Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix unit test 

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1555670 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Olivier Lamy 2014-01-06 05:31:26 +00:00
parent 7065cd1585
commit f9e7178608
2 changed files with 225 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java
View File

@ -95,6 +95,9 @@ public abstract class AbstractRepositoryServletTestCase
protected static int port; protected static int port;
StandardContext context;
@Before @Before
public void setUp() public void setUp()
throws Exception throws Exception
@ -140,9 +143,6 @@ public abstract class AbstractRepositoryServletTestCase
} }
StandardContext context;
UnauthenticatedRepositoryServlet servlet;
protected void startRepository() protected void startRepository()
throws Exception throws Exception
@ -151,7 +151,7 @@ public abstract class AbstractRepositoryServletTestCase
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) ); tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
tomcat.setPort( 0 ); tomcat.setPort( 0 );
context = (StandardContext) tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ); context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
ApplicationParameter applicationParameter = new ApplicationParameter(); ApplicationParameter applicationParameter = new ApplicationParameter();
applicationParameter.setName( "contextConfigLocation" ); applicationParameter.setName( "contextConfigLocation" );
@ -162,9 +162,7 @@ public abstract class AbstractRepositoryServletTestCase
context.addApplicationListener( MavenIndexerCleaner.class.getName() ); context.addApplicationListener( MavenIndexerCleaner.class.getName() );
servlet = new UnauthenticatedRepositoryServlet(); Tomcat.addServlet( context, "repository", new UnauthenticatedRepositoryServlet() );
Tomcat.addServlet( context, "repository", servlet );
context.addServletMapping( "/repository/*", "repository" ); context.addServletMapping( "/repository/*", "repository" );
Tomcat.addServlet( context, "reinitservlet", new ReinitServlet() ); Tomcat.addServlet( context, "reinitservlet", new ReinitServlet() );

341
archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java
View File

@ -40,13 +40,15 @@ import org.apache.archiva.security.ServletAuthenticator;
import org.apache.archiva.security.common.ArchivaRoleConstants; import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.archiva.test.utils.ArchivaSpringJUnit4ClassRunner; import org.apache.archiva.test.utils.ArchivaSpringJUnit4ClassRunner;
import org.apache.archiva.webdav.util.MavenIndexerCleaner; import org.apache.archiva.webdav.util.MavenIndexerCleaner;
import org.apache.catalina.Context; import org.apache.catalina.Container;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.ApplicationParameter; import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.webdav.DavSessionProvider; import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.easymock.EasyMock; import org.easymock.EasyMock;
import static org.easymock.EasyMock.*;
import org.easymock.IMocksControl; import org.easymock.IMocksControl;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
@ -54,10 +56,13 @@ import org.junit.Ignore;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.ContextConfiguration;
import org.springframework.web.context.ContextLoaderListener; import org.springframework.web.context.ContextLoaderListener;
import javax.inject.Inject; import javax.inject.Inject;
import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
@ -66,6 +71,9 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.eq;
/** /**
* RepositoryServletSecurityTest Test the flow of the authentication and authorization checks. This does not necessarily * RepositoryServletSecurityTest Test the flow of the authentication and authorization checks. This does not necessarily
* perform redback security checking. * perform redback security checking.
@ -98,6 +106,8 @@ public class RepositoryServletSecurityTest
protected static int port; protected static int port;
StandardContext context;
@Inject @Inject
ApplicationContext applicationContext; ApplicationContext applicationContext;
@ -128,18 +138,11 @@ public class RepositoryServletSecurityTest
CacheManager.getInstance().clearAll(); CacheManager.getInstance().clearAll();
/*
sr = new ServletRunner( new File( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
sc = sr.newClient();
*/
tomcat = new Tomcat(); tomcat = new Tomcat();
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) ); tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
tomcat.setPort( 0 ); tomcat.setPort( 0 );
Context context = tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ); context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
ApplicationParameter applicationParameter = new ApplicationParameter(); ApplicationParameter applicationParameter = new ApplicationParameter();
applicationParameter.setName( "contextConfigLocation" ); applicationParameter.setName( "contextConfigLocation" );
@ -157,7 +160,6 @@ public class RepositoryServletSecurityTest
this.port = tomcat.getConnector().getLocalPort(); this.port = tomcat.getConnector().getLocalPort();
servletAuthControl = EasyMock.createControl(); servletAuthControl = EasyMock.createControl();
servletAuth = servletAuthControl.createMock( ServletAuthenticator.class ); servletAuth = servletAuthControl.createMock( ServletAuthenticator.class );
@ -167,6 +169,17 @@ public class RepositoryServletSecurityTest
httpAuth = httpAuthControl.createMock( HttpAuthenticator.class ); httpAuth = httpAuthControl.createMock( HttpAuthenticator.class );
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth ); davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
// FIXME use mock to avoid starting Tomcat
//RepositoryServlet repositoryServlet = new RepositoryServlet();
//MockServletConfig mockServletConfig = new MockServletConfig();
//MockServletContext mockServletContext = new MockServletContext( );
//mockServletContext
//repositoryServlet.init( mockServletConfig );
servlet = RepositoryServlet.class.cast( findServlet( "repository" ) );
} }
protected String getSpringConfigLocation() protected String getSpringConfigLocation()
@ -211,7 +224,6 @@ public class RepositoryServletSecurityTest
throws Exception throws Exception
{ {
if ( repoRootInternal.exists() ) if ( repoRootInternal.exists() )
{ {
FileUtils.deleteDirectory( repoRootInternal ); FileUtils.deleteDirectory( repoRootInternal );
@ -219,7 +231,7 @@ public class RepositoryServletSecurityTest
servlet = null; servlet = null;
if (this.tomcat != null) if ( this.tomcat != null )
{ {
this.tomcat.stop(); this.tomcat.stop();
} }
@ -227,27 +239,41 @@ public class RepositoryServletSecurityTest
super.tearDown(); super.tearDown();
} }
protected Servlet findServlet( String name )
throws Exception
{
Container[] childs = context.findChildren();
for ( Container container : childs )
{
if ( StringUtils.equals( container.getName(), name ) )
{
Tomcat.ExistingStandardWrapper esw = Tomcat.ExistingStandardWrapper.class.cast( container );
Servlet servlet = esw.loadServlet();
return servlet;
}
}
return null;
}
// test deploy with invalid user, and guest has no write access to repo // test deploy with invalid user, and guest has no write access to repo
// 401 must be returned // 401 must be returned
@Ignore("rewrite") @Test
public void testPutWithInvalidUserAndGuestHasNoWriteAccess() public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
throws Exception throws Exception
{ {
setupCleanRepo( repoRootInternal ); setupCleanRepo( repoRootInternal );
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" ); InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is ); assertNotNull( "artifact.jar inputstream", is );
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
servletAuth.isAuthenticated( EasyMock.anyObject( HttpServletRequest.class ), servletAuth.isAuthenticated( EasyMock.anyObject( HttpServletRequest.class ),
EasyMock.anyObject( AuthenticationResult.class ) ); EasyMock.anyObject( AuthenticationResult.class ) );
@ -259,30 +285,30 @@ public class RepositoryServletSecurityTest
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "PUT" );
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
mockHttpServletRequest.setContentType( "application/octet-stream" );
//servlet.service( ic.getRequest(), ic.getResponse() ); MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
//assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode()); assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
} }
// test deploy with invalid user, but guest has write access to repo // test deploy with invalid user, but guest has write access to repo
@Ignore("rewrite") @Test
public void testPutWithInvalidUserAndGuestHasWriteAccess() public void testPutWithInvalidUserAndGuestHasWriteAccess()
throws Exception throws Exception
{ {
setupCleanRepo( repoRootInternal ); setupCleanRepo( repoRootInternal );
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -294,23 +320,28 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andThrow( anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) ); new AuthenticationException( "Authentication error" ) );
EasyMock.expect(servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD )).andReturn( true ); EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ).andReturn(
true );
// ArchivaDavResourceFactory#isAuthorized() // ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session ); EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect(servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) )).andThrow( new AuthenticationException( "Authentication error" ) ); EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null ); EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
@ -322,29 +353,33 @@ public class RepositoryServletSecurityTest
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
//servlet.service( ic.getRequest(), ic.getResponse() ); InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "PUT" );
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
mockHttpServletRequest.setContentType( "application/octet-stream" );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
// assertEquals( HttpServletResponse.SC_CREATED, response.getResponseCode() ); assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
} }
// test deploy with a valid user with no write access // test deploy with a valid user with no write access
@Ignore("rewrite") @Test
public void testPutWithValidUserWithNoWriteAccess() public void testPutWithValidUserWithNoWriteAccess()
throws Exception throws Exception
{ {
setupCleanRepo( repoRootInternal ); setupCleanRepo( repoRootInternal );
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -355,7 +390,8 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true ); anyObject( AuthenticationResult.class ) ) ).andReturn( true );
@ -364,45 +400,58 @@ public class RepositoryServletSecurityTest
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
//EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session ); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
//EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( new SimpleUser() ); EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession( true ) ) ).andReturn(
session );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( new SimpleUser() );
eq( result ) ) ).andReturn( true );
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"), EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andThrow( true );
EasyMock.expect(
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andThrow(
new UnauthorizedException( "User not authorized" ) ); new UnauthorizedException( "User not authorized" ) );
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
//servlet.service( ic.getRequest(), ic.getResponse() ); InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "PUT" );
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
mockHttpServletRequest.setContentType( "application/octet-stream" );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
// assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode()); assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
} }
// test deploy with a valid user with write access // test deploy with a valid user with write access
@Ignore("rewrite") @Test
public void testPutWithValidUserWithWriteAccess() public void testPutWithValidUserWithWriteAccess()
throws Exception throws Exception
{ {
setupCleanRepo( repoRootInternal ); setupCleanRepo( repoRootInternal );
assertTrue( repoRootInternal.exists() ); assertTrue( repoRootInternal.exists() );
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar"; String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" ); InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is ); assertNotNull( "artifact.jar inputstream", is );
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -416,7 +465,8 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class) )).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true ); anyObject( AuthenticationResult.class ) ) ).andReturn( true );
@ -427,35 +477,44 @@ public class RepositoryServletSecurityTest
// ArchivaDavResourceFactory#isAuthorized() // ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult(anyObject( HttpServletRequest.class ), EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class) ) ).andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
//EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session ); EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession() ) ).andReturn( session );
//EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( user ); EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( user );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true ); true );
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"), EasyMock.expect(
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andReturn( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
true ); eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andReturn( true );
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
//servlet.service( ic.getRequest(), ic.getResponse() ); mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "PUT" );
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
mockHttpServletRequest.setContentType( "application/octet-stream" );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
// assertEquals(HttpServletResponse.SC_CREATED, response.getResponseCode()); assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
assertEquals( "admin", listener.getEvents().get( 0 ).getUserId() ); assertEquals( "admin", listener.getEvents().get( 0 ).getUserId() );
} }
// test get with invalid user, and guest has read access to repo // test get with invalid user, and guest has read access to repo
@Ignore("rewrite") @Test
public void testGetWithInvalidUserAndGuestHasReadAccess() public void testGetWithInvalidUserAndGuestHasReadAccess()
throws Exception throws Exception
{ {
@ -467,9 +526,6 @@ public class RepositoryServletSecurityTest
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() ); FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -480,10 +536,12 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ) EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
.andReturn( result ); anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) ); new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal", EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
@ -493,31 +551,43 @@ public class RepositoryServletSecurityTest
// ArchivaDavResourceFactory#isAuthorized() // ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session ); EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null ); EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true ); true );
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"), EasyMock.expect(
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn( true ); servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
WebResponse response = null;// sc.getResponse( request ); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "GET" );
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() ); assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
} }
// test get with invalid user, and guest has no read access to repo // test get with invalid user, and guest has no read access to repo
@Ignore("rewrite") @Test
public void testGetWithInvalidUserAndGuestHasNoReadAccess() public void testGetWithInvalidUserAndGuestHasNoReadAccess()
throws Exception throws Exception
{ {
@ -529,16 +599,16 @@ public class RepositoryServletSecurityTest
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() ); FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) ); new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal", EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
@ -547,16 +617,24 @@ public class RepositoryServletSecurityTest
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
WebResponse response = null;//sc.getResponse( request ); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "GET" );
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() ); assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
} }
// test get with valid user with read access to repo // test get with valid user with read access to repo
@Ignore("rewrite") @Test
public void testGetWithAValidUserWithReadAccess() public void testGetWithAValidUserWithReadAccess()
throws Exception throws Exception
{ {
@ -568,9 +646,6 @@ public class RepositoryServletSecurityTest
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() ); FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -581,39 +656,52 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true ); EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized() // ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session ); EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() ); EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true ); true );
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"), EasyMock.expect(
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
true ); eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
WebResponse response = null;// sc.getResponse( request ); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "GET" );
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() ); assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() ); assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
} }
// test get with valid user with no read access to repo // test get with valid user with no read access to repo
@Ignore("rewrite") @Test
public void testGetWithAValidUserWithNoReadAccess() public void testGetWithAValidUserWithNoReadAccess()
throws Exception throws Exception
{ {
@ -625,9 +713,6 @@ public class RepositoryServletSecurityTest
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() ); FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
//InvocationContext ic = sc.newInvocation( request );
//servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider ); servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@ -638,33 +723,47 @@ public class RepositoryServletSecurityTest
AuthenticationResult result = new AuthenticationResult(); AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true ); EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized() // ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession(); SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result ); EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
anyObject( HttpServletResponse.class ) ) ).andReturn(
result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class) ) ).andReturn( session ); EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class) ) ).andReturn( new SimpleUser() ); EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn( EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true ); true );
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"), EasyMock.expect(
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andThrow( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andThrow(
new UnauthorizedException( "User not authorized to read repository." ) ); new UnauthorizedException( "User not authorized to read repository." ) );
httpAuthControl.replay(); httpAuthControl.replay();
servletAuthControl.replay(); servletAuthControl.replay();
WebResponse response = null;//sc.getResponse( request ); MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
mockHttpServletRequest.setMethod( "GET" );
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify(); httpAuthControl.verify();
servletAuthControl.verify(); servletAuthControl.verify();
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() ); assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
} }
} }