[eclipse-ditto#926] review: added unit test for OAuthTokenIntegration…

…SubjectIdFactory * added some javadoc fixes Signed-off-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
bosch-io · Jan 13, 2021 · 510640f · 510640f
1 parent 850f995
commit 510640f
Show file tree

Hide file tree

Showing 10 changed files with 69 additions and 22 deletions.
diff --git a/...l/placeholders/src/main/java/org/eclipse/ditto/model/placeholders/ExpressionResolver.java b/...l/placeholders/src/main/java/org/eclipse/ditto/model/placeholders/ExpressionResolver.java
@@ -69,6 +69,7 @@ default PipelineElement resolve(final String expressionTemplate) {
      * @return the resolved String, a signifier for resolution failure, or one for deletion.
      * @throws PlaceholderFunctionTooComplexException thrown if the {@code expressionTemplate} contains a placeholder
      * function chain which is too complex (e.g. too much chained function calls)
+     * @since 2.0.0
      */
     default String resolvePartially(final String expressionTemplate) {
         return ExpressionResolver.substitute(expressionTemplate, expression -> {

diff --git a/model/policies/src/main/java/org/eclipse/ditto/model/policies/ImmutableSubjectId.java b/model/policies/src/main/java/org/eclipse/ditto/model/policies/ImmutableSubjectId.java
@@ -84,6 +84,8 @@ public static SubjectId of(final CharSequence subjectIssuerWithId) {
 
         if (Placeholders.containsAnyPlaceholder(subjectIssuerWithId)) {
             // in case of placeholders, just use the whole input as subject, use an empty issuer
+            //  reason: the placeholder contains a ":" which would conflict with the ISSUE_DELIMITER separating the
+            //  issuer fom the subject
             return of(EMPTY_ISSUER, subjectIssuerWithId);
         }
 

diff --git a/...ipse/ditto/services/gateway/endpoints/directives/auth/GatewayAuthenticationDirective.java b/...ipse/ditto/services/gateway/endpoints/directives/auth/GatewayAuthenticationDirective.java
@@ -20,7 +20,6 @@
 
 import org.eclipse.ditto.model.base.exceptions.DittoRuntimeException;
 import org.eclipse.ditto.model.base.headers.DittoHeaders;
-import org.eclipse.ditto.model.base.headers.DittoHeadersBuilder;
 import org.eclipse.ditto.services.gateway.security.authentication.AuthenticationChain;
 import org.eclipse.ditto.services.gateway.security.authentication.AuthenticationResult;
 import org.eclipse.ditto.services.utils.akka.logging.DittoLogger;
@@ -74,7 +73,7 @@ public GatewayAuthenticationDirective(final AuthenticationChain authenticationCh
      * Depending on the request headers, one of the supported authentication mechanisms is applied.
      *
      * @param dittoHeaders the DittoHeaders containing already gathered context information.
-     * @param inner the inner route which will be wrapped with the {@link org.eclipse.ditto.model.base.headers.DittoHeaders}.
+     * @param inner the inner route which will be wrapped with the {@link DittoHeaders}.
      * @return the inner route.
      */
     public Route authenticate(final DittoHeaders dittoHeaders, final Function<AuthenticationResult, Route> inner) {

diff --git a/...se/ditto/services/gateway/endpoints/routes/policies/TokenIntegrationSubjectIdFactory.java b/...se/ditto/services/gateway/endpoints/routes/policies/TokenIntegrationSubjectIdFactory.java
@@ -28,6 +28,6 @@ public interface TokenIntegrationSubjectIdFactory {
      * @param jwt the JWT.
      * @return the computed subject ID.
      */
-    SubjectId getSubjectId(final DittoHeaders dittoHeaders, final JsonWebToken jwt);
+    SubjectId getSubjectId(DittoHeaders dittoHeaders, JsonWebToken jwt);
 
 }
diff --git a/...services/gateway/endpoints/routes/policies/OAuthTokenIntegrationSubjectIdFactoryTest.java b/...services/gateway/endpoints/routes/policies/OAuthTokenIntegrationSubjectIdFactoryTest.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2021 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.ditto.services.gateway.endpoints.routes.policies;
+
+import org.assertj.core.api.Assertions;
+import org.eclipse.ditto.model.base.headers.DittoHeaders;
+import org.eclipse.ditto.model.policies.SubjectId;
+import org.eclipse.ditto.services.gateway.util.config.security.DefaultOAuthConfig;
+import org.junit.Test;
+
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
+
+/**
+ * Unit tests for {@link OAuthTokenIntegrationSubjectIdFactory}.
+ */
+public class OAuthTokenIntegrationSubjectIdFactoryTest {
+
+    @Test
+    public void resolveSubjectId() {
+        final String subjectPattern = "{{jwt:iss}}:static-part:{{jwt:sub}}:{{header:owner}}";
+        final OAuthTokenIntegrationSubjectIdFactory sut = createSut(subjectPattern);
+        final DittoHeaders dittoHeaders = DittoHeaders.newBuilder()
+                .putHeader("owner", "Ditto")
+                .build();
+        final SubjectId subjectId = sut.getSubjectId(dittoHeaders, new DummyJwt());
+        Assertions.assertThat(subjectId.getIssuer()).hasToString("dummy-issuer");
+        Assertions.assertThat(subjectId).hasToString("dummy-issuer:static-part:dummy-subject:Ditto");
+    }
+
+    @Test
+    public void resolveSubjectIdWithUnresolvedPlaceholder() {
+        final String subjectPattern = "{{jwt:iss}}:{{policy-entry:label}}:{{jwt:sub}}:{{header:my-custom-header}}";
+        final OAuthTokenIntegrationSubjectIdFactory sut = createSut(subjectPattern);
+        final DittoHeaders dittoHeaders = DittoHeaders.newBuilder()
+                .putHeader("my-custom-header", "foo")
+                .build();
+        final SubjectId subjectId = sut.getSubjectId(dittoHeaders, new DummyJwt());
+        Assertions.assertThat(subjectId).hasToString("dummy-issuer:{{policy-entry:label}}:dummy-subject:foo");
+    }
+
+    private static OAuthTokenIntegrationSubjectIdFactory createSut(final String subjectPattern) {
+        final DefaultOAuthConfig oAuthConfig = DefaultOAuthConfig.of(
+                ConfigFactory.empty().withValue("oauth.token-integration-subject",
+                        ConfigValueFactory.fromAnyRef(subjectPattern)));
+        return OAuthTokenIntegrationSubjectIdFactory.of(oAuthConfig);
+    }
+}
diff --git a/...java/org/eclipse/ditto/services/gateway/security/authentication/AuthenticationResult.java b/...java/org/eclipse/ditto/services/gateway/security/authentication/AuthenticationResult.java
@@ -12,8 +12,6 @@
  */
 package org.eclipse.ditto.services.gateway.security.authentication;
 
-import javax.annotation.Nullable;
-
 import org.eclipse.ditto.model.base.auth.AuthorizationContext;
 import org.eclipse.ditto.model.base.headers.DittoHeaders;
 

diff --git a/...se/ditto/services/gateway/security/authentication/jwt/DefaultJwtAuthenticationResult.java b/...se/ditto/services/gateway/security/authentication/jwt/DefaultJwtAuthenticationResult.java
@@ -23,7 +23,7 @@
 import org.eclipse.ditto.services.gateway.security.authentication.AbstractAuthenticationResult;
 
 /**
- * Implementation of JwtAuthenticationResult.
+ * Implementation of {@link JwtAuthenticationResult}.
  */
 final class DefaultJwtAuthenticationResult extends AbstractAuthenticationResult implements JwtAuthenticationResult {
 

diff --git a/...g/eclipse/ditto/services/gateway/security/authentication/jwt/JwtAuthenticationResult.java b/...g/eclipse/ditto/services/gateway/security/authentication/jwt/JwtAuthenticationResult.java
@@ -22,7 +22,7 @@
 import org.eclipse.ditto.services.gateway.security.authentication.AuthenticationResult;
 
 /**
- * The result of JWT authentication.
+ * The result of a JWT authentication.
  */
 public interface JwtAuthenticationResult extends AuthenticationResult {
 
@@ -34,19 +34,6 @@ public interface JwtAuthenticationResult extends AuthenticationResult {
      */
     Optional<JsonWebToken> getJwt();
 
-    @Override
-    boolean isSuccess();
-
-    @Override
-    AuthorizationContext getAuthorizationContext();
-
-    @Override
-    DittoHeaders getDittoHeaders();
-
-    @Override
-    Throwable getReasonOfFailure();
-
-
     /**
      * Initializes a successful authentication result with a JWT.
      *

diff --git a/...n/java/org/eclipse/ditto/services/gateway/security/authentication/jwt/JwtPlaceholder.java b/...n/java/org/eclipse/ditto/services/gateway/security/authentication/jwt/JwtPlaceholder.java
@@ -29,6 +29,8 @@ public final class JwtPlaceholder implements Placeholder<JsonWebToken> {
 
     private static final JwtPlaceholder INSTANCE = new JwtPlaceholder();
 
+    private static final String PREFIX = "jwt";
+
     /**
      * Get the instance of {@code JwtPlaceholder}.
      *
@@ -40,7 +42,7 @@ public static JwtPlaceholder getInstance() {
 
     @Override
     public String getPrefix() {
-        return "jwt";
+        return PREFIX;
     }
 
     @Override

diff --git a/...main/java/org/eclipse/ditto/services/gateway/util/config/security/DefaultOAuthConfig.java b/...main/java/org/eclipse/ditto/services/gateway/util/config/security/DefaultOAuthConfig.java
@@ -115,7 +115,7 @@ public int hashCode() {
     @Override
     public String toString() {
         return getClass().getSimpleName() + " [" +
-                ", protocol=" + protocol +
+                "protocol=" + protocol +
                 ", openIdConnectIssuers=" + openIdConnectIssuers +
                 ", openIdConnectIssuersExtension=" + openIdConnectIssuersExtension +
                 ", tokenIntegrationSubject=" + tokenIntegrationSubject +