if(!gadgetAdminStore.checkFeatureAdminInfo(gadget)) { throw new GadgetException(Code.GADGET_ADMIN_FEATURE_NOT_ALLOWED); for(Feature feature : gadgetFeatures) { if(!feature.getRequired() && !gadgetAdminStore.isAllowedFeature(feature, gadget)) {
private void setupMockGadgetAdminStore(boolean isAllowed) { EasyMock.expect(gadgetAdminStore.checkFeatureAdminInfo(EasyMock.isA(Gadget.class))) .andReturn(isAllowed).anyTimes(); EasyMock.expect(gadgetAdminStore.getAdditionalRpcServiceIds(EasyMock.isA(Gadget.class))) .andReturn(Sets.newHashSet(RPC_SERVICE_3)); }
private void setupGadgetAdminMock(boolean isWhitelisted) { expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))) .andReturn(isWhitelisted); }
/** * Gets the set of allowed RPC service ids. * * @param gadget * the gadget to get the service ids for. * @return the set of allowed RPC service ids. */ private Set<String> getRpcServiceIds(Gadget gadget) { GadgetContext context = gadget.getContext(); Set<String> rpcEndpoints = Sets.newHashSet(gadgetAdminStore.getAdditionalRpcServiceIds(gadget)); List<Feature> modulePrefFeatures = gadget.getSpec().getModulePrefs().getAllFeatures(); List<String> featureNames = Lists.newArrayList(); for(Feature feature : modulePrefFeatures) { if(gadgetAdminStore.isAllowedFeature(feature, gadget)) { featureNames.add(feature.getName()); } } try { FeatureRegistry featureRegistry = featureRegistryProvider.get(context.getRepository()); LookupResult result = featureRegistry.getFeatureResources(context, featureRegistry.getFeatures(featureNames), null); List<FeatureBundle> bundles = result.getBundles(); for (FeatureBundle bundle : bundles) { rpcEndpoints.addAll(bundle.getApis(ApiDirective.Type.RPC, false)); } } catch (GadgetException e) { LOG.log(Level.WARNING, "Error getting features from feature registry", e); } return rpcEndpoints; }
@Test(expected = RewritingException.class) public void exceptionWhenFeatureNotAllowed() throws Exception { Gadget gadget = makeDefaultGadget(); reset(gadgetAdminStore); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(false); replay(gadgetAdminStore); rewrite(gadget, BODY_CONTENT); }
(!gadgetAdminStore.isAllowedFeature(feature, gadget))) { continue;
@Test(expected = RewritingException.class) public void exceptionWhenFeatureNotAllowed() throws Exception { Gadget gadget = makeDefaultGadget(); reset(gadgetAdminStore); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(false); replay(gadgetAdminStore); rewrite(gadget, BODY_CONTENT); }
private void setupGadgetAdminMock(boolean isWhitelisted) { expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))) .andReturn(isWhitelisted); }
private Gadget makeGadgetWithSpec(String gadgetXml) throws GadgetException { GadgetSpec spec = new GadgetSpec(SPEC_URL, gadgetXml); Gadget gadget = new Gadget() .setContext(context) .setPreloads(ImmutableList.<PreloadedData>of()) .setSpec(spec) .setCurrentView(spec.getView(GadgetSpec.DEFAULT_VIEW)) .setGadgetFeatureRegistry(featureRegistry); // Convenience: by default expect no features requested, by gadget or extern. // expectFeatureCalls(...) resets featureRegistry if called again. expectFeatureCalls(gadget, ImmutableList.<FeatureResource>of(), ImmutableSet.<String>of(), ImmutableList.<FeatureResource>of()); //Convenience: by default expect that the gadget is allowed to render reset(gadgetAdminStore); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(true); expect(gadgetAdminStore.isAllowedFeature(isA(Feature.class), isA(Gadget.class))) .andReturn(true).anyTimes(); replay(gadgetAdminStore); return gadget; }
private void setupMockGadgetAdminStore(boolean isAllowed) { EasyMock.expect(gadgetAdminStore.checkFeatureAdminInfo(EasyMock.isA(Gadget.class))) .andReturn(isAllowed).anyTimes(); EasyMock.expect(gadgetAdminStore.getAdditionalRpcServiceIds(EasyMock.isA(Gadget.class))) .andReturn(Sets.newHashSet(RPC_SERVICE_3)); }
if(!gadgetAdminStore.checkFeatureAdminInfo(gadget)) { throw new ProcessingException("Gadget is not trusted to render in this container.", HttpResponse.SC_BAD_REQUEST);
if (!gadgetAdminStore.isWhitelisted(container, gadgetUri.toString())) { throw new GadgetException(GadgetException.Code.NON_WHITELISTED_GADGET, "The requested content is unavailable", HttpResponse.SC_FORBIDDEN);
private Gadget makeGadgetWithSpec(String gadgetXml) throws GadgetException { GadgetSpec spec = new GadgetSpec(SPEC_URL, gadgetXml); Gadget gadget = new Gadget() .setContext(context) .setPreloads(ImmutableList.<PreloadedData>of()) .setSpec(spec) .setCurrentView(spec.getView(GadgetSpec.DEFAULT_VIEW)) .setGadgetFeatureRegistry(featureRegistry); // Convenience: by default expect no features requested, by gadget or extern. // expectFeatureCalls(...) resets featureRegistry if called again. expectFeatureCalls(gadget, ImmutableList.<FeatureResource>of(), ImmutableSet.<String>of(), ImmutableList.<FeatureResource>of()); //Convenience: by default expect that the gadget is allowed to render reset(gadgetAdminStore); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(true); expect(gadgetAdminStore.isAllowedFeature(isA(Feature.class), isA(Gadget.class))) .andReturn(true).anyTimes(); replay(gadgetAdminStore); return gadget; }
private void setupGadgetAdminStore() { EasyMock.expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))) .andReturn(true).anyTimes(); EasyMock.expect(gadgetAdminStore.getAdditionalRpcServiceIds(isA(Gadget.class))) .andReturn((Sets.newHashSet(RPC_SERVICE_3))).anyTimes(); }
@Test(expected = ProcessingException.class) public void nonWhitelistedGadgetThrows() throws Exception { expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(false); replay(); processor.process(makeContext("html")); }
Feature denied = mock(Feature.class); expect(denied.getName()).andReturn("hello"); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(true); expect(gadgetAdminStore.isAllowedFeature(eq(denied), isA(Gadget.class))).andReturn(false); replay();
private void setupGadgetAdminStore() { EasyMock.expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))) .andReturn(true).anyTimes(); EasyMock.expect(gadgetAdminStore.getAdditionalRpcServiceIds(isA(Gadget.class))) .andReturn((Sets.newHashSet(RPC_SERVICE_3))).anyTimes(); }
@Test public void whitelistChecked() throws Exception { expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(true); replay(); processor.process(makeContext("url")); }
Feature denied = mock(Feature.class); expect(denied.getName()).andReturn("hello"); expect(gadgetAdminStore.checkFeatureAdminInfo(isA(Gadget.class))).andReturn(true); expect(gadgetAdminStore.isAllowedFeature(eq(denied), isA(Gadget.class))).andReturn(false); replay();
@Test(expected = ProcessingException.class) public void nonWhitelistedGadgetThrows() throws Exception { expect(gadgetAdminStore.isWhitelisted(isA(String.class), isA(String.class))).andReturn(false); replay(); processor.process(makeContext("html")); }