Added authentication to metadata controller (issue #38) & updated search
krill error handling

Change-Id: I2937de0223561246c3af078e9ada1258e4fae7d2
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 24dcb47..2a5a045 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -46,7 +46,7 @@
 ## availability regex
 ## only support |
 availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO.NC
+availability.regex.public = ACA.*|QAO.NC
 availability.regex.all = QAO.*
 
 ## options referring to the security module!
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
index c6e0961..6209b23 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
@@ -14,6 +14,7 @@
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
 public class MatchInfoControllerTest extends SpringJerseyTest {
@@ -21,9 +22,10 @@
     @Test
     public void testGetMatchInfoPublicCorpus () throws KustvaktException {
 
-        ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
-                .path("AGA").path("01784").path("p36-100").path("matchInfo")
-                .queryParam("foundry", "*").get(ClientResponse.class);
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGA").path("01784").path("p36-100")
+                .path("matchInfo").queryParam("foundry", "*")
+                .get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -43,19 +45,20 @@
     @Test
     public void testGetMatchInfoNotAllowed () throws KustvaktException {
 
-        ClientResponse response =
-                resource().path(API_VERSION).path("corpus").path("GOE").path("AGI").path("04846")
-                        .path("p36875-36876").path("matchInfo")
-                        .queryParam("foundry", "*").get(ClientResponse.class);
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846").path("p36875-36876")
+                .path("matchInfo").queryParam("foundry", "*")
+                .get(ClientResponse.class);
 
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+        assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
                 response.getStatus());
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
 
-        assertEquals("1003", node.at("/errors/0/0").asText());
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
         assertEquals(
-                "Retrieving match info with ID "
+                "Retrieving resource with ID "
                         + "match-GOE/AGI/04846-p36875-36876 is not allowed.",
                 node.at("/errors/0/1").asText());
         assertTrue(node.at("/snippet").isMissingNode());
@@ -63,8 +66,8 @@
 
     @Test
     public void testGetMatchInfoWithAuthentication () throws KustvaktException {
-        ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
-                .path("AGI").path("04846").path("p36875-36876")
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846").path("p36875-36876")
                 .path("matchInfo").queryParam("foundry", "*")
                 .header(Attributes.AUTHORIZATION,
                         HttpAuthorizationHandler
@@ -91,4 +94,39 @@
                         + "<span class=\"match\">"));
         assertEquals("QAO-NC-LOC:ids", node.at("/availability").asText());
     }
+
+    @Test
+    public void testAvailabilityAll () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGD").path("00000").path("p75-76")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testAvailabilityAllUnauthorized () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGD").path("00000").path("p75-76")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+                .get(ClientResponse.class);
+
+        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "match-GOE/AGD/00000-p75-76 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
new file mode 100644
index 0000000..fb083bd
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
@@ -0,0 +1,107 @@
+package de.ids_mannheim.korap.web.controller;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.common.net.HttpHeaders;
+import com.sun.jersey.api.client.ClientResponse;
+
+import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.JsonUtils;
+
+public class MetadataControllerTest extends SpringJerseyTest {
+
+    @Test
+    public void testFreeMetadata () throws KustvaktException {
+
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGA").path("01784")
+                .queryParam("foundry", "*").get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+
+        assertTrue(!node.at("/document").isMissingNode());
+
+    }
+
+    @Test
+    public void testMetadataUnauthorized () throws KustvaktException {
+
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846")
+                .queryParam("foundry", "*").get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
+                response.getStatus());
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "GOE/AGI/04846 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
+
+    @Test
+    public void testMetadataWithAuthentication () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testMetadataAvailabilityAll () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("00000")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testMetadataAvailabilityAllUnauthorized ()
+            throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("00000")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+                .get(ClientResponse.class);
+
+        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "GOE/AGI/00000 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 7587bc9..a4f8467 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -46,7 +46,7 @@
 ## availability regex
 ## only support |
 availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO-NC
+availability.regex.public = ACA.*|QAO-NC
 availability.regex.all = QAO.*
 
 ## options referring to the security module!