Merge branch 'IBM-policy-fix' into 'master'

Ibm policy fix

See merge request !600

NOTICE

@@ -34,6 +34,7 @@ Apache-2.0
 ========================================================================
 The following software have components provided under the terms of this license:
 
+- AHC/Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
 - AMQP 1.0 JMS Spring Boot AutoConfiguration (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-autoconfigure)
 - AMQP 1.0 JMS Spring Boot Starter (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-starter)
 - ASM based accessors helper used by json-smart (from https://urielch.github.io/)
@@ -320,7 +321,6 @@ The following software have components provided under the terms of this license:
 - Apache Log4j SLF4J Binding (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl)
 - Apache Log4j to SLF4J Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j)
 - AssertJ Core (from ${project.organization.url}#${project.artifactId})
-- Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
 - Asynchronous Http Client Netty Utils (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client-netty-utils)
 - AutoValue Annotations (from https://github.com/google/auto/tree/master/value, https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations)
 - BSON (from http://bsonspec.org, https://bsonspec.org)

testing/storage-test-ibm/src/test/java/org/opengroup/osdu/storage/records/TestRecordAccessAuthorization.java

@@ -14,11 +14,24 @@
 
 package org.opengroup.osdu.storage.records;
 
+import static org.junit.Assert.assertEquals;
+
+import java.util.Map;
+
+import org.apache.http.HttpStatus;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.opengroup.osdu.storage.util.HeaderUtils;
 import org.opengroup.osdu.storage.util.IBMTestUtils;
+import org.opengroup.osdu.storage.util.RecordUtil;
+import org.opengroup.osdu.storage.util.TenantUtils;
+import org.opengroup.osdu.storage.util.TestUtils;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.sun.jersey.api.client.ClientResponse;
 
 public class TestRecordAccessAuthorization extends RecordAccessAuthorizationTests {
 
@@ -45,5 +58,20 @@ public class TestRecordAccessAuthorization extends RecordAccessAuthorizationTest
     public void tearDown() throws Exception {
         this.testUtils = null;
 	}
+    
+    @Override
+    public void should_receiveHttp403_when_userIsNotAuthorizedToUpdateARecord() throws Exception {
+        Map<String, String> headers = HeaderUtils.getHeaders(TenantUtils.getTenantName(),
+            testUtils.getNoDataAccessToken());
+
+        ClientResponse response = TestUtils.send("records", "PUT", headers,
+            RecordUtil.createDefaultJsonRecord(RECORD_ID, KIND, LEGAL_TAG), "");
+
+        assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatus());
+        JsonObject json = new JsonParser().parse(response.getEntity(String.class)).getAsJsonObject();
+        assertEquals(401, json.get("code").getAsInt());
+        assertEquals("Error from compliance service", json.get("reason").getAsString());
+        assertEquals("Legal response 401 {\"code\":401,\"reason\":\"Unauthorized\",\"message\":\"The user is not authorized to perform this action\"}", json.get("message").getAsString());
+    }
 
 }
\ No newline at end of file