diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-03-10 15:40:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-10 15:40:30 +0100 |
commit | ece3c839ccbba33f90a025b26a53fdb393492179 (patch) | |
tree | 37830b012591a22fb61d6f68af918b7a3c3c39ac /jdisc-security-filters/src/test/java/com | |
parent | 895ebeef7760eca90fb84343803690fd9ba63b8f (diff) | |
parent | c285be743f0bb43b1b05fe503bdf25d7a5f5d43a (diff) |
Merge pull request #12466 from vespa-engine/bjorncs/improve-error-message
Improve error message on when all allowed credentials are missing
Diffstat (limited to 'jdisc-security-filters/src/test/java/com')
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 74d09234902..e8da5fab2e2 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -36,6 +36,7 @@ import static com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFil import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.SubjectAlternativeName.Type.RFC822_NAME; import static com.yahoo.vespa.athenz.zpe.AuthorizationResult.Type; +import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; @@ -110,6 +111,8 @@ public class AthenzAuthorizationFilterTest { filter.filter(request, responseHandler); assertStatusCode(responseHandler, 401); + assertErrorMessage(responseHandler, "Not authorized - request did not contain any of the allowed credentials: " + + "[Athenz X.509 role certificate, Athenz access token with X.509 identity certificate]"); } @Test @@ -186,6 +189,13 @@ public class AthenzAuthorizationFilterTest { verify(request).setAttribute(MATCHED_ROLE_ATTRIBUTE, role.roleName()); } + private static void assertErrorMessage(MockResponseHandler responseHandler, String errorMessage) { + Response response = responseHandler.getResponse(); + assertThat(response, notNullValue()); + String content = responseHandler.readAll(); + assertThat(content, containsString(errorMessage)); + } + private static class AllowingZpe implements Zpe { @Override |