369048: more test cases for ConstraintSecurityHandler
Signed-off-by: Greg Wilkins <gregw@webtide.com>
This commit is contained in:
parent
02d53f9612
commit
a594734241
|
@ -23,12 +23,15 @@ import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.eclipse.jetty.http.HttpMethods;
|
||||||
import org.eclipse.jetty.http.HttpSchemes;
|
import org.eclipse.jetty.http.HttpSchemes;
|
||||||
import org.eclipse.jetty.io.EndPoint;
|
import org.eclipse.jetty.io.EndPoint;
|
||||||
|
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
|
||||||
import org.eclipse.jetty.server.Connector;
|
import org.eclipse.jetty.server.Connector;
|
||||||
import org.eclipse.jetty.server.LocalConnector;
|
import org.eclipse.jetty.server.LocalConnector;
|
||||||
import org.eclipse.jetty.server.Request;
|
import org.eclipse.jetty.server.Request;
|
||||||
import org.eclipse.jetty.server.Server;
|
import org.eclipse.jetty.server.Server;
|
||||||
|
import org.eclipse.jetty.server.UserIdentity;
|
||||||
import org.eclipse.jetty.server.handler.AbstractHandler;
|
import org.eclipse.jetty.server.handler.AbstractHandler;
|
||||||
import org.eclipse.jetty.server.handler.ContextHandler;
|
import org.eclipse.jetty.server.handler.ContextHandler;
|
||||||
import org.eclipse.jetty.server.session.SessionHandler;
|
import org.eclipse.jetty.server.session.SessionHandler;
|
||||||
|
@ -53,6 +56,7 @@ public class DataConstraintsTest
|
||||||
{
|
{
|
||||||
_server = new Server();
|
_server = new Server();
|
||||||
_connector = new LocalConnector();
|
_connector = new LocalConnector();
|
||||||
|
_connector.setMaxIdleTime(300000);
|
||||||
_connector.setIntegralPort(9998);
|
_connector.setIntegralPort(9998);
|
||||||
_connector.setIntegralScheme("FTP");
|
_connector.setIntegralScheme("FTP");
|
||||||
_connector.setConfidentialPort(9999);
|
_connector.setConfidentialPort(9999);
|
||||||
|
@ -89,7 +93,7 @@ public class DataConstraintsTest
|
||||||
|
|
||||||
_security = new ConstraintSecurityHandler();
|
_security = new ConstraintSecurityHandler();
|
||||||
_session.setHandler(_security);
|
_session.setHandler(_security);
|
||||||
|
|
||||||
_security.setHandler(new AbstractHandler()
|
_security.setHandler(new AbstractHandler()
|
||||||
{
|
{
|
||||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
|
||||||
|
@ -98,7 +102,7 @@ public class DataConstraintsTest
|
||||||
response.sendError(404);
|
response.sendError(404);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
|
@ -121,14 +125,14 @@ public class DataConstraintsTest
|
||||||
ConstraintMapping mapping0 = new ConstraintMapping();
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
mapping0.setPathSpec("/integral/*");
|
mapping0.setPathSpec("/integral/*");
|
||||||
mapping0.setConstraint(constraint0);
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
{
|
{
|
||||||
mapping0
|
mapping0
|
||||||
}));
|
}));
|
||||||
|
|
||||||
_server.start();
|
_server.start();
|
||||||
|
|
||||||
String response;
|
String response;
|
||||||
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
|
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
|
||||||
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
@ -137,12 +141,12 @@ public class DataConstraintsTest
|
||||||
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
assertThat(response, containsString("Location: FTP://"));
|
assertThat(response, containsString("Location: FTP://"));
|
||||||
assertThat(response, containsString(":9998"));
|
assertThat(response, containsString(":9998"));
|
||||||
|
|
||||||
response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
|
response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
|
||||||
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testConfidential() throws Exception
|
public void testConfidential() throws Exception
|
||||||
{
|
{
|
||||||
|
@ -153,14 +157,14 @@ public class DataConstraintsTest
|
||||||
ConstraintMapping mapping0 = new ConstraintMapping();
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
mapping0.setPathSpec("/confid/*");
|
mapping0.setPathSpec("/confid/*");
|
||||||
mapping0.setConstraint(constraint0);
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
{
|
{
|
||||||
mapping0
|
mapping0
|
||||||
}));
|
}));
|
||||||
|
|
||||||
_server.start();
|
_server.start();
|
||||||
|
|
||||||
String response;
|
String response;
|
||||||
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
|
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
|
||||||
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
@ -169,10 +173,264 @@ public class DataConstraintsTest
|
||||||
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
assertThat(response, containsString("Location: SPDY://"));
|
assertThat(response, containsString("Location: SPDY://"));
|
||||||
assertThat(response, containsString(":9999"));
|
assertThat(response, containsString(":9999"));
|
||||||
|
|
||||||
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testConfidentialWithNoRolesSetAndNoMethodRestriction() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setName("confid");
|
||||||
|
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/confid/*");
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testConfidentialWithNoRolesSetAndMethodRestriction() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setName("confid");
|
||||||
|
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/confid/*");
|
||||||
|
mapping0.setMethod(HttpMethods.POST);
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
}
|
||||||
|
@Test
|
||||||
|
public void testConfidentialWithRolesSetAndMethodRestriction() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setRoles(new String[] { "admin" } );
|
||||||
|
constraint0.setName("confid");
|
||||||
|
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/confid/*");
|
||||||
|
mapping0.setMethod(HttpMethods.POST);
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setRoles(new String[] { "admin" } );
|
||||||
|
constraint0.setAuthenticate(true);
|
||||||
|
constraint0.setName("confid");
|
||||||
|
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/confid/*");
|
||||||
|
mapping0.setMethod(HttpMethods.POST);
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
DefaultIdentityService identityService = new DefaultIdentityService();
|
||||||
|
_security.setLoginService(new CustomLoginService(identityService));
|
||||||
|
_security.setIdentityService(identityService);
|
||||||
|
_security.setAuthenticator(new BasicAuthenticator());
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 302 Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRestrictedWithoutAuthenticator() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setAuthenticate(true);
|
||||||
|
constraint0.setRoles(new String[] { "admin" } );
|
||||||
|
constraint0.setName("restricted");
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/restricted/*");
|
||||||
|
mapping0.setMethod("GET");
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRestricted() throws Exception
|
||||||
|
{
|
||||||
|
Constraint constraint0 = new Constraint();
|
||||||
|
constraint0.setAuthenticate(true);
|
||||||
|
constraint0.setRoles(new String[] { "admin" } );
|
||||||
|
constraint0.setName("restricted");
|
||||||
|
ConstraintMapping mapping0 = new ConstraintMapping();
|
||||||
|
mapping0.setPathSpec("/restricted/*");
|
||||||
|
mapping0.setMethod("GET");
|
||||||
|
mapping0.setConstraint(constraint0);
|
||||||
|
|
||||||
|
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
|
||||||
|
{
|
||||||
|
mapping0
|
||||||
|
}));
|
||||||
|
DefaultIdentityService identityService = new DefaultIdentityService();
|
||||||
|
_security.setLoginService(new CustomLoginService(identityService));
|
||||||
|
_security.setIdentityService(identityService);
|
||||||
|
_security.setAuthenticator(new BasicAuthenticator());
|
||||||
|
_server.start();
|
||||||
|
|
||||||
|
String response;
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
|
||||||
|
|
||||||
|
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
|
||||||
|
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private class CustomLoginService implements LoginService{
|
||||||
|
private IdentityService identityService;
|
||||||
|
|
||||||
|
public CustomLoginService(IdentityService identityService)
|
||||||
|
{
|
||||||
|
this.identityService = identityService;
|
||||||
|
}
|
||||||
|
public String getName()
|
||||||
|
{
|
||||||
|
return "name";
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserIdentity login(String username, Object credentials)
|
||||||
|
{
|
||||||
|
if("admin".equals(username) && "password".equals(credentials))
|
||||||
|
return new DefaultUserIdentity(null,null,new String[] { "admin" } );
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean validate(UserIdentity user)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public IdentityService getIdentityService()
|
||||||
|
{
|
||||||
|
return identityService;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIdentityService(IdentityService service)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
public void logout(UserIdentity user)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue