369048: more test cases for ConstraintSecurityHandler

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2012-01-19 11:13:22 +01:00 · 2012-01-19 11:13:22 +01:00 · a594734241
parent 02d53f9612
commit a594734241
1 changed files with 269 additions and 11 deletions
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
@ -23,12 +23,15 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.eclipse.jetty.http.HttpMethods;
 import org.eclipse.jetty.http.HttpSchemes;
 import org.eclipse.jetty.io.EndPoint;
 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.server.handler.AbstractHandler;
 import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.server.session.SessionHandler;
@ -53,6 +56,7 @@ public class DataConstraintsTest
    {
        _server = new Server();
        _connector = new LocalConnector();
        _connector.setMaxIdleTime(300000);
        _connector.setIntegralPort(9998);
        _connector.setIntegralScheme("FTP");
        _connector.setConfidentialPort(9999);
@ -175,4 +179,258 @@ public class DataConstraintsTest
    }
    @Test
    public void testConfidentialWithNoRolesSetAndNoMethodRestriction() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setName("confid");
        constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/confid/*");
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 302 Found"));
        response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
    }
    @Test
    public void testConfidentialWithNoRolesSetAndMethodRestriction() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setName("confid");
        constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/confid/*");
        mapping0.setMethod(HttpMethods.POST);
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 302 Found"));
        response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
    }
    @Test
    public void testConfidentialWithRolesSetAndMethodRestriction() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setRoles(new String[] { "admin" } );
        constraint0.setName("confid");
        constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/confid/*");
        mapping0.setMethod(HttpMethods.POST);
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 302 Found"));
        response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
    }
    @Test
    public void testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setRoles(new String[] { "admin" } );
        constraint0.setAuthenticate(true);
        constraint0.setName("confid");
        constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/confid/*");
        mapping0.setMethod(HttpMethods.POST);
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        DefaultIdentityService identityService = new DefaultIdentityService();
        _security.setLoginService(new CustomLoginService(identityService));
        _security.setIdentityService(identityService);
        _security.setAuthenticator(new BasicAuthenticator());
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 302 Found"));
        response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
        response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 302 Found"));
        response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
    }
    @Test
    public void testRestrictedWithoutAuthenticator() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setAuthenticate(true);
        constraint0.setRoles(new String[] { "admin" } );
        constraint0.setName("restricted");
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/restricted/*");
        mapping0.setMethod("GET");
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
        response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
        response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
        response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
    }
    @Test
    public void testRestricted() throws Exception
    {
        Constraint constraint0 = new Constraint();
        constraint0.setAuthenticate(true);
        constraint0.setRoles(new String[] { "admin" } );
        constraint0.setName("restricted");
        ConstraintMapping mapping0 = new ConstraintMapping();
        mapping0.setPathSpec("/restricted/*");
        mapping0.setMethod("GET");
        mapping0.setConstraint(constraint0);
        _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
                                                                            {
                mapping0
                                                                            }));
        DefaultIdentityService identityService = new DefaultIdentityService();
        _security.setLoginService(new CustomLoginService(identityService));
        _security.setIdentityService(identityService);
        _security.setAuthenticator(new BasicAuthenticator());
        _server.start();
        String response;
        response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
        response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
        assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
        response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
        response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
        assertThat(response, containsString("HTTP/1.1 404 Not Found"));
    }
    private class CustomLoginService implements LoginService{
        private IdentityService identityService;
        public CustomLoginService(IdentityService identityService)
        {
            this.identityService = identityService;
        }
        public String getName()
        {
            return "name";
        }
        public UserIdentity login(String username, Object credentials)
        {
            if("admin".equals(username) && "password".equals(credentials))
                    return new DefaultUserIdentity(null,null,new String[] { "admin" } );
            return null;
        }
        public boolean validate(UserIdentity user)
        {
            return false;
        }
        public IdentityService getIdentityService()
        {
            return identityService;
        }
        public void setIdentityService(IdentityService service)
        {
        }
        public void logout(UserIdentity user)
        {
        }
    }
 }