throw new Unauthorized401Exception("Missing authorization header.", requestInfo.getPath(), null); throw new Unauthorized401Exception("Authorization header does not contain Basic", requestInfo.getPath(), authorizationHeader); throw new Unauthorized401Exception( "Malformed Authorization header (not Base64 encoded), caused by: " + ex.toString(), requestInfo.getPath(), authorizationHeader); String[] userDetails = pair.split(":", 2); if (userDetails.length != 2) { throw new Unauthorized401Exception("Malformed Authorization header.", requestInfo.getPath(), authorizationHeader); throw new Unauthorized401Exception("Invalid username or password", requestInfo.getPath(), authorizationHeader);
/** * Performs security validation on the given request {@link RequestInfo} with possibly multiple validations. * * If an endpoint has multiple validators associated with it, it must pass validation with at least one of the * validators. */ @Override public void validateSecureRequestForEndpoint(RequestInfo<?> requestInfo, Endpoint<?> endpoint) { List<RequestSecurityValidator> validators = validationMap.get(endpoint); if (validators == null || validators.isEmpty()) { // if there are no validators for the endpoint, we don't need to validate return; } StringBuilder errorMessages = new StringBuilder("Request failed all auth validation:"); List<Pair<String, String>> extraDetails = new ArrayList<>(); for (RequestSecurityValidator validator : validators) { try { validator.validateSecureRequestForEndpoint(requestInfo, endpoint); return; } catch (Unauthorized401Exception ex) { // move on to the next validator errorMessages.append(validator.getClass().getSimpleName()).append(": ").append(ex.getMessage()) .append(";"); extraDetails.addAll(ex.extraDetailsForLogging); } } throw new Unauthorized401Exception(errorMessages.toString(), requestInfo.getPath(), null, extraDetails); }
@Test(expected = Unauthorized401Exception.class) public void multipleValidatorsFailTest() { setupMultipleEndpointsAndMultipleValidators(); doThrow(new Unauthorized401Exception(null, null, null)).when(innerValidatorOne) .validateSecureRequestForEndpoint(any(RequestInfo.class), any(Endpoint.class)); doThrow(new Unauthorized401Exception(null, null, null)).when(innerValidatorTwo) .validateSecureRequestForEndpoint(any(RequestInfo.class), any(Endpoint.class)); validator.validateSecureRequestForEndpoint(mock(RequestInfo.class), mockEndpoint2); }
@Test public void firstValidatorFailsButSecondPassesRequiredTest() { setupMultipleEndpointsAndMultipleValidators(); doThrow(new Unauthorized401Exception(null, null, null)).when(innerValidatorOne) .validateSecureRequestForEndpoint(any(RequestInfo.class), any(Endpoint.class)); validator.validateSecureRequestForEndpoint(mock(RequestInfo.class), mockEndpoint2); }
@Test(expected = Unauthorized401Exception.class) public void firstAndOnlyValidatorFails() { setupMultipleEndpointsAndMultipleValidators(); doThrow(new Unauthorized401Exception(null, null, null)).when(innerValidatorOne) .validateSecureRequestForEndpoint(any(RequestInfo.class), any(Endpoint.class)); validator.validateSecureRequestForEndpoint(mock(RequestInfo.class), mockEndpoint); }
@Override public void validateSecureRequestForEndpoint(RequestInfo<?> requestInfo, Endpoint<?> endpoint) { requestInfo.addRequestAttribute(SECURITY_VALIDATOR_EXECUTED_HEADER_KEY, true); if ("true".equals(requestInfo.getHeaders().get(FORCE_SECURITY_ERROR_HEADER_KEY))) { requestInfo.addRequestAttribute(SECURITY_VALIDATOR_THREW_ERROR_HEADER_KEY, true); throw new Unauthorized401Exception("Forcing Security Error.", requestInfo.getPath(), null); } else requestInfo.addRequestAttribute(SECURITY_VALIDATOR_THREW_ERROR_HEADER_KEY, false); }
@Test public void should_handle_Unauthorized401Exception() { verifyExceptionHandled(new Unauthorized401Exception("foo", "/bar", "blah"), singletonError(testProjectApiErrors.getUnauthorizedApiError())); }