Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

337878 Extra tests of security constraints 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2820 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2011-02-22 23:13:24 +00:00
parent 8acf49568c
commit 8480cbdf97
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -14,6 +14,7 @@ jetty-7.3.1-SNAPSHOT
+ 337685 Work in progress on draft 5 websockets + 337685 Work in progress on draft 5 websockets
+ 337746 Fixed Session deIdle recursion + 337746 Fixed Session deIdle recursion
+ 337784 Improve HashSessionManager for session migrations + 337784 Improve HashSessionManager for session migrations
+ 337878 Extra tests of security constraints
+ 337896 HttpExchange.timeout does not override HttpClient.timeout + 337896 HttpExchange.timeout does not override HttpClient.timeout
+ 337898 increase client test timeout + 337898 increase client test timeout
+ JETTY-1331 Allow alternate XML configuration processors (eg spring) + JETTY-1331 Allow alternate XML configuration processors (eg spring)

32
jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
View File

@ -127,13 +127,22 @@ public class ConstraintTest
mapping4.setPathSpec("/testLoginPage"); mapping4.setPathSpec("/testLoginPage");
mapping4.setConstraint(constraint4); mapping4.setConstraint(constraint4);
Constraint constraint5 = new Constraint();
constraint5.setAuthenticate(false);
constraint5.setName("allow forbidden POST");
ConstraintMapping mapping5 = new ConstraintMapping();
mapping5.setPathSpec("/forbid/post");
mapping5.setConstraint(constraint5);
mapping5.setMethod("POST");
Set<String> knownRoles=new HashSet<String>(); Set<String> knownRoles=new HashSet<String>();
knownRoles.add("user"); knownRoles.add("user");
knownRoles.add("administrator"); knownRoles.add("administrator");
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{ {
mapping0, mapping1, mapping2, mapping3, mapping4 mapping0, mapping1, mapping2, mapping3, mapping4, mapping5
}), knownRoles); }), knownRoles);
} }
@ -812,6 +821,27 @@ public class ConstraintTest
assertTrue(response.indexOf("user=admin") > 0); assertTrue(response.indexOf("user=admin") > 0);
} }
@Test
public void testRelaxedMethod() throws Exception
{
_security.setAuthenticator(new BasicAuthenticator());
_security.setStrict(false);
_server.start();
String response;
response = _connector.getResponses("GET /ctx/forbid/somethig HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 "));
response = _connector.getResponses("POST /ctx/forbid/post HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 "));
response = _connector.getResponses("GET /ctx/forbid/post HTTP/1.0\r\n\r\n");
System.err.println(response);
assertTrue(response.startsWith("HTTP/1.1 200 ")); // This is so stupid, but it is the S P E C
}
private class RequestHandler extends AbstractHandler private class RequestHandler extends AbstractHandler
{ {
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException