-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
json headers - organization as json payload is not transmitted fix
still in a WIP state, only providing the integration test revealing the bug.
- Loading branch information
Showing
3 changed files
with
122 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74 changes: 74 additions & 0 deletions
74
.../src/test/java/org/georchestra/gateway/security/ResolveGeorchestraUserGlobalFilterIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package org.georchestra.gateway.security; | ||
|
||
import org.georchestra.gateway.accounts.events.rabbitmq.RabbitmqAccountCreatedEventSender; | ||
import org.georchestra.gateway.app.GeorchestraGatewayApplication; | ||
import org.georchestra.gateway.filter.headers.providers.JsonPayloadHeadersContributor; | ||
import org.georchestra.testcontainers.ldap.GeorchestraLdapContainer; | ||
import org.hamcrest.Matchers; | ||
import org.junit.jupiter.api.AfterAll; | ||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.Test; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient; | ||
import org.springframework.boot.test.context.SpringBootTest; | ||
import org.springframework.context.ApplicationContext; | ||
import org.springframework.test.context.ActiveProfiles; | ||
import org.springframework.test.web.reactive.server.WebTestClient; | ||
import org.testcontainers.Testcontainers; | ||
import org.testcontainers.containers.GenericContainer; | ||
import org.testcontainers.utility.DockerImageName; | ||
|
||
import java.util.Arrays; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
import static org.junit.jupiter.api.Assertions.assertNotNull; | ||
|
||
@SpringBootTest(classes = GeorchestraGatewayApplication.class) | ||
@AutoConfigureWebTestClient(timeout = "PT20S") | ||
@ActiveProfiles("georheaders") | ||
public class ResolveGeorchestraUserGlobalFilterIT { | ||
|
||
public static GeorchestraLdapContainer ldap = new GeorchestraLdapContainer(); | ||
|
||
private @Autowired WebTestClient testClient; | ||
|
||
private @Autowired ApplicationContext context; | ||
|
||
public static GenericContainer httpEcho = new GenericContainer( | ||
DockerImageName.parse("ealen/echo-server") | ||
) { | ||
@Override | ||
protected void doStart() { | ||
super.doStart(); | ||
Integer mappedPort = this.getMappedPort(80); | ||
System.setProperty("httpEchoHost", this.getHost()); | ||
System.setProperty("httpEchoPort", mappedPort.toString()); | ||
System.out.println("Automatically set system property httpEchoHost=" + this.getHost()); | ||
System.out.println("Automatically set system property httpEchoPort=" + mappedPort); | ||
} | ||
}; | ||
|
||
public static @BeforeAll void startUpContainers() { | ||
httpEcho.setExposedPorts(Arrays.asList(new Integer[]{ 80 })); | ||
httpEcho.start(); | ||
ldap.start(); | ||
} | ||
|
||
public static @AfterAll void shutDownContainers() { | ||
ldap.stop(); | ||
httpEcho.stop(); | ||
} | ||
|
||
public @Test void testReceivedHeadersAsJson() { | ||
assertNotNull(context.getBean(JsonPayloadHeadersContributor.class)); | ||
|
||
testClient.get().uri("/echo/")// | ||
.header("Authorization", "Basic dGVzdGFkbWluOnRlc3RhZG1pbg==") // testadmin:testadmin | ||
.exchange()// | ||
.expectStatus()// | ||
.is2xxSuccessful()// | ||
.expectBody()// | ||
.jsonPath(".request.headers.sec-user").exists() | ||
.jsonPath(".request.headers.sec-organization").exists(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
georchestra: | ||
gateway: | ||
default-headers: | ||
# Default security headers to append to proxied requests | ||
proxy: true | ||
username: true | ||
roles: true | ||
org: true | ||
orgname: true | ||
jsonUser: true | ||
jsonOrganization: true | ||
security: | ||
ldap: | ||
default: | ||
enabled: true | ||
extended: true | ||
url: ldap://${ldapHost}:${ldapPort}/ | ||
baseDn: dc=georchestra,dc=org | ||
adminDn: cn=admin,dc=georchestra,dc=org | ||
adminPassword: secret | ||
users: | ||
rdn: ou=users | ||
searchFilter: (uid={0}) | ||
pendingUsersSearchBaseDN: ou=pendingusers | ||
protectedUsers: geoserver_privileged_user | ||
roles: | ||
rdn: ou=roles | ||
searchFilter: (member={0}) | ||
protectedRoles: ADMINISTRATOR, EXTRACTORAPP, GN_.*, ORGADMIN, REFERENT, USER, SUPERUSER | ||
orgs: | ||
rdn: ou=orgs | ||
orgTypes: Association,Company,NGO,Individual,Other | ||
pendingOrgSearchBaseDN: ou=pendingorgs | ||
services: | ||
echo: | ||
target: http://${httpEchoHost}:${httpEchoPort} | ||
access-rules: | ||
- intercept-url: /echo/** | ||
anonymous: false | ||
spring: | ||
cloud: | ||
gateway: | ||
routes: | ||
- id: echo | ||
uri: http://${httpEchoHost}:${httpEchoPort} | ||
predicates: | ||
- Path=/echo/ |