mirror of
https://github.com/apache/archiva.git
synced 2025-02-07 02:29:23 +00:00
-updated RepositoryServletSecurityTest
-added test class for ArchivaServletAuthenticator git-svn-id: https://svn.apache.org/repos/asf/archiva/branches@701910 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Maria Odea B. Ching
parent
1f915afcf6
commit
94eecdf30c
@ -0,0 +1,50 @@
|
||||
package org.apache.maven.archiva.security;
|
||||
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
import org.codehaus.plexus.spring.PlexusInSpringTestCase;
|
||||
|
||||
/**
|
||||
* ArchivaServletAuthenticatorTest
|
||||
*
|
||||
* @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>
|
||||
* @version
|
||||
*/
|
||||
public class ArchivaServletAuthenticatorTest
|
||||
extends PlexusInSpringTestCase
|
||||
{
|
||||
public void setUp()
|
||||
throws Exception
|
||||
{
|
||||
super.setUp();
|
||||
}
|
||||
|
||||
public void testIsAuthenticated()
|
||||
throws Exception
|
||||
{
|
||||
//TODO
|
||||
}
|
||||
|
||||
public void testIsAuthorized()
|
||||
throws Exception
|
||||
{
|
||||
//TODO
|
||||
}
|
||||
}
|
||||
@ -91,11 +91,7 @@ public class RepositoryServletSecurityTest
|
||||
private ArchivaXworkUser archivaXworkUser;
|
||||
|
||||
private RepositoryServlet servlet;
|
||||
|
||||
private MockControl davResourceFactoryControl;
|
||||
|
||||
private DavResourceFactory davResourceFactory;
|
||||
|
||||
|
||||
public void setUp()
|
||||
throws Exception
|
||||
{
|
||||
@ -135,11 +131,7 @@ public void setUp()
|
||||
archivaXworkUser = new ArchivaXworkUser();
|
||||
archivaXworkUser.setGuest( "guest" );
|
||||
|
||||
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );
|
||||
|
||||
davResourceFactoryControl = MockControl.createControl( DavResourceFactory.class );
|
||||
davResourceFactoryControl.setDefaultMatcher( new AlwaysMatcher() );
|
||||
davResourceFactory = (DavResourceFactory) davResourceFactoryControl.getMock();
|
||||
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );
|
||||
}
|
||||
|
||||
protected ManagedRepositoryConfiguration createManagedRepository( String id, String name, File location )
|
||||
@ -230,8 +222,7 @@ public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
|
||||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//WebResponse response = sc.getResponse( request );
|
||||
|
||||
servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
|
||||
httpAuthControl.verify();
|
||||
@ -270,8 +261,7 @@ public void testPutWithInvalidUserAndGuestHasWriteAccess()
|
||||
servletAuth.isAuthorized( "guest", "internal", true );
|
||||
servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
|
||||
servletAuthControl.setReturnValue( true );
|
||||
//servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true );
|
||||
|
||||
|
||||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
|
||||
@ -283,12 +273,10 @@ public void testPutWithInvalidUserAndGuestHasWriteAccess()
|
||||
servletAuth.isAuthorized( "guest", "internal", true );
|
||||
servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
|
||||
servletAuthControl.setReturnValue( true );
|
||||
//servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true );
|
||||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//WebResponse response = sc.getResponse( request );
|
||||
servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
|
||||
httpAuthControl.verify();
|
||||
@ -333,7 +321,6 @@ public void testPutWithValidUserWithNoWriteAccess()
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//WebResponse response = sc.getResponse( request );
|
||||
servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
|
||||
httpAuthControl.verify();
|
||||
@ -379,9 +366,6 @@ public void testPutWithValidUserWithWriteAccess()
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
// WebResponse response = sc.getResponse( request );
|
||||
// WebResponse response = ic.getServletResponse();
|
||||
|
||||
servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
|
||||
httpAuthControl.verify();
|
||||
@ -534,26 +518,33 @@ public void testGetWithAValidUserWithNoReadAccess()
|
||||
InvocationContext ic = sc.newInvocation( request );
|
||||
servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
servlet.setResourceFactory( davResourceFactory );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
archivaDavResourceFactory.setHttpAuth( httpAuth );
|
||||
archivaDavResourceFactory.setServletAuth( servletAuth );
|
||||
|
||||
servlet.setResourceFactory( archivaDavResourceFactory );
|
||||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
|
||||
servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
|
||||
|
||||
//TODO remove davResourceFactoryControl!
|
||||
davResourceFactoryControl.expectAndThrow( davResourceFactory.createResource( null, null, null ),
|
||||
new UnauthorizedDavException( "internal", "User not authorized" ) );
|
||||
|
||||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
|
||||
httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
|
||||
servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
|
||||
servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal", true ),
|
||||
new UnauthorizedException( "User not authorized to read repository." ) );
|
||||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
davResourceFactoryControl.replay();
|
||||
|
||||
|
||||
WebResponse response = sc.getResponse( request );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
davResourceFactoryControl.verify();
|
||||
|
||||
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user