Added authentication to metadata controller (issue #38) & updated search
krill error handling
Change-Id: I2937de0223561246c3af078e9ada1258e4fae7d2
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 24dcb47..2a5a045 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -46,7 +46,7 @@
## availability regex
## only support |
availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO.NC
+availability.regex.public = ACA.*|QAO.NC
availability.regex.all = QAO.*
## options referring to the security module!
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
index c6e0961..6209b23 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
@@ -14,6 +14,7 @@
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.SpringJerseyTest;
import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.utils.JsonUtils;
public class MatchInfoControllerTest extends SpringJerseyTest {
@@ -21,9 +22,10 @@
@Test
public void testGetMatchInfoPublicCorpus () throws KustvaktException {
- ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
- .path("AGA").path("01784").path("p36-100").path("matchInfo")
- .queryParam("foundry", "*").get(ClientResponse.class);
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGA").path("01784").path("p36-100")
+ .path("matchInfo").queryParam("foundry", "*")
+ .get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -43,19 +45,20 @@
@Test
public void testGetMatchInfoNotAllowed () throws KustvaktException {
- ClientResponse response =
- resource().path(API_VERSION).path("corpus").path("GOE").path("AGI").path("04846")
- .path("p36875-36876").path("matchInfo")
- .queryParam("foundry", "*").get(ClientResponse.class);
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("04846").path("p36875-36876")
+ .path("matchInfo").queryParam("foundry", "*")
+ .get(ClientResponse.class);
- assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
response.getStatus());
String entity = response.getEntity(String.class);
JsonNode node = JsonUtils.readTree(entity);
- assertEquals("1003", node.at("/errors/0/0").asText());
+ assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+ node.at("/errors/0/0").asInt());
assertEquals(
- "Retrieving match info with ID "
+ "Retrieving resource with ID "
+ "match-GOE/AGI/04846-p36875-36876 is not allowed.",
node.at("/errors/0/1").asText());
assertTrue(node.at("/snippet").isMissingNode());
@@ -63,8 +66,8 @@
@Test
public void testGetMatchInfoWithAuthentication () throws KustvaktException {
- ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
- .path("AGI").path("04846").path("p36875-36876")
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("04846").path("p36875-36876")
.path("matchInfo").queryParam("foundry", "*")
.header(Attributes.AUTHORIZATION,
HttpAuthorizationHandler
@@ -91,4 +94,39 @@
+ "<span class=\"match\">"));
assertEquals("QAO-NC-LOC:ids", node.at("/availability").asText());
}
+
+ @Test
+ public void testAvailabilityAll () throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGD").path("00000").path("p75-76")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue("kustvakt",
+ "kustvakt2015"))
+ .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+ .get(ClientResponse.class);
+
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ }
+
+ @Test
+ public void testAvailabilityAllUnauthorized () throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGD").path("00000").path("p75-76")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue("kustvakt",
+ "kustvakt2015"))
+ .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+ .get(ClientResponse.class);
+
+ JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+ assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+ node.at("/errors/0/0").asInt());
+ assertEquals(
+ "Retrieving resource with ID "
+ + "match-GOE/AGD/00000-p75-76 is not allowed.",
+ node.at("/errors/0/1").asText());
+ }
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
new file mode 100644
index 0000000..fb083bd
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
@@ -0,0 +1,107 @@
+package de.ids_mannheim.korap.web.controller;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.common.net.HttpHeaders;
+import com.sun.jersey.api.client.ClientResponse;
+
+import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.JsonUtils;
+
+public class MetadataControllerTest extends SpringJerseyTest {
+
+ @Test
+ public void testFreeMetadata () throws KustvaktException {
+
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGA").path("01784")
+ .queryParam("foundry", "*").get(ClientResponse.class);
+
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ String entity = response.getEntity(String.class);
+ JsonNode node = JsonUtils.readTree(entity);
+
+ assertTrue(!node.at("/document").isMissingNode());
+
+ }
+
+ @Test
+ public void testMetadataUnauthorized () throws KustvaktException {
+
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("04846")
+ .queryParam("foundry", "*").get(ClientResponse.class);
+
+ assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
+ response.getStatus());
+ String entity = response.getEntity(String.class);
+ JsonNode node = JsonUtils.readTree(entity);
+
+ assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+ node.at("/errors/0/0").asInt());
+ assertEquals(
+ "Retrieving resource with ID "
+ + "GOE/AGI/04846 is not allowed.",
+ node.at("/errors/0/1").asText());
+ }
+
+ @Test
+ public void testMetadataWithAuthentication () throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("04846")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue("kustvakt",
+ "kustvakt2015"))
+ .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
+ .get(ClientResponse.class);
+
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ }
+
+ @Test
+ public void testMetadataAvailabilityAll () throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("00000")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue("kustvakt",
+ "kustvakt2015"))
+ .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+ .get(ClientResponse.class);
+
+ assertEquals(ClientResponse.Status.OK.getStatusCode(),
+ response.getStatus());
+ }
+
+ @Test
+ public void testMetadataAvailabilityAllUnauthorized ()
+ throws KustvaktException {
+ ClientResponse response = resource().path(API_VERSION).path("corpus")
+ .path("GOE").path("AGI").path("00000")
+ .header(Attributes.AUTHORIZATION,
+ HttpAuthorizationHandler
+ .createBasicAuthorizationHeaderValue("kustvakt",
+ "kustvakt2015"))
+ .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+ .get(ClientResponse.class);
+
+ JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+ assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+ node.at("/errors/0/0").asInt());
+ assertEquals(
+ "Retrieving resource with ID "
+ + "GOE/AGI/00000 is not allowed.",
+ node.at("/errors/0/1").asText());
+ }
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 7587bc9..a4f8467 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -46,7 +46,7 @@
## availability regex
## only support |
availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO-NC
+availability.regex.public = ACA.*|QAO-NC
availability.regex.all = QAO.*
## options referring to the security module!