diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-02 14:16:26 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-02 14:16:26 +0100 |
commit | 0293e14257ceb63370fb48df89ab740569a6fff6 (patch) | |
tree | 23e720a77958c0af4503f894ba185f7aca562880 /jdisc-security-filters | |
parent | 6b1cc96cb17d327509543f1589c0d824d0699d1b (diff) |
Test that access token is ignored when client has role certificate
Diffstat (limited to 'jdisc-security-filters')
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 429f02ab42f..bfe02d1f279 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -225,6 +225,20 @@ public class AthenzAuthorizationFilterTest { assertMetrics(metric, ACCEPTED_METRIC_NAME, Map.of("authz-required", "true")); } + @Test + public void ignores_access_token_if_client_has_role_certificate() { + AthenzAuthorizationFilter filter = createFilter(new AllowingZpe(), List.of()); + + MockResponseHandler responseHandler = new MockResponseHandler(); + DiscFilterRequest request = createRequest(null, ACCESS_TOKEN, ROLE_CERTIFICATE); + filter.filter(request, responseHandler); + + assertAuthorizationResult(request, Type.ALLOW); + assertRequestNotFiltered(responseHandler); + assertMatchedCredentialType(request, EnabledCredentials.ROLE_CERTIFICATE); + assertMatchedRole(request, ROLE); + } + private void assertMetrics(MetricMock metric, String metricName, Map<String, String> dimensions) { assertThat(metric.addInvocations.keySet(), hasItem(metricName)); SimpleMetricContext metricContext = metric.addInvocations.get(metricName); |