From 862f45e02f58576004035430c48aa85ce89ec52b Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 2 Apr 2004 11:53:20 +0000 Subject: [PATCH] Initial commit. --- .../web/AbstractContactsTests.java | 270 ++++++++++++++++++ .../web/ContainerAdapterContactsTests.java | 31 ++ .../web/FilterContactsTests.java | 31 ++ samples/contacts/etc/ca/jboss-web.xml | 7 + samples/contacts/etc/ca/login.jsp | 43 +++ .../contacts/etc/ca/resin-acegisecurity.xml | 49 ++++ samples/contacts/etc/ca/resin-web.xml | 13 + samples/contacts/etc/ca/web.xml | 99 +++++++ samples/contacts/etc/filter/acegilogin.jsp | 40 +++ .../etc/filter/web-filters-acegisecurity.xml | 114 ++++++++ samples/contacts/etc/filter/web.xml | 108 +++++++ 11 files changed, 805 insertions(+) create mode 100644 integration-test/src/net/sf/acegisecurity/integrationtests/web/AbstractContactsTests.java create mode 100644 integration-test/src/net/sf/acegisecurity/integrationtests/web/ContainerAdapterContactsTests.java create mode 100644 integration-test/src/net/sf/acegisecurity/integrationtests/web/FilterContactsTests.java create mode 100644 samples/contacts/etc/ca/jboss-web.xml create mode 100644 samples/contacts/etc/ca/login.jsp create mode 100644 samples/contacts/etc/ca/resin-acegisecurity.xml create mode 100644 samples/contacts/etc/ca/resin-web.xml create mode 100644 samples/contacts/etc/ca/web.xml create mode 100644 samples/contacts/etc/filter/acegilogin.jsp create mode 100644 samples/contacts/etc/filter/web-filters-acegisecurity.xml create mode 100644 samples/contacts/etc/filter/web.xml diff --git a/integration-test/src/net/sf/acegisecurity/integrationtests/web/AbstractContactsTests.java b/integration-test/src/net/sf/acegisecurity/integrationtests/web/AbstractContactsTests.java new file mode 100644 index 0000000000..83cf139167 --- /dev/null +++ b/integration-test/src/net/sf/acegisecurity/integrationtests/web/AbstractContactsTests.java @@ -0,0 +1,270 @@ +/* Copyright 2004 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.sf.acegisecurity.integrationtests.web; + +import com.meterware.httpunit.GetMethodWebRequest; +import com.meterware.httpunit.WebConversation; +import com.meterware.httpunit.WebForm; +import com.meterware.httpunit.WebLink; +import com.meterware.httpunit.WebRequest; +import com.meterware.httpunit.WebResponse; + +import junit.framework.TestCase; + +import java.net.URL; + + +/** + * Tests the Contacts sample application from a HTTP user's perspective. + * + * @author Ben Alex + * @version $Id$ + */ +public abstract class AbstractContactsTests extends TestCase { + //~ Methods ================================================================ + + /** + * Returns the base URL where the Contacts application can be found, such + * as http://localhost:8080/contacts. There should be no + * ending slash. + * + * @return DOCUMENT ME! + */ + public abstract String getBaseUrl(); + + public final void setUp() throws Exception { + super.setUp(); + } + + public static void main(String[] args) { + junit.textui.TestRunner.run(AbstractContactsTests.class); + } + + public void testHelloPageAccessible() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse response = conversation.getResponse(request); + assertEquals("Contacts Security Demo", response.getTitle()); + assertEquals(2, response.getLinks().length); // debug and manage links + assertTrue(response.getText().lastIndexOf("sample.contact.Contact@") != -1); + } + + public void testLoginNameCaseSensitive() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink debugLink = helloPage.getLinkWith("Debug"); + WebResponse loginPage = debugLink.click(); + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "mArIsSA"); + loginForm.setParameter("j_password", "koala"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertTrue(loginOutcome.getText().lastIndexOf("SUCCESS!") != -1); + } + + public void testLoginPasswordCaseSensitive() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink debugLink = helloPage.getLinkWith("Debug"); + WebResponse loginPage = debugLink.click(); + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "dianne"); + loginForm.setParameter("j_password", "EmU"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertEquals("Login", loginOutcome.getTitle()); + } + + public void testLoginSuccess() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink debugLink = helloPage.getLinkWith("Debug"); + WebResponse loginPage = debugLink.click(); + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "marissa"); + loginForm.setParameter("j_password", "koala"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertTrue(loginOutcome.getText().lastIndexOf("SUCCESS!") != -1); + } + + public void testLoginUnknownUsername() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink debugLink = helloPage.getLinkWith("Debug"); + WebResponse loginPage = debugLink.click(); + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "angella"); + loginForm.setParameter("j_password", "echidna"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertEquals("Login", loginOutcome.getTitle()); + } + + public void testSessionAsMarissa() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink manageLink = helloPage.getLinkWith("Manage"); + WebResponse loginPage = manageLink.click(); + manageLink = null; + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "marissa"); + loginForm.setParameter("j_password", "koala"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertEquals("Your Contacts", loginOutcome.getTitle()); + assertTrue(loginOutcome.getText().lastIndexOf("marissa's Contacts") != -1); + assertEquals(4, loginOutcome.getTables()[0].getRowCount()); // 3 contacts + header + assertEquals(5, loginOutcome.getLinks().length); // 3 contacts + add + logoff + + WebLink addLink = loginOutcome.getLinkWith("Add"); + loginOutcome = null; + + WebResponse addPage = addLink.click(); + WebForm addForm = addPage.getForms()[0]; + addPage = null; + + addForm.setParameter("name", ""); + addForm.setParameter("email", ""); + + WebResponse addOutcomeFail = conversation.getResponse(addForm + .getRequest("execute")); + + assertEquals(new URL(getBaseUrl() + "/secure/add.htm"), + addOutcomeFail.getURL()); + assertTrue(addOutcomeFail.getText().lastIndexOf("Please fix all errors!") != -1); + addOutcomeFail = null; + + addForm.setParameter("name", "somebody"); + addForm.setParameter("email", "them@somewhere.com"); + + WebResponse addOutcomeSuccess = conversation.getResponse(addForm + .getRequest("execute")); + + assertEquals("Your Contacts", addOutcomeSuccess.getTitle()); + assertTrue(addOutcomeSuccess.getText().lastIndexOf("marissa's Contacts") != -1); + assertEquals(5, addOutcomeSuccess.getTables()[0].getRowCount()); // 4 contacts + header + assertEquals(6, addOutcomeSuccess.getLinks().length); // 4 contacts + add + logoff + + WebLink logout = addOutcomeSuccess.getLinkWith("Logoff"); + addOutcomeSuccess = null; + + WebResponse loggedOut = logout.click(); + assertEquals("Contacts Security Demo", loggedOut.getTitle()); + + WebLink debugLink = loggedOut.getLinkWith("Debug"); + loggedOut = null; + + WebResponse loginAgainPage = debugLink.click(); + assertEquals("Login", loginAgainPage.getTitle()); + } + + public void testSessionAsScott() throws Exception { + WebConversation conversation = new WebConversation(); + WebRequest request = new GetMethodWebRequest(getBaseUrl()); + + WebResponse helloPage = conversation.getResponse(request); + WebLink manageLink = helloPage.getLinkWith("Manage"); + WebResponse loginPage = manageLink.click(); + manageLink = null; + assertEquals(1, loginPage.getForms()[0].getSubmitButtons().length); + + WebForm loginForm = loginPage.getForms()[0]; + loginPage = null; + + loginForm.setParameter("j_username", "scott"); + loginForm.setParameter("j_password", "wombat"); + + WebResponse loginOutcome = conversation.getResponse(loginForm + .getRequest("submit")); + + assertEquals("Your Contacts", loginOutcome.getTitle()); + assertTrue(loginOutcome.getText().lastIndexOf("scott's Contacts") != -1); + assertEquals(3, loginOutcome.getTables()[0].getRowCount()); // 2 contacts + header + assertEquals(2, loginOutcome.getLinks().length); // add + logoff only + + WebLink addLink = loginOutcome.getLinkWith("Add"); + loginOutcome = null; + + WebResponse addPage = addLink.click(); + WebForm addForm = addPage.getForms()[0]; + addPage = null; + + addForm.setParameter("name", "somebody"); + addForm.setParameter("email", "them@somewhere.com"); + + WebResponse addOutcomeSuccess = conversation.getResponse(addForm + .getRequest("execute")); + + assertEquals("Your Contacts", addOutcomeSuccess.getTitle()); + assertTrue(addOutcomeSuccess.getText().lastIndexOf("scott's Contacts") != -1); + assertEquals(4, addOutcomeSuccess.getTables()[0].getRowCount()); // 3 contacts + header + assertEquals(2, addOutcomeSuccess.getLinks().length); // add + logoff only + + WebLink logout = addOutcomeSuccess.getLinkWith("Logoff"); + addOutcomeSuccess = null; + + WebResponse loggedOut = logout.click(); + assertEquals("Contacts Security Demo", loggedOut.getTitle()); + + WebLink debugLink = loggedOut.getLinkWith("Debug"); + loggedOut = null; + + WebResponse loginAgainPage = debugLink.click(); + assertEquals("Login", loginAgainPage.getTitle()); + } +} diff --git a/integration-test/src/net/sf/acegisecurity/integrationtests/web/ContainerAdapterContactsTests.java b/integration-test/src/net/sf/acegisecurity/integrationtests/web/ContainerAdapterContactsTests.java new file mode 100644 index 0000000000..b3efd3e871 --- /dev/null +++ b/integration-test/src/net/sf/acegisecurity/integrationtests/web/ContainerAdapterContactsTests.java @@ -0,0 +1,31 @@ +/* Copyright 2004 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.sf.acegisecurity.integrationtests.web; + +/** + * Returns information required to run container adapters version of Contacts + * application test. + * + * @author Ben Alex + * @version $Id$ + */ +public class ContainerAdapterContactsTests extends AbstractContactsTests { + //~ Methods ================================================================ + + public String getBaseUrl() { + return "http://localhost:8080/contacts-container-adapter"; + } +} diff --git a/integration-test/src/net/sf/acegisecurity/integrationtests/web/FilterContactsTests.java b/integration-test/src/net/sf/acegisecurity/integrationtests/web/FilterContactsTests.java new file mode 100644 index 0000000000..b62a6eedbf --- /dev/null +++ b/integration-test/src/net/sf/acegisecurity/integrationtests/web/FilterContactsTests.java @@ -0,0 +1,31 @@ +/* Copyright 2004 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.sf.acegisecurity.integrationtests.web; + +/** + * Returns information required to run filters version of Contacts application + * test. + * + * @author Ben Alex + * @version $Id$ + */ +public class FilterContactsTests extends AbstractContactsTests { + //~ Methods ================================================================ + + public String getBaseUrl() { + return "http://localhost:8080/contacts"; + } +} diff --git a/samples/contacts/etc/ca/jboss-web.xml b/samples/contacts/etc/ca/jboss-web.xml new file mode 100644 index 0000000000..042053ac6c --- /dev/null +++ b/samples/contacts/etc/ca/jboss-web.xml @@ -0,0 +1,7 @@ + + + java:/jaas/SpringPoweredRealm + diff --git a/samples/contacts/etc/ca/login.jsp b/samples/contacts/etc/ca/login.jsp new file mode 100644 index 0000000000..3a587ca1ea --- /dev/null +++ b/samples/contacts/etc/ca/login.jsp @@ -0,0 +1,43 @@ +<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %> +<%-- This page will be copied into WAR's root directory if using container adapter --%> + + + Login + + + +

Login

+ +

If you've used the standard springsecurity.xml, try these users: +

+

username marissa, password koala (granted ROLE_SUPERVISOR) +

username dianne, password emu (not a supervisor) +

username scott, password wombat (not a supervisor) +

+ + <%-- this form-login-page form is also used as the + form-error-page to ask for a login again. + --%> + + + Your login attempt was not successful, try again. + + + +

+ + + + + + +
User:
Password:
+ + + +
+ + + diff --git a/samples/contacts/etc/ca/resin-acegisecurity.xml b/samples/contacts/etc/ca/resin-acegisecurity.xml new file mode 100644 index 0000000000..bd5b4795e1 --- /dev/null +++ b/samples/contacts/etc/ca/resin-acegisecurity.xml @@ -0,0 +1,49 @@ + + + + + + + + + + + + + marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR + dianne=emu,ROLE_TELLER + scott=wombat,ROLE_TELLER + peter=opal,disabled,ROLE_TELLER + + + + + + + + false + true + + + + + + + + + + + + diff --git a/samples/contacts/etc/ca/resin-web.xml b/samples/contacts/etc/ca/resin-web.xml new file mode 100644 index 0000000000..bb38a0c312 --- /dev/null +++ b/samples/contacts/etc/ca/resin-web.xml @@ -0,0 +1,13 @@ + + + + net.sf.acegisecurity.adapters.resin.ResinAcegiAuthenticator + + resin-acegisecurity.xml + my_password + + + diff --git a/samples/contacts/etc/ca/web.xml b/samples/contacts/etc/ca/web.xml new file mode 100644 index 0000000000..4f9e84c443 --- /dev/null +++ b/samples/contacts/etc/ca/web.xml @@ -0,0 +1,99 @@ + + + + + + + + Contacts Sample Application + + + Example of an application secured using Acegi Security System for Spring. + + + + Acegi Security System for Spring Auto Integration Filter + net.sf.acegisecurity.ui.AutoIntegrationFilter + + + + Acegi Security System for Spring Auto Integration Filter + /* + + + + + contacts + org.springframework.web.servlet.DispatcherServlet + 1 + + + + + contacts + *.htm + + + + index.jsp + + + + /spring + /WEB-INF/spring.tld + + + + Secured Area Security Constraint + + Secured Area + /secure/* + + + ROLE_TELLER + ROLE_SUPERVISOR + + + + + + + + + FORM + Spring Powered Realm + + /login.jsp + /login.jsp?login_error=1 + + + + + + ROLE_SUPERVISOR + + + ROLE_TELLER + + + diff --git a/samples/contacts/etc/filter/acegilogin.jsp b/samples/contacts/etc/filter/acegilogin.jsp new file mode 100644 index 0000000000..2dea61cf20 --- /dev/null +++ b/samples/contacts/etc/filter/acegilogin.jsp @@ -0,0 +1,40 @@ +<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core' %> +<%-- This page will be copied into WAR's root directory if NOT using container adapter --%> + + + + Login + + + +

Login

+ +

If you've used the standard springsecurity.xml, try these users: +

+

username marissa, password koala (granted ROLE_SUPERVISOR) +

username dianne, password emu (not a supervisor) +

username scott, password wombat (not a supervisor) +

+ + <%-- this form-login-page form is also used as the + form-error-page to ask for a login again. + --%> + + + Your login attempt was not successful, try again. + + + +

+ + + + + + +
User:
Password:
+ +
+ + + diff --git a/samples/contacts/etc/filter/web-filters-acegisecurity.xml b/samples/contacts/etc/filter/web-filters-acegisecurity.xml new file mode 100644 index 0000000000..d1ae7aedf1 --- /dev/null +++ b/samples/contacts/etc/filter/web-filters-acegisecurity.xml @@ -0,0 +1,114 @@ + + + + + + + + + + + + + marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR + dianne=emu,ROLE_TELLER + scott=wombat,ROLE_TELLER + peter=opal,disabled,ROLE_TELLER + + + + + + + + false + true + + + + + + + + + + + + + + + my_run_as_password + + + + + + false + + + + + + + + + + + + + + + + CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON + \A/secure/super.*\Z=ROLE_WE_DONT_HAVE + \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER + + + + + + + diff --git a/samples/contacts/etc/filter/web.xml b/samples/contacts/etc/filter/web.xml new file mode 100644 index 0000000000..ce834202b2 --- /dev/null +++ b/samples/contacts/etc/filter/web.xml @@ -0,0 +1,108 @@ + + + + + + + + Contacts Sample Application + + + Example of an application secured using Acegi Security System for Spring. + + + + + Acegi Authentication Processing Filter + net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter + + appContextLocation + web-filters-acegisecurity.xml + + + authenticationFailureUrl + /acegilogin.jsp?login_error=1 + + + defaultTargetUrl + / + + + filterProcessUrl + /j_acegi_security_check + + + + + + Acegi Security System for Spring Auto Integration Filter + net.sf.acegisecurity.ui.AutoIntegrationFilter + + + + + Acegi HTTP Request Security Filter + net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter + + appContextLocation + web-filters-acegisecurity.xml + + + loginFormUrl + /acegilogin.jsp + + + + + Acegi Authentication Processing Filter + /* + + + + Acegi Security System for Spring Auto Integration Filter + /* + + + + Acegi HTTP Request Security Filter + /* + + + + + contacts + org.springframework.web.servlet.DispatcherServlet + 1 + + + + + contacts + *.htm + + + + index.jsp + + + + /spring + /WEB-INF/spring.tld + + +