, must fail
replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
// test with non-admin cert, must fail
rh.keystore = "restapi/node-0-keystore.jks";
rh.sendHTTPClientCertificate = true;
replacedert.replacedertEquals(HttpStatus.SC_UNAUTHORIZED, rh.executeGetRequest("_opendistro/_security/api/internalusers").getStatusCode());
replacedert.replacedertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("_opendistro/_security/api/internalusers", encodeBasicHeader("admin", "admin")).getStatusCode());
}
16
Source : ReleaseControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void check_version_user_is_unauthorization_not_login() {
CheckReleaseVersionParam param = new CheckReleaseVersionParam();
given().contentType(ContentType.JSON).body(param).when().post("/projects/{owner}/{projectName}/releases/check-version", "jack", "project").then().statusCode(HttpStatus.SC_FORBIDDEN).body(equalTo(""));
}
16
Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void updateDependencyAnonymousCanNotUpdate() {
String owner = "jack";
String repoName = "repo1";
String projectName = "project1";
Integer dependencyId = 2;
UpdateDependencyParam param = new UpdateDependencyParam();
given().contentType(ContentType.JSON).body(param).when().put("/repos/{owner}/{repoName}/{projectName}/dependencies/{dependencyId}", owner, repoName, projectName, dependencyId).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : ProjectDependencyControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
// FIXME: 新增依赖需进一步优化,等重构完成后再优化。
@Test
public void addDependencyAnonymousCanNotAdd() {
String owner = "jack";
String repoName = "repo1";
String projectName = "project1";
AddDependencyParam param = new AddDependencyParam();
given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/{projectName}/dependencies", owner, repoName, projectName).then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : PageDesignerControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void update_page_model_anonymous_can_not_update() {
PageModel model = new PageModel();
given().contentType(ContentType.JSON).body(model).when().put("/designer/pages/{pageId}/model", "1").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
16
Source : CommitControllerTest.java
with MIT License
from blocklang
with MIT License
from blocklang
@Test
public void commitAnonymousCanNotCommit() {
CommitMessage param = new CommitMessage();
given().contentType(ContentType.JSON).body(param).when().post("/repos/{owner}/{repoName}/commits", "jack", "repo").then().statusCode(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaResponsesIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessWithNonMatchingConstraintResponse() {
// given
mock(200, "{\n" + " \"result\": {\n" + " \"allow\": false,\n" + " \"abc\": {\n" + " }\n" + " }\n" + "}");
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaResponsesIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccess() {
// given
mock(200, "{\n" + " \"result\": {\n" + " \"allow\": false\n" + " }\n" + " }\n" + "}");
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaResponsesIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseIsBroken() {
// given
mock(500, "");
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaResponsesIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseEmpty() {
// given
// given
mock(200, "");
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessWithConstraints() {
// given
OPA_RULE.mock(onRequest().withHttpMethod(method).withPath(path).deny().withConstraint(new ConstraintModel().addConstraint("customer_is", "1")));
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseIsBroken() {
// given
OPA_RULE.mock(onAnyRequest().serverError());
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccessIfOpaResponseEmpty() {
// given
OPA_RULE.mock(onAnyRequest().emptyResponse());
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
@Retry(5)
public void shouldDenyAccess() {
// given
OPA_RULE.mock(onRequest().withHttpMethod(method).withPath(path).deny());
// when
Response response = doGetRequest();
// then
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : OpaConnectionMisconfiguredIT.java
with MIT License
from SDA-SE
with MIT License
from SDA-SE
@Test
public void shouldDenyAccess() {
Response response = DW.client().target(// NOSONAR
"http://localhost:" + DW.getLocalPort()).path("resources").request().get();
replacedertThat(response.getStatus()).isEqualTo(HttpStatus.SC_FORBIDDEN);
}
15
Source : LogListTest.java
with Apache License 2.0
from personium
with Apache License 2.0
from personium
/**
* アーカイブログファイル一覧取得_Depthヘッダにinfinityを指定した場合に403が返却されること.
*/
@Test
public final void アーカイブログファイル一覧取得_Depthヘッダにinfinityを指定した場合に403が返却されること() {
String body = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + "<D:propfind xmlns:D=\"DAV:\"><D:allprop/></D:propfind>";
Http.request("cell/log-propfind-with-body.txt").with("METHOD", io.personium.common.utils.CommonUtils.HttpMethod.PROPFIND).with("token", AbstractCase.MASTER_TOKEN_NAME).with("cellPath", Setup.TEST_CELL_EVENTLOG).with("collection", ARCHIVE_COLLECTION).with("depth", "infinity").with("body", body).returns().debug().statusCode(HttpStatus.SC_FORBIDDEN);
}
See More Examples