tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-23 00:32:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

add a security module (#628) (#629)

Browse Source 
* Add security mechanisms, IP whitelists, blacklists, and extended security interfaces.

* Optimized configuration name

* Fix IP Security Bug

* Repair Security Protection Module Bug

* Add security module unit test

* Optimize log prompts
This commit is contained in:
阿凌 2018-09-26 01:29:38 +08:00 committed by Tom Pallister
parent aa14b2f877
commit 4a8f4c2e03
18 changed files with 526 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Ocelot/Configuration/Builder/DownstreamReRouteBuilder.cs
View File

@ -38,7 +38,7 @@ namespace Ocelot.Configuration.Builder
private List<AddHeader> _addHeadersToDownstream;
private List<AddHeader> _addHeadersToUpstream;
private bool _dangerousAcceptAnyServerCertificateValidator;
private SecurityOptions _securityOptions;
public DownstreamReRouteBuilder()
{
_downstreamAddresses = new List<DownstreamHostAndPort>();
@ -227,6 +227,12 @@ namespace Ocelot.Configuration.Builder
return this;
}
public DownstreamReRouteBuilder WithSecurityOptions(SecurityOptions securityOptions)
{
_securityOptions = securityOptions;
return this;
}
public DownstreamReRoute Build()
{
return new DownstreamReRoute(
@ -258,7 +264,8 @@ namespace Ocelot.Configuration.Builder
_delegatingHandlers,
_addHeadersToDownstream,
_addHeadersToUpstream,
_dangerousAcceptAnyServerCertificateValidator);
_dangerousAcceptAnyServerCertificateValidator,
_securityOptions);
}
}
}

12
src/Ocelot/Configuration/Creator/ISecurityOptionsCreator.cs Normal file
View File

@ -0,0 +1,12 @@
using Ocelot.Configuration.File;
using System;
using System.Collections.Generic;
using System.Text;
namespace Ocelot.Configuration.Creator
{
public interface ISecurityOptionsCreator
{
SecurityOptions Create(FileSecurityOptions securityOptions);
}
}

8
src/Ocelot/Configuration/Creator/ReRoutesCreator.cs
View File

@ -21,6 +21,7 @@ namespace Ocelot.Configuration.Creator
private readonly IHeaderFindAndReplaceCreator _headerFAndRCreator;
private readonly IDownstreamAddressesCreator _downstreamAddressesCreator;
private readonly IReRouteKeyCreator _reRouteKeyCreator;
private readonly ISecurityOptionsCreator _securityOptionsCreator;
public ReRoutesCreator(
IClaimsToThingCreator claimsToThingCreator,
@ -35,7 +36,8 @@ namespace Ocelot.Configuration.Creator
IHeaderFindAndReplaceCreator headerFAndRCreator,
IDownstreamAddressesCreator downstreamAddressesCreator,
ILoadBalancerOptionsCreator loadBalancerOptionsCreator,
IReRouteKeyCreator reRouteKeyCreator
IReRouteKeyCreator reRouteKeyCreator,
ISecurityOptionsCreator securityOptionsCreator
)
{
_reRouteKeyCreator = reRouteKeyCreator;
@ -52,6 +54,7 @@ namespace Ocelot.Configuration.Creator
_fileReRouteOptionsCreator = fileReRouteOptionsCreator;
_httpHandlerOptionsCreator = httpHandlerOptionsCreator;
_loadBalancerOptionsCreator = loadBalancerOptionsCreator;
_securityOptionsCreator = securityOptionsCreator;
}
public List<ReRoute> Create(FileConfiguration fileConfiguration)
@ -97,6 +100,8 @@ namespace Ocelot.Configuration.Creator
var lbOptions = _loadBalancerOptionsCreator.Create(fileReRoute.LoadBalancerOptions);
var securityOptions = _securityOptionsCreator.Create(fileReRoute.SecurityOptions);
var reRoute = new DownstreamReRouteBuilder()
.WithKey(fileReRoute.Key)
.WithDownstreamPathTemplate(fileReRoute.DownstreamPathTemplate)
@ -128,6 +133,7 @@ namespace Ocelot.Configuration.Creator
.WithAddHeadersToDownstream(hAndRs.AddHeadersToDownstream)
.WithAddHeadersToUpstream(hAndRs.AddHeadersToUpstream)
.WithDangerousAcceptAnyServerCertificateValidator(fileReRoute.DangerousAcceptAnyServerCertificateValidator)
.WithSecurityOptions(securityOptions)
.Build();
return reRoute;

15
src/Ocelot/Configuration/Creator/SecurityOptionsCreator.cs Normal file
View File

@ -0,0 +1,15 @@
using System;
using System.Collections.Generic;
using System.Text;
using Ocelot.Configuration.File;
namespace Ocelot.Configuration.Creator
{
public class SecurityOptionsCreator : ISecurityOptionsCreator
{
public SecurityOptions Create(FileSecurityOptions securityOptions)
{
return new SecurityOptions(securityOptions.IPAllowedList, securityOptions.IPBlockedList);
}
}
}

5
src/Ocelot/Configuration/DownstreamReRoute.cs
View File

@ -35,7 +35,8 @@ namespace Ocelot.Configuration
List<string> delegatingHandlers,
List<AddHeader> addHeadersToDownstream,
List<AddHeader> addHeadersToUpstream,
bool dangerousAcceptAnyServerCertificateValidator)
bool dangerousAcceptAnyServerCertificateValidator,
SecurityOptions securityOptions)
{
DangerousAcceptAnyServerCertificateValidator = dangerousAcceptAnyServerCertificateValidator;
AddHeadersToDownstream = addHeadersToDownstream;
@ -66,6 +67,7 @@ namespace Ocelot.Configuration
DownstreamPathTemplate = downstreamPathTemplate;
LoadBalancerKey = loadBalancerKey;
AddHeadersToUpstream = addHeadersToUpstream;
SecurityOptions = securityOptions;
}
public string Key { get; }
@ -97,5 +99,6 @@ namespace Ocelot.Configuration
public List<AddHeader> AddHeadersToDownstream { get; }
public List<AddHeader> AddHeadersToUpstream { get; }
public bool DangerousAcceptAnyServerCertificateValidator { get; }
public SecurityOptions SecurityOptions { get; }
}
}

2
src/Ocelot/Configuration/File/FileReRoute.cs
View File

@ -21,6 +21,7 @@ namespace Ocelot.Configuration.File
DownstreamHostAndPorts = new List<FileHostAndPort>();
DelegatingHandlers = new List<string>();
LoadBalancerOptions = new FileLoadBalancerOptions();
SecurityOptions = new FileSecurityOptions();
Priority = 1;
}
@ -50,5 +51,6 @@ namespace Ocelot.Configuration.File
public int Priority { get;set; }
public int Timeout { get; set; }
public bool DangerousAcceptAnyServerCertificateValidator { get; set; }
public FileSecurityOptions SecurityOptions { get; set; }
}
}

19
src/Ocelot/Configuration/File/FileSecurityOptions.cs Normal file
View File

@ -0,0 +1,19 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace Ocelot.Configuration.File
{
public class FileSecurityOptions
{
public FileSecurityOptions()
{
IPAllowedList = new List<string>();
IPBlockedList = new List<string>();
}
public List<string> IPAllowedList { get; set; }
public List<string> IPBlockedList { get; set; }
}
}

19
src/Ocelot/Configuration/SecurityOptions.cs Normal file
View File

@ -0,0 +1,19 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace Ocelot.Configuration
{
public class SecurityOptions
{
public SecurityOptions(List<string> allowedList, List<string> blockedList)
{
this.IPAllowedList = allowedList;
this.IPBlockedList = blockedList;
}
public List<string> IPAllowedList { get; private set; }
public List<string> IPBlockedList { get; private set; }
}
}

11
src/Ocelot/DependencyInjection/OcelotBuilder.cs
View File

@ -35,6 +35,8 @@ namespace Ocelot.DependencyInjection
using Ocelot.Infrastructure;
using Ocelot.Middleware.Multiplexer;
using Ocelot.Request.Creator;
using Ocelot.Security.IPSecurity;
using Ocelot.Security;
public class OcelotBuilder : IOcelotBuilder
{
@ -125,6 +127,9 @@ namespace Ocelot.DependencyInjection
Services.TryAddSingleton<IQoSFactory, QoSFactory>();
Services.TryAddSingleton<IExceptionToErrorMapper, HttpExeptionToErrorMapper>();
//add security
this.AddSecurity();
//add asp.net services..
var assembly = typeof(FileConfigurationController).GetTypeInfo().Assembly;
@ -153,6 +158,12 @@ namespace Ocelot.DependencyInjection
return this;
}
private void AddSecurity()
{
Services.TryAddSingleton<ISecurityOptionsCreator, SecurityOptionsCreator>();
Services.TryAddSingleton<ISecurityPolicy, IPSecurityPolicy>();
}
public IOcelotBuilder AddDelegatingHandler<THandler>(bool global = false)
where THandler : DelegatingHandler
{

4
src/Ocelot/Middleware/Pipeline/OcelotPipelineExtensions.cs
View File

@ -15,6 +15,7 @@ using Ocelot.Request.Middleware;
using Ocelot.Requester.Middleware;
using Ocelot.RequestId.Middleware;
using Ocelot.Responder.Middleware;
using Ocelot.Security.Middleware;
using Ocelot.WebSockets.Middleware;
namespace Ocelot.Middleware.Pipeline
@ -48,6 +49,9 @@ namespace Ocelot.Middleware.Pipeline
// Then we get the downstream route information
builder.UseDownstreamRouteFinderMiddleware();
// This security module, IP whitelist blacklist, extended security mechanism
builder.UseSecurityMiddleware();
//Expand other branch pipes
if (pipelineConfiguration.MapWhenOcelotPipeline != null)
{

44
src/Ocelot/Security/IPSecurity/IPSecurityPolicy.cs Normal file
View File

@ -0,0 +1,44 @@
using System;
using System.Collections.Generic;
using System.Net;
using System.Text;
using System.Threading.Tasks;
using Ocelot.Configuration;
using Ocelot.Middleware;
using Ocelot.Responses;
namespace Ocelot.Security.IPSecurity
{
public class IPSecurityPolicy : ISecurityPolicy
{
public async Task<Response> Security(DownstreamContext context)
{
IPAddress clientIp = context.HttpContext.Connection.RemoteIpAddress;
SecurityOptions securityOptions = context.DownstreamReRoute.SecurityOptions;
if (securityOptions == null)
{
return new OkResponse();
}
if (securityOptions.IPBlockedList != null)
{
if (securityOptions.IPBlockedList.Exists(f => f == clientIp.ToString()))
{
var error = new UnauthenticatedError($" This request rejects access to {clientIp.ToString()} IP");
return new ErrorResponse(error);
}
}
if (securityOptions.IPAllowedList != null && securityOptions.IPAllowedList.Count > 0)
{
if (!securityOptions.IPAllowedList.Exists(f => f == clientIp.ToString()))
{
var error = new UnauthenticatedError($"{clientIp.ToString()} does not allow access, the request is invalid");
return new ErrorResponse(error);
}
}
return await Task.FromResult(new OkResponse());
}
}
}

14
src/Ocelot/Security/ISecurityPolicy.cs Normal file
View File

@ -0,0 +1,14 @@
using Ocelot.Middleware;
using Ocelot.Responses;
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading.Tasks;
namespace Ocelot.Security
{
public interface ISecurityPolicy
{
Task<Response> Security(DownstreamContext context);
}
}

43
src/Ocelot/Security/Middleware/SecurityMiddleware.cs Normal file
View File

@ -0,0 +1,43 @@
using Ocelot.Logging;
using Ocelot.Middleware;
using System.Collections.Generic;
using System.Threading.Tasks;
namespace Ocelot.Security.Middleware
{
public class SecurityMiddleware : OcelotMiddleware
{
private readonly OcelotRequestDelegate _next;
private readonly IOcelotLogger _logger;
private readonly IEnumerable<ISecurityPolicy> _securityPolicies;
public SecurityMiddleware(IOcelotLoggerFactory loggerFactory,
IEnumerable<ISecurityPolicy> securityPolicies,
OcelotRequestDelegate next)
: base(loggerFactory.CreateLogger<SecurityMiddleware>())
{
_logger = loggerFactory.CreateLogger<SecurityMiddleware>();
_securityPolicies = securityPolicies;
_next = next;
}
public async Task Invoke(DownstreamContext context)
{
if (_securityPolicies != null)
{
foreach (var policie in _securityPolicies)
{
var result = await policie.Security(context);
if (!result.IsError)
{
continue;
}
this.SetPipelineError(context, result.Errors);
return;
}
}
await _next.Invoke(context);
}
}
}

15
src/Ocelot/Security/Middleware/SecurityMiddlewareExtensions.cs Normal file
View File

@ -0,0 +1,15 @@
using Ocelot.Middleware.Pipeline;
using System;
using System.Collections.Generic;
using System.Text;
namespace Ocelot.Security.Middleware
{
public static class SecurityMiddlewareExtensions
{
public static IOcelotPipelineBuilder UseSecurityMiddleware(this IOcelotPipelineBuilder builder)
{
return builder.UseMiddleware<SecurityMiddleware>();
}
}
}

7
test/Ocelot.UnitTests/Configuration/ReRoutesCreatorTests.cs
View File

@ -30,6 +30,7 @@
private Mock<IDownstreamAddressesCreator> _daCreator;
private Mock<ILoadBalancerOptionsCreator> _lboCreator;
private Mock<IReRouteKeyCreator> _rrkCreator;
private Mock<ISecurityOptionsCreator> _soCreator;
private FileConfiguration _fileConfig;
private ReRouteOptions _rro;
private string _requestId;
@ -45,6 +46,7 @@
private List<DownstreamHostAndPort> _dhp;
private LoadBalancerOptions _lbo;
private List<ReRoute> _result;
private SecurityOptions _securityOptions;
public ReRoutesCreatorTests()
{
@ -61,6 +63,7 @@
_daCreator = new Mock<IDownstreamAddressesCreator>();
_lboCreator = new Mock<ILoadBalancerOptionsCreator>();
_rrkCreator = new Mock<IReRouteKeyCreator>();
_soCreator = new Mock<ISecurityOptionsCreator>();
_creator = new ReRoutesCreator(
_cthCreator.Object,
@ -75,7 +78,8 @@
_hfarCreator.Object,
_daCreator.Object,
_lboCreator.Object,
_rrkCreator.Object
_rrkCreator.Object,
_soCreator.Object
);
}
@ -266,6 +270,7 @@
_hfarCreator.Verify(x => x.Create(fileReRoute), Times.Once);
_daCreator.Verify(x => x.Create(fileReRoute), Times.Once);
_lboCreator.Verify(x => x.Create(fileReRoute.LoadBalancerOptions), Times.Once);
_soCreator.Verify(x => x.Create(fileReRoute.SecurityOptions), Times.Once);
}
}
}

72
test/Ocelot.UnitTests/Configuration/SecurityOptionsCreatorTests.cs Normal file
View File

@ -0,0 +1,72 @@
using Ocelot.Configuration;
using Ocelot.Configuration.Creator;
using Ocelot.Configuration.File;
using Shouldly;
using System;
using System.Collections.Generic;
using System.Text;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.Configuration
{
public class SecurityOptionsCreatorTests
{
private FileReRoute _fileReRoute;
private FileGlobalConfiguration _fileGlobalConfig;
private SecurityOptions _result;
private ISecurityOptionsCreator _creator;
public SecurityOptionsCreatorTests()
{
_creator = new SecurityOptionsCreator();
}
[Fact]
public void should_create_security_config()
{
var ipAllowedList = new List<string>() { "127.0.0.1", "192.168.1.1" };
var ipBlockedList = new List<string>() { "127.0.0.1", "192.168.1.1" };
var fileReRoute = new FileReRoute
{
SecurityOptions = new FileSecurityOptions()
{
IPAllowedList = ipAllowedList,
IPBlockedList = ipBlockedList
}
};
var expected = new SecurityOptions(ipAllowedList, ipBlockedList);
this.Given(x => x.GivenThe(fileReRoute))
.When(x => x.WhenICreate())
.Then(x => x.ThenTheResultIs(expected))
.BDDfy();
}
private void GivenThe(FileReRoute reRoute)
{
_fileReRoute = reRoute;
}
private void WhenICreate()
{
_result = _creator.Create(_fileReRoute.SecurityOptions);
}
private void ThenTheResultIs(SecurityOptions expected)
{
for (int i = 0; i < expected.IPAllowedList.Count; i++)
{
_result.IPAllowedList[i].ShouldBe(expected.IPAllowedList[i]);
}
for (int i = 0; i < expected.IPBlockedList.Count; i++)
{
_result.IPBlockedList[i].ShouldBe(expected.IPBlockedList[i]);
}
}
}
}

117
test/Ocelot.UnitTests/Security/IPSecurityPolicyTests.cs Normal file
View File

@ -0,0 +1,117 @@
using Microsoft.AspNetCore.Http;
using Ocelot.Configuration;
using Ocelot.Configuration.Builder;
using Ocelot.Middleware;
using Ocelot.Request.Middleware;
using Ocelot.Responses;
using Ocelot.Security.IPSecurity;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Text;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.Security
{
public class IPSecurityPolicyTests
{
private readonly DownstreamContext _downstreamContext;
private readonly DownstreamReRouteBuilder _downstreamReRouteBuilder;
private readonly IPSecurityPolicy _ipSecurityPolicy;
private Response response;
public IPSecurityPolicyTests()
{
_downstreamContext = new DownstreamContext(new DefaultHttpContext());
_downstreamContext.DownstreamRequest = new DownstreamRequest(new HttpRequestMessage(HttpMethod.Get, "http://test.com"));
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
_downstreamReRouteBuilder = new DownstreamReRouteBuilder();
_ipSecurityPolicy = new IPSecurityPolicy();
}
[Fact]
private void should_No_blocked_Ip_and_allowed_Ip()
{
this.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_blockedIp_clientIp_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
this.Given(x => x.GivenSetBlockedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenNotSecurityPassing())
.BDDfy();
}
[Fact]
private void should_blockedIp_clientIp_Not_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.2")[0];
this.Given(x => x.GivenSetBlockedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_allowedIp_clientIp_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.1")[0];
this.Given(x => x.GivenSetAllowedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenSecurityPassing())
.BDDfy();
}
[Fact]
private void should_allowedIp_clientIp_Not_block()
{
_downstreamContext.HttpContext.Connection.RemoteIpAddress = Dns.GetHostAddresses("192.168.1.2")[0];
this.Given(x => x.GivenSetAllowedIP())
.Given(x => x.GivenSetDownstreamReRoute())
.When(x => x.WhenTheSecurityPolicy())
.Then(x => x.ThenNotSecurityPassing())
.BDDfy();
}
private void GivenSetAllowedIP()
{
_downstreamReRouteBuilder.WithSecurityOptions(new SecurityOptions(new List<string> { "192.168.1.1" }, new List<string>()));
}
private void GivenSetBlockedIP()
{
_downstreamReRouteBuilder.WithSecurityOptions(new SecurityOptions(new List<string>(), new List<string> { "192.168.1.1" }));
}
private void GivenSetDownstreamReRoute()
{
_downstreamContext.DownstreamReRoute = _downstreamReRouteBuilder.Build();
}
private void WhenTheSecurityPolicy()
{
response = this._ipSecurityPolicy.Security(_downstreamContext).GetAwaiter().GetResult();
}
private void ThenSecurityPassing()
{
Assert.False(response.IsError);
}
private void ThenNotSecurityPassing()
{
Assert.True(response.IsError);
}
}
}

108
test/Ocelot.UnitTests/Security/SecurityMiddlewareTests.cs Normal file
View File

@ -0,0 +1,108 @@
using Microsoft.AspNetCore.Http;
using Moq;
using Ocelot.Errors;
using Ocelot.Logging;
using Ocelot.Middleware;
using Ocelot.Request.Middleware;
using Ocelot.Responses;
using Ocelot.Security;
using Ocelot.Security.IPSecurity;
using Ocelot.Security.Middleware;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using TestStack.BDDfy;
using Xunit;
namespace Ocelot.UnitTests.Security
{
public class SecurityMiddlewareTests
{
private List<Mock<ISecurityPolicy>> _securityPolicyList;
private Mock<IOcelotLoggerFactory> _loggerFactory;
private Mock<IOcelotLogger> _logger;
private readonly SecurityMiddleware _middleware;
private readonly DownstreamContext _downstreamContext;
private readonly OcelotRequestDelegate _next;
public SecurityMiddlewareTests()
{
_loggerFactory = new Mock<IOcelotLoggerFactory>();
_logger = new Mock<IOcelotLogger>();
_loggerFactory.Setup(x => x.CreateLogger<SecurityMiddleware>()).Returns(_logger.Object);
_securityPolicyList = new List<Mock<ISecurityPolicy>>();
_securityPolicyList.Add(new Mock<ISecurityPolicy>());
_securityPolicyList.Add(new Mock<ISecurityPolicy>());
_next = context =>
{
return Task.CompletedTask;
};
_middleware = new SecurityMiddleware(_loggerFactory.Object, _securityPolicyList.Select(f => f.Object).ToList(), _next);
_downstreamContext = new DownstreamContext(new DefaultHttpContext());
_downstreamContext.DownstreamRequest = new DownstreamRequest(new HttpRequestMessage(HttpMethod.Get, "http://test.com"));
}
[Fact]
public void should_legal_request()
{
this.Given(x => x.GivenPassingSecurityVerification())
.When(x => x.WhenICallTheMiddleware())
.Then(x => x.ThenTheRequestIsPassingSecurity())
.BDDfy();
}
[Fact]
public void should_verification_failed_request()
{
this.Given(x => x.GivenNotPassingSecurityVerification())
.When(x => x.WhenICallTheMiddleware())
.Then(x => x.ThenTheRequestIsNotPassingSecurity())
.BDDfy();
}
private void GivenPassingSecurityVerification()
{
foreach (var item in _securityPolicyList)
{
Response response = new OkResponse();
item.Setup(x => x.Security(_downstreamContext)).Returns(Task.FromResult(response));
}
}
private void GivenNotPassingSecurityVerification()
{
for (int i = 0; i < _securityPolicyList.Count; i++)
{
Mock<ISecurityPolicy> item = _securityPolicyList[i];
if (i == 0)
{
Error error = new UnauthenticatedError($"Not passing security verification");
Response response = new ErrorResponse(error);
item.Setup(x => x.Security(_downstreamContext)).Returns(Task.FromResult(response));
}
else
{
Response response = new OkResponse();
item.Setup(x => x.Security(_downstreamContext)).Returns(Task.FromResult(response));
}
}
}
private void WhenICallTheMiddleware()
{
_middleware.Invoke(_downstreamContext).GetAwaiter().GetResult();
}
private void ThenTheRequestIsPassingSecurity()
{
Assert.False(_downstreamContext.IsError);
}
private void ThenTheRequestIsNotPassingSecurity()
{
Assert.True(_downstreamContext.IsError);
}
}
}