diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/GovernanceConst.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/GovernanceConst.java index 43b2d50ce..482d3bd62 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/GovernanceConst.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/GovernanceConst.java @@ -30,5 +30,9 @@ public class GovernanceConst { public static final String AUTH_API_PATH_WHITELIST = "spring.cloud.servicecomb.webmvc.publicKey.apiPathWhitelist"; + public static final String AUTH_API_PATH_INCLUDE = "spring.cloud.servicecomb.webmvc.publicKey.includePathPatterns"; + + public static final String AUTH_API_PATH_EXCLUDE = "spring.cloud.servicecomb.webmvc.publicKey.excludePathPatterns"; + public static final String CONTEXT_CURRENT_INSTANCE = "x-current-instance"; } diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/MatcherUtils.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/MatcherUtils.java index 7cf8d989c..ea5758c01 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/MatcherUtils.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/MatcherUtils.java @@ -17,6 +17,7 @@ package com.huaweicloud.governance.authentication; +import org.apache.commons.lang3.StringUtils; import org.springframework.core.env.Environment; import com.huaweicloud.governance.GovernanceConst; @@ -34,18 +35,56 @@ public static boolean isPatternMatch(String value, String pattern) { return value.endsWith(pattern.substring(index)); } if (pattern.endsWith("*")) { - return value.startsWith(pattern.substring(0, pattern.length() - 1)); + int index = pattern.length() - 1; + for (int i = pattern.length() - 1; i >= 0; i--) { + if (pattern.charAt(i) != '*' && pattern.charAt(i) != '/') { + break; + } + index--; + } + return value.startsWith(pattern.substring(0, index + 1)); } return value.equals(pattern); } - public static boolean isMatchUriWhitelist(String uri, Environment environment) { - String whiteList = environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, ""); - if (whiteList.isEmpty()) { + /** + * first determine configured non-authentication path is matched requestPath, if match not needed auth. + * second determine whether of configured authentication path, if not configured, default all path need auth; + * if configured, then check whether of matched requestPath, if match needed auth, otherwise not needed auth. + * + * @param requestPath path + * @param env environment + * @return notRequiredAuth + */ + public static boolean isRequiredAuth(String requestPath, Environment env) { + if (excludePathMatchPath(requestPath, env)) { + return false; + } + return includePathMatchPath(requestPath, env); + } + + private static boolean excludePathMatchPath(String requestPath, Environment env) { + String excludePathPattern = env.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, ""); + if (StringUtils.isEmpty(excludePathPattern)) { + excludePathPattern = env.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, ""); + } + if (StringUtils.isEmpty(excludePathPattern)) { return false; } - for (String whiteUri : whiteList.split(",")) { - if (!whiteUri.isEmpty() && MatcherUtils.isPatternMatch(uri, whiteUri)) { + return isPathMather(requestPath, excludePathPattern); + } + + private static boolean includePathMatchPath(String requestPath, Environment env) { + String includePathPattern = env.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, ""); + if (StringUtils.isEmpty(includePathPattern)) { + return true; + } + return isPathMather(requestPath, includePathPattern); + } + + private static boolean isPathMather(String requestPath, String pathPattern) { + for (String pattern : pathPattern.split(",")) { + if (!pattern.isEmpty() && isPatternMatch(requestPath, pattern)) { return true; } } diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxProviderAuthFilter.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxProviderAuthFilter.java index 6f1286603..d8758c6f2 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxProviderAuthFilter.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxProviderAuthFilter.java @@ -53,7 +53,7 @@ public int getOrder() { @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { try { - if (!webFluxRSAProviderAuthManager.checkUriWhitelist(exchange.getRequest().getURI().getPath())) { + if (webFluxRSAProviderAuthManager.isRequiredAuth(exchange.getRequest().getURI().getPath())) { webFluxRSAProviderAuthManager.valid(exchange); } } catch (Exception e) { diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxRSAProviderAuthManager.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxRSAProviderAuthManager.java index 879b38dbc..4e4b4898b 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxRSAProviderAuthManager.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webflux/WebFluxRSAProviderAuthManager.java @@ -92,7 +92,7 @@ public void valid(ServerWebExchange exchange) throws Exception { } } - public boolean checkUriWhitelist(String uri) { - return MatcherUtils.isMatchUriWhitelist(uri, environment); + public boolean isRequiredAuth(String uri) { + return MatcherUtils.isRequiredAuth(uri, environment); } } diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcProviderAuthFilter.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcProviderAuthFilter.java index 0a7e3b01c..7295a9482 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcProviderAuthFilter.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcProviderAuthFilter.java @@ -55,7 +55,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha return; } try { - if (!webMvcRSAProviderAuthManager.checkUriWhitelist(((HttpServletRequest) request).getRequestURI())) { + if (webMvcRSAProviderAuthManager.isRequiredAuth(((HttpServletRequest) request).getRequestURI())) { webMvcRSAProviderAuthManager.valid((HttpServletRequest) request); } chain.doFilter(request, response); diff --git a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcRSAProviderAuthManager.java b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcRSAProviderAuthManager.java index eaa5ffa9c..5764b5d0a 100644 --- a/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcRSAProviderAuthManager.java +++ b/spring-cloud-huawei-governance/src/main/java/com/huaweicloud/governance/authentication/webmvc/WebMvcRSAProviderAuthManager.java @@ -90,7 +90,7 @@ public void valid(HttpServletRequest request) throws Exception { } } - public boolean checkUriWhitelist(String uri) { - return MatcherUtils.isMatchUriWhitelist(uri, environment); + public boolean isRequiredAuth(String uri) { + return MatcherUtils.isRequiredAuth(uri, environment); } } diff --git a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebFluxRSAProviderAuthManagerTest.java b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebFluxRSAProviderAuthManagerTest.java index 3a18c23c4..44f2ec110 100644 --- a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebFluxRSAProviderAuthManagerTest.java +++ b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebFluxRSAProviderAuthManagerTest.java @@ -35,47 +35,193 @@ public class WebFluxRSAProviderAuthManagerTest { public void testCheckUriWhitelistPrefixMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("*/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + } + + @Test + public void testCheckUriExcludePrefixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistPrefixSlashMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/*/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } + + @Test + public void testCheckUriExcludePrefixSlashMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixSlashMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + @Test public void testCheckUriWhitelistPrefixNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("*/whitelist"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/query")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/query")); + clearEnv(); + } + + @Test + public void testCheckUriExcludePrefixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/query")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/query")); + clearEnv(); } @Test public void testCheckUriWhitelistSuffixMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/*"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeSuffixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/*"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeSuffixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/*"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistSuffixNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/apg/*"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeSuffixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/apg/*"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeSuffixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/apg/*"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistEqualMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/check/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeEqualMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeEqualMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistEqualNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/check/white"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeEqualNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeEqualNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriAllNotSet() { + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + } + + /** + * include and exclude both math url, no auth + */ + @Test + public void testCheckUriBothMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/white")); + clearEnv(); + } + + private void clearEnv() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn(""); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn(""); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) + .thenReturn(""); } } diff --git a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebMvcRSAProviderAuthManagerTest.java b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebMvcRSAProviderAuthManagerTest.java index 44b059e63..cad22ad7b 100644 --- a/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebMvcRSAProviderAuthManagerTest.java +++ b/spring-cloud-huawei-governance/src/test/java/com/huaweicloud/governance/authentication/securityPolicy/WebMvcRSAProviderAuthManagerTest.java @@ -35,47 +35,193 @@ public class WebMvcRSAProviderAuthManagerTest { public void testCheckUriWhitelistPrefixMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("*/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + } + + @Test + public void testCheckUriExcludePrefixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistPrefixSlashMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/*/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } + + @Test + public void testCheckUriExcludePrefixSlashMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixSlashMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + @Test public void testCheckUriWhitelistPrefixNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("*/whitelist"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/query")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/query")); + clearEnv(); + } + + @Test + public void testCheckUriExcludePrefixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/query")); + clearEnv(); + } + + @Test + public void testCheckUriIncludePrefixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("*/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/query")); + clearEnv(); } @Test public void testCheckUriWhitelistSuffixMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/*"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeSuffixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/*"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeSuffixMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/*"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistSuffixNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/apg/*"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeSuffixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/apg/*"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeSuffixNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/apg/*"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistEqualMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/check/whitelist"); - Assertions.assertTrue(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeEqualMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/whitelist"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeEqualMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/whitelist"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); } @Test public void testCheckUriWhitelistEqualNotMatch() { Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) .thenReturn("/api/check/white"); - Assertions.assertFalse(manager.checkUriWhitelist("/api/check/whitelist")); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriExcludeEqualNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriIncludeEqualNotMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/whitelist")); + clearEnv(); + } + + @Test + public void testCheckUriAllNotSet() { + Assertions.assertTrue(manager.isRequiredAuth("/api/check/whitelist")); + } + + /** + * include and exclude both math url, no auth + */ + @Test + public void testCheckUriBothMatch() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn("/api/check/white"); + Assertions.assertFalse(manager.isRequiredAuth("/api/check/white")); + clearEnv(); + } + + private void clearEnv() { + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_INCLUDE, String.class, "")) + .thenReturn(""); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_EXCLUDE, String.class, "")) + .thenReturn(""); + Mockito.when(environment.getProperty(GovernanceConst.AUTH_API_PATH_WHITELIST, String.class, "")) + .thenReturn(""); } }