mirror of https://github.com/apache/archiva.git
fix unit test
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1555670 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
7065cd1585
commit
f9e7178608
|
@ -95,6 +95,9 @@ public abstract class AbstractRepositoryServletTestCase
|
|||
|
||||
protected static int port;
|
||||
|
||||
|
||||
StandardContext context;
|
||||
|
||||
@Before
|
||||
public void setUp()
|
||||
throws Exception
|
||||
|
@ -140,9 +143,6 @@ public abstract class AbstractRepositoryServletTestCase
|
|||
|
||||
}
|
||||
|
||||
StandardContext context;
|
||||
|
||||
UnauthenticatedRepositoryServlet servlet;
|
||||
|
||||
protected void startRepository()
|
||||
throws Exception
|
||||
|
@ -151,7 +151,7 @@ public abstract class AbstractRepositoryServletTestCase
|
|||
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
|
||||
tomcat.setPort( 0 );
|
||||
|
||||
context = (StandardContext) tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) );
|
||||
context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
|
||||
|
||||
ApplicationParameter applicationParameter = new ApplicationParameter();
|
||||
applicationParameter.setName( "contextConfigLocation" );
|
||||
|
@ -162,9 +162,7 @@ public abstract class AbstractRepositoryServletTestCase
|
|||
|
||||
context.addApplicationListener( MavenIndexerCleaner.class.getName() );
|
||||
|
||||
servlet = new UnauthenticatedRepositoryServlet();
|
||||
|
||||
Tomcat.addServlet( context, "repository", servlet );
|
||||
Tomcat.addServlet( context, "repository", new UnauthenticatedRepositoryServlet() );
|
||||
context.addServletMapping( "/repository/*", "repository" );
|
||||
|
||||
Tomcat.addServlet( context, "reinitservlet", new ReinitServlet() );
|
||||
|
|
|
@ -40,13 +40,15 @@ import org.apache.archiva.security.ServletAuthenticator;
|
|||
import org.apache.archiva.security.common.ArchivaRoleConstants;
|
||||
import org.apache.archiva.test.utils.ArchivaSpringJUnit4ClassRunner;
|
||||
import org.apache.archiva.webdav.util.MavenIndexerCleaner;
|
||||
import org.apache.catalina.Context;
|
||||
import org.apache.catalina.Container;
|
||||
import org.apache.catalina.core.StandardContext;
|
||||
import org.apache.catalina.deploy.ApplicationParameter;
|
||||
import org.apache.catalina.startup.Tomcat;
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.jackrabbit.webdav.DavSessionProvider;
|
||||
import org.easymock.EasyMock;
|
||||
import static org.easymock.EasyMock.*;
|
||||
import org.easymock.IMocksControl;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
@ -54,10 +56,13 @@ import org.junit.Ignore;
|
|||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.web.context.ContextLoaderListener;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.servlet.Servlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
@ -66,6 +71,9 @@ import java.io.IOException;
|
|||
import java.io.InputStream;
|
||||
import java.nio.charset.Charset;
|
||||
|
||||
import static org.easymock.EasyMock.anyObject;
|
||||
import static org.easymock.EasyMock.eq;
|
||||
|
||||
/**
|
||||
* RepositoryServletSecurityTest Test the flow of the authentication and authorization checks. This does not necessarily
|
||||
* perform redback security checking.
|
||||
|
@ -98,6 +106,8 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
protected static int port;
|
||||
|
||||
StandardContext context;
|
||||
|
||||
@Inject
|
||||
ApplicationContext applicationContext;
|
||||
|
||||
|
@ -128,18 +138,11 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
CacheManager.getInstance().clearAll();
|
||||
|
||||
/*
|
||||
sr = new ServletRunner( new File( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
|
||||
sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
|
||||
sc = sr.newClient();
|
||||
*/
|
||||
|
||||
|
||||
tomcat = new Tomcat();
|
||||
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
|
||||
tomcat.setPort( 0 );
|
||||
|
||||
Context context = tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) );
|
||||
context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
|
||||
|
||||
ApplicationParameter applicationParameter = new ApplicationParameter();
|
||||
applicationParameter.setName( "contextConfigLocation" );
|
||||
|
@ -157,7 +160,6 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
this.port = tomcat.getConnector().getLocalPort();
|
||||
|
||||
|
||||
servletAuthControl = EasyMock.createControl();
|
||||
|
||||
servletAuth = servletAuthControl.createMock( ServletAuthenticator.class );
|
||||
|
@ -167,6 +169,17 @@ public class RepositoryServletSecurityTest
|
|||
httpAuth = httpAuthControl.createMock( HttpAuthenticator.class );
|
||||
|
||||
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
|
||||
|
||||
// FIXME use mock to avoid starting Tomcat
|
||||
//RepositoryServlet repositoryServlet = new RepositoryServlet();
|
||||
//MockServletConfig mockServletConfig = new MockServletConfig();
|
||||
|
||||
//MockServletContext mockServletContext = new MockServletContext( );
|
||||
//mockServletContext
|
||||
|
||||
//repositoryServlet.init( mockServletConfig );
|
||||
|
||||
servlet = RepositoryServlet.class.cast( findServlet( "repository" ) );
|
||||
}
|
||||
|
||||
protected String getSpringConfigLocation()
|
||||
|
@ -211,7 +224,6 @@ public class RepositoryServletSecurityTest
|
|||
throws Exception
|
||||
{
|
||||
|
||||
|
||||
if ( repoRootInternal.exists() )
|
||||
{
|
||||
FileUtils.deleteDirectory( repoRootInternal );
|
||||
|
@ -227,27 +239,41 @@ public class RepositoryServletSecurityTest
|
|||
super.tearDown();
|
||||
}
|
||||
|
||||
protected Servlet findServlet( String name )
|
||||
throws Exception
|
||||
{
|
||||
Container[] childs = context.findChildren();
|
||||
for ( Container container : childs )
|
||||
{
|
||||
if ( StringUtils.equals( container.getName(), name ) )
|
||||
{
|
||||
Tomcat.ExistingStandardWrapper esw = Tomcat.ExistingStandardWrapper.class.cast( container );
|
||||
Servlet servlet = esw.loadServlet();
|
||||
|
||||
return servlet;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
// test deploy with invalid user, and guest has no write access to repo
|
||||
// 401 must be returned
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
|
||||
throws Exception
|
||||
{
|
||||
setupCleanRepo( repoRootInternal );
|
||||
|
||||
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
servletAuth.isAuthenticated( EasyMock.anyObject( HttpServletRequest.class ),
|
||||
EasyMock.anyObject( AuthenticationResult.class ) );
|
||||
|
@ -259,30 +285,30 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "PUT" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
|
||||
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
|
||||
mockHttpServletRequest.setContentType( "application/octet-stream" );
|
||||
|
||||
//servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
//assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
|
||||
}
|
||||
|
||||
// test deploy with invalid user, but guest has write access to repo
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testPutWithInvalidUserAndGuestHasWriteAccess()
|
||||
throws Exception
|
||||
{
|
||||
setupCleanRepo( repoRootInternal );
|
||||
|
||||
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
|
||||
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -294,23 +320,28 @@ public class RepositoryServletSecurityTest
|
|||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andThrow(
|
||||
new AuthenticationException( "Authentication error" ) );
|
||||
|
||||
EasyMock.expect(servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD )).andReturn( true );
|
||||
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
|
||||
ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ).andReturn(
|
||||
true );
|
||||
|
||||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
|
||||
|
||||
EasyMock.expect(servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) )).andThrow( new AuthenticationException( "Authentication error" ) );
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andThrow(
|
||||
new AuthenticationException( "Authentication error" ) );
|
||||
|
||||
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
|
||||
|
||||
|
@ -322,29 +353,33 @@ public class RepositoryServletSecurityTest
|
|||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "PUT" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
|
||||
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
|
||||
mockHttpServletRequest.setContentType( "application/octet-stream" );
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
// assertEquals( HttpServletResponse.SC_CREATED, response.getResponseCode() );
|
||||
assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
|
||||
}
|
||||
|
||||
// test deploy with a valid user with no write access
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testPutWithValidUserWithNoWriteAccess()
|
||||
throws Exception
|
||||
{
|
||||
setupCleanRepo( repoRootInternal );
|
||||
|
||||
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
|
||||
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -355,7 +390,8 @@ public class RepositoryServletSecurityTest
|
|||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
|
@ -364,45 +400,58 @@ public class RepositoryServletSecurityTest
|
|||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
//EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
|
||||
//EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( new SimpleUser() );
|
||||
EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession( true ) ) ).andReturn(
|
||||
session );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
eq( result ) ) ).andReturn( true );
|
||||
EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( new SimpleUser() );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
|
||||
true );
|
||||
|
||||
EasyMock.expect(
|
||||
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
|
||||
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andThrow(
|
||||
new UnauthorizedException( "User not authorized" ) );
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "PUT" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
|
||||
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
|
||||
mockHttpServletRequest.setContentType( "application/octet-stream" );
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
// assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
|
||||
}
|
||||
|
||||
// test deploy with a valid user with write access
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testPutWithValidUserWithWriteAccess()
|
||||
throws Exception
|
||||
{
|
||||
setupCleanRepo( repoRootInternal );
|
||||
assertTrue( repoRootInternal.exists() );
|
||||
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
|
||||
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
|
||||
assertNotNull( "artifact.jar inputstream", is );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
|
||||
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -416,7 +465,8 @@ public class RepositoryServletSecurityTest
|
|||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class) )).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
|
@ -428,34 +478,43 @@ public class RepositoryServletSecurityTest
|
|||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class) ) ).andReturn( result );
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
//EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
|
||||
EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession() ) ).andReturn( session );
|
||||
|
||||
//EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( user );
|
||||
EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( user );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
|
||||
true );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
|
||||
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andReturn(
|
||||
true );
|
||||
EasyMock.expect(
|
||||
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
|
||||
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andReturn( true );
|
||||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
//servlet.service( ic.getRequest(), ic.getResponse() );
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "PUT" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
|
||||
mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
|
||||
mockHttpServletRequest.setContentType( "application/octet-stream" );
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
// assertEquals(HttpServletResponse.SC_CREATED, response.getResponseCode());
|
||||
assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
|
||||
|
||||
assertEquals( "admin", listener.getEvents().get( 0 ).getUserId() );
|
||||
}
|
||||
|
||||
// test get with invalid user, and guest has read access to repo
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testGetWithInvalidUserAndGuestHasReadAccess()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -467,9 +526,6 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -480,10 +536,12 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) )
|
||||
.andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andThrow(
|
||||
new AuthenticationException( "Authentication error" ) );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
|
||||
|
@ -493,7 +551,9 @@ public class RepositoryServletSecurityTest
|
|||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
|
||||
|
||||
|
@ -502,22 +562,32 @@ public class RepositoryServletSecurityTest
|
|||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
|
||||
true );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
|
||||
EasyMock.expect(
|
||||
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
|
||||
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
WebResponse response = null;// sc.getResponse( request );
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "GET" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
|
||||
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
|
||||
assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
|
||||
assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
|
||||
|
||||
assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
|
||||
}
|
||||
|
||||
// test get with invalid user, and guest has no read access to repo
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testGetWithInvalidUserAndGuestHasNoReadAccess()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -529,16 +599,16 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andThrow(
|
||||
new AuthenticationException( "Authentication error" ) );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
|
||||
|
@ -547,16 +617,24 @@ public class RepositoryServletSecurityTest
|
|||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
WebResponse response = null;//sc.getResponse( request );
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "GET" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
|
||||
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
|
||||
}
|
||||
|
||||
// test get with valid user with read access to repo
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testGetWithAValidUserWithReadAccess()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -568,9 +646,6 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -581,13 +656,18 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
|
||||
|
||||
|
@ -596,24 +676,32 @@ public class RepositoryServletSecurityTest
|
|||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
|
||||
true );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
|
||||
eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn(
|
||||
true );
|
||||
EasyMock.expect(
|
||||
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
|
||||
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
|
||||
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
WebResponse response = null;// sc.getResponse( request );
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "GET" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
|
||||
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
|
||||
assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
|
||||
assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
|
||||
assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
|
||||
}
|
||||
|
||||
// test get with valid user with no read access to repo
|
||||
@Ignore("rewrite")
|
||||
@Test
|
||||
public void testGetWithAValidUserWithNoReadAccess()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -625,9 +713,6 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
|
||||
|
||||
WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
|
||||
//InvocationContext ic = sc.newInvocation( request );
|
||||
//servlet = (RepositoryServlet) ic.getServlet();
|
||||
servlet.setDavSessionProvider( davSessionProvider );
|
||||
|
||||
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
|
||||
|
@ -638,14 +723,19 @@ public class RepositoryServletSecurityTest
|
|||
|
||||
AuthenticationResult result = new AuthenticationResult();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
|
||||
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
|
||||
|
||||
// ArchivaDavResourceFactory#isAuthorized()
|
||||
SecuritySession session = new DefaultSecuritySession();
|
||||
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
|
||||
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
|
||||
anyObject( HttpServletResponse.class ) ) ).andReturn(
|
||||
result );
|
||||
|
||||
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
|
||||
|
||||
|
@ -654,17 +744,26 @@ public class RepositoryServletSecurityTest
|
|||
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
|
||||
true );
|
||||
|
||||
EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
|
||||
EasyMock.expect(
|
||||
servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
|
||||
eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andThrow(
|
||||
new UnauthorizedException( "User not authorized to read repository." ) );
|
||||
httpAuthControl.replay();
|
||||
servletAuthControl.replay();
|
||||
|
||||
WebResponse response = null;//sc.getResponse( request );
|
||||
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
|
||||
mockHttpServletRequest.addHeader( "User-Agent", "foo" );
|
||||
mockHttpServletRequest.setMethod( "GET" );
|
||||
mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
|
||||
|
||||
|
||||
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
|
||||
|
||||
servlet.service( mockHttpServletRequest, mockHttpServletResponse );
|
||||
|
||||
httpAuthControl.verify();
|
||||
servletAuthControl.verify();
|
||||
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
|
||||
assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue