Skip to content

SDA Commons Server Auth Testing

javadoc

This module provides support for testing applications that are secured with sda-commons-server-auth. To use the support, this module has to be added as dependency:

1
testCompile 'org.sdase.commons:sda-commons-server-auth-testing:<current-version>'

Auth Extension

The AuthClassExtension puts the AuthConfig in an environment variable named AUTH_KEYS (for backwards compatibility). The configuration in the test needs to use this property and the application is required to use the ConfigurationSubstitutionBundle from sda-commons-server-dropwizard:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
public class MyApp extends Application<MyConfig> {

   @Override
   public void initialize(Bootstrap<MyConfig> bootstrap) {
      bootstrap.addBundle(ConfigurationSubstitutionBundle.builder().build());
      bootstrap.addBundle(AuthBundle.builder().withAuthConfigProvider(MyConfig::getAuth).build());
   }

   @Override
   public void run(MyConfig configuration, Environment environment) {
      // ...
   }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# test-config.yaml
server:
  applicationConnectors:
  - type: http
    port: 0
  adminConnectors:
  - type: http
    port: 0

# The configuration of the test auth bundle is injected here
auth: ${AUTH_CONFIG_KEYS}

To implement the test, the AuthClassExtension has to be initialized before the DropwizardAppExtension:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
class AuthClassExtensionIT {

  @Order(0)
  @RegisterExtension 
  static final AuthClassExtension AUTH = AuthClassExtension.builder().build();

  @Order(1)
  @RegisterExtension
  static final DropwizardAppExtension<AuthTestConfig> DW =
      new DropwizardAppExtension<>(
          AuthTestApp.class, ResourceHelpers.resourceFilePath("test-config.yaml"));
   // @Test
}

The AuthClassExtension provides functions to generate a valid token that matches to the auth configuration in tests. 

1
2
3
4
5
6
7
8
   Response response = createWebTarget()
            .path("/secure")
            .request(APPLICATION_JSON)
            .headers(AUTH.auth()   
                  .addClaim("test", "testClaim")
                  .addClaims(singletonMap("mapKey", "testClaimFromMap"))
                  .buildAuthHeader())  // creates a valid Authorization header with a valid JWT 
            .get();

Examples can be found in the test source branch of the module sda-commons-server-auth-testing. There is

OPA Extension

The Junit 5 OPA Extension is built around WireMock. The mock can be configured via the extension.

To implement a test with an OPA Mock, the OpaClassExtension has to be initialized before DropwizardAppExtension implicitly by field declaration order or explicitly with a @Order(N).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
public class OpaIT {

  @Order(0)
  @RegisterExtension
  static final OpaClassExtension OPA_EXTENSION = new OpaClassExtension();

  @Order(1)
  @RegisterExtension
  static final DropwizardAppExtension<OpaBundeTestAppConfiguration> DW =
         new DropwizardAppExtension<>(
                  OpaBundleTestApp.class,
                  ResourceHelpers.resourceFilePath("test-opa-config.yaml"),
                  ConfigOverride.config("opa.baseUrl", OPA_EXTENSION::getUrl));

   // @Test
}

To control the OPA mock behavior, the following API is provided 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
 // allow access to a given httpMethod/path combination
 OPA_EXTENSION.mock(onRequest().withHttpMethod(httpMethod).withPath(path).allow());
 // allow access to a given httpMethod/path/jwt combination
 OPA_EXTENSION.mock(onRequest().withHttpMethod(httpMethod).withPath(path).withJwt(jwt).allow());
 // deny access to a given httpMethod/path combination
 OPA_EXTENSION.mock(onRequest().withHttpMethod(httpMethod).withPath(path).deny());
 // allow access to a given httpMethod/path combination with constraint
 OPA_EXTENSION.mock(onRequest().withHttpMethod(httpMethod).withPath(path).allow().withConstraint(new ConstraintModel(...)));
 // the response is returned for all requests, if no more specific mock is configured
 OPA_EXTENSION.mock(onAnyRequest().answer(new OpaResponse(...)));

 // the same options are available for any requests if no more specific mock is configured
 OPA_EXTENSION.mock(onAnyRequest().allow());
 OPA_EXTENSION.mock(onAnyRequest().answer(new OpaResponse(...)));

 // It is possible to verify of the OPA has been invoked with parameters for the resource 
 // defined by the path and the httpMethod
 verify(int count, String httpMethod, String path)
 // it is also possible to check against a builder instance
 OPA_EXTENSION.verify(1, onRequest().withHttpMethod(httpMethod).withPath(path).withJwt(jwt));

Examples can be found in the test source branch of the module sda-commons-server-auth-testing. There is

Example with activated AUTH and OPA bundle can be found here: - Example app - Test