369048: more test cases for ConstraintSecurityHandler

Signed-off-by: Greg Wilkins <gregw@webtide.com>
This commit is contained in:
Thomas Becker 2012-01-19 11:13:22 +01:00 committed by Greg Wilkins
parent 02d53f9612
commit a594734241
1 changed files with 269 additions and 11 deletions

View File

@ -23,12 +23,15 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpMethods;
import org.eclipse.jetty.http.HttpSchemes; import org.eclipse.jetty.http.HttpSchemes;
import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.LocalConnector; import org.eclipse.jetty.server.LocalConnector;
import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.AbstractHandler; import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler; import org.eclipse.jetty.server.session.SessionHandler;
@ -53,6 +56,7 @@ public class DataConstraintsTest
{ {
_server = new Server(); _server = new Server();
_connector = new LocalConnector(); _connector = new LocalConnector();
_connector.setMaxIdleTime(300000);
_connector.setIntegralPort(9998); _connector.setIntegralPort(9998);
_connector.setIntegralScheme("FTP"); _connector.setIntegralScheme("FTP");
_connector.setConfidentialPort(9999); _connector.setConfidentialPort(9999);
@ -89,7 +93,7 @@ public class DataConstraintsTest
_security = new ConstraintSecurityHandler(); _security = new ConstraintSecurityHandler();
_session.setHandler(_security); _session.setHandler(_security);
_security.setHandler(new AbstractHandler() _security.setHandler(new AbstractHandler()
{ {
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
@ -98,7 +102,7 @@ public class DataConstraintsTest
response.sendError(404); response.sendError(404);
} }
}); });
} }
@After @After
@ -121,14 +125,14 @@ public class DataConstraintsTest
ConstraintMapping mapping0 = new ConstraintMapping(); ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/integral/*"); mapping0.setPathSpec("/integral/*");
mapping0.setConstraint(constraint0); mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{ {
mapping0 mapping0
})); }));
_server.start(); _server.start();
String response; String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n"); response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found")); assertThat(response, containsString("HTTP/1.1 404 Not Found"));
@ -137,12 +141,12 @@ public class DataConstraintsTest
assertThat(response, containsString("HTTP/1.1 302 Found")); assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: FTP://")); assertThat(response, containsString("Location: FTP://"));
assertThat(response, containsString(":9998")); assertThat(response, containsString(":9998"));
response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n"); response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found")); assertThat(response, containsString("HTTP/1.1 404 Not Found"));
} }
@Test @Test
public void testConfidential() throws Exception public void testConfidential() throws Exception
{ {
@ -153,14 +157,14 @@ public class DataConstraintsTest
ConstraintMapping mapping0 = new ConstraintMapping(); ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*"); mapping0.setPathSpec("/confid/*");
mapping0.setConstraint(constraint0); mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{ {
mapping0 mapping0
})); }));
_server.start(); _server.start();
String response; String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n"); response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found")); assertThat(response, containsString("HTTP/1.1 404 Not Found"));
@ -169,10 +173,264 @@ public class DataConstraintsTest
assertThat(response, containsString("HTTP/1.1 302 Found")); assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: SPDY://")); assertThat(response, containsString("Location: SPDY://"));
assertThat(response, containsString(":9999")); assertThat(response, containsString(":9999"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n"); response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found")); assertThat(response, containsString("HTTP/1.1 404 Not Found"));
} }
@Test
public void testConfidentialWithNoRolesSetAndNoMethodRestriction() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setName("confid");
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
@Test
public void testConfidentialWithNoRolesSetAndMethodRestriction() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setName("confid");
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setMethod(HttpMethods.POST);
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
@Test
public void testConfidentialWithRolesSetAndMethodRestriction() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setRoles(new String[] { "admin" } );
constraint0.setName("confid");
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setMethod(HttpMethods.POST);
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
@Test
public void testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setRoles(new String[] { "admin" } );
constraint0.setAuthenticate(true);
constraint0.setName("confid");
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setMethod(HttpMethods.POST);
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
DefaultIdentityService identityService = new DefaultIdentityService();
_security.setLoginService(new CustomLoginService(identityService));
_security.setIdentityService(identityService);
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
@Test
public void testRestrictedWithoutAuthenticator() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setAuthenticate(true);
constraint0.setRoles(new String[] { "admin" } );
constraint0.setName("restricted");
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/restricted/*");
mapping0.setMethod("GET");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
}
@Test
public void testRestricted() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setAuthenticate(true);
constraint0.setRoles(new String[] { "admin" } );
constraint0.setName("restricted");
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/restricted/*");
mapping0.setMethod("GET");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
DefaultIdentityService identityService = new DefaultIdentityService();
_security.setLoginService(new CustomLoginService(identityService));
_security.setIdentityService(identityService);
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
private class CustomLoginService implements LoginService{
private IdentityService identityService;
public CustomLoginService(IdentityService identityService)
{
this.identityService = identityService;
}
public String getName()
{
return "name";
}
public UserIdentity login(String username, Object credentials)
{
if("admin".equals(username) && "password".equals(credentials))
return new DefaultUserIdentity(null,null,new String[] { "admin" } );
return null;
}
public boolean validate(UserIdentity user)
{
return false;
}
public IdentityService getIdentityService()
{
return identityService;
}
public void setIdentityService(IdentityService service)
{
}
public void logout(UserIdentity user)
{
}
}
} }