Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated AliasConstraintTest to expected results

This commit is contained in:
Greg Wilkins 2014-06-27 21:02:07 +02:00
parent 9b764ef3fa
commit a8964979b9
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java
View File

@ -39,7 +39,6 @@ import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.security.Password;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@ -52,7 +51,6 @@ import org.junit.runners.Parameterized.Parameters;
* This is mainly here to test security bypass techniques using aliased names that should be caught.
*/
@RunWith(Parameterized.class)
@Ignore("need to verify alias logic with greg")
public class AliasedConstraintTest
{
private static final String TEST_REALM = "TestRealm";
@ -122,12 +120,12 @@ public class AliasedConstraintTest
final String OPENCONTENT = "this is open content";
data.add(new Object[] { "/ctx/all/index.txt", HttpStatus.OK_200, OPENCONTENT });
data.add(new Object[] { "/ctx/ALL/index.txt", HttpStatus.OK_200, OPENCONTENT });
data.add(new Object[] { "/ctx/ALL/Fred/../index.txt", HttpStatus.OK_200, OPENCONTENT });
data.add(new Object[] { "/ctx/ALL/index.txt", HttpStatus.NOT_FOUND_404, null });
data.add(new Object[] { "/ctx/ALL/Fred/../index.txt", HttpStatus.NOT_FOUND_404, null });
data.add(new Object[] { "/ctx/../bar/../ctx/all/index.txt", HttpStatus.OK_200, OPENCONTENT });
data.add(new Object[] { "/ctx/forbid/index.txt", HttpStatus.FORBIDDEN_403, null });
data.add(new Object[] { "/ctx/all/../forbid/index.txt", HttpStatus.FORBIDDEN_403, null });
data.add(new Object[] { "/ctx/FoRbId/index.txt", HttpStatus.FORBIDDEN_403, null });
data.add(new Object[] { "/ctx/FoRbId/index.txt", HttpStatus.NOT_FOUND_404, null });
return data;
}
@ -160,6 +158,9 @@ public class AliasedConstraintTest
case 403:
assertThat(response,startsWith("HTTP/1.1 403 Forbidden"));
break;
case 404:
assertThat(response,startsWith("HTTP/1.1 404 Not Found"));
break;
default:
fail("Write a handler for response status code: " + expectedStatusCode);
break;