improved deferred authentication handling and fixed test harnesses

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@620 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2009-08-03 02:50:34 +00:00
parent 3c71736a7a
commit ba5e93b1e3
3 changed files with 251 additions and 11 deletions

View File

@ -75,13 +75,14 @@ public class FormAuthenticator extends LoginAuthenticator
}
/* ------------------------------------------------------------ */
public FormAuthenticator(String login,String error)
public FormAuthenticator(String login,String error,boolean dispatch)
{
this();
if (login!=null)
setLoginPage(login);
if (error!=null)
setErrorPage(error);
_dispatch=dispatch;
}
/* ------------------------------------------------------------ */
@ -99,7 +100,7 @@ public class FormAuthenticator extends LoginAuthenticator
if (error!=null)
setErrorPage(error);
String dispatch=configuration.getInitParameter(FormAuthenticator.__FORM_DISPATCH);
_dispatch=dispatch!=null && Boolean.getBoolean(dispatch);
_dispatch = dispatch==null?_dispatch:Boolean.getBoolean(dispatch);
}
/* ------------------------------------------------------------ */

View File

@ -113,12 +113,12 @@ public class Constrain2tTest extends TestCase
}
public void testRootForm()
public void testRootFormDispatch()
throws Exception
{
_context.setContextPath("/");
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage")));
new FormAuthenticator("/testLoginPage","/testErrorPage",true)));
_security.setStrict(false);
_server.start();
@ -130,8 +130,6 @@ public class Constrain2tTest extends TestCase
_connector.reopen();
response = _connector.getResponses("GET /auth.html HTTP/1.0\r\n\r\n");
// assertTrue(response.indexOf(" 302 Found") > 0);
// assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
assertTrue(response.indexOf("Cache-Control: no-cache") > 0);
assertTrue(response.indexOf("Expires") > 0);
assertTrue(response.indexOf("URI=/testLoginPage") > 0);
@ -145,7 +143,6 @@ public class Constrain2tTest extends TestCase
"Content-Length: 31\r\n" +
"\r\n" +
"j_username=user&j_password=wrong\r\n");
//assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("testErrorPage") > 0);
@ -168,6 +165,58 @@ public class Constrain2tTest extends TestCase
}
public void testRootFormRedirect()
throws Exception
{
_context.setContextPath("/");
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage",false)));
_security.setStrict(false);
_server.start();
String response;
_connector.reopen();
response = _connector.getResponses("GET /noauth.html HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /auth.html HTTP/1.0\r\n\r\n");
assertTrue(response.indexOf(" 302 Found") > 0);
assertTrue(response.indexOf("/testLoginPage") > 0);
String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/"));
_connector.reopen();
response = _connector.getResponses("POST /j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 31\r\n" +
"\r\n" +
"j_username=user&j_password=wrong\r\n");
assertTrue(response.indexOf("Location") > 0);
_connector.reopen();
response = _connector.getResponses("POST /j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 35\r\n" +
"\r\n" +
"j_username=user&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/auth.html") > 0);
_connector.reopen();
response = _connector.getResponses("GET /auth.html HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
}
class RequestHandler extends AbstractHandler
{
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException

View File

@ -231,11 +231,11 @@ public class ConstraintTest extends TestCase
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
}
public void testForm()
public void testFormdispatch()
throws Exception
{
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage")));
new FormAuthenticator("/testLoginPage","/testErrorPage",true)));
_security.setStrict(false);
_server.start();
@ -296,6 +296,66 @@ public class ConstraintTest extends TestCase
}
public void testFormRedirect()
throws Exception
{
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage",false)));
_security.setStrict(false);
_server.start();
String response;
_connector.reopen();
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
assertTrue(response.indexOf(" 302 Found") > 0);
assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 31\r\n" +
"\r\n" +
"j_username=user&j_password=wrong\r\n");
assertTrue(response.indexOf("Location") > 0);
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 35\r\n" +
"\r\n" +
"j_username=user&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/ctx/auth/info") > 0);
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 403"));
assertTrue(response.indexOf("!role") > 0);
}
public void testStrictBasic()
throws Exception
{
@ -368,11 +428,11 @@ public class ConstraintTest extends TestCase
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
}
public void testStrictForm()
public void testStrictFormDispatch()
throws Exception
{
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage")));
new FormAuthenticator("/testLoginPage","/testErrorPage",true)));
_server.start();
@ -468,6 +528,136 @@ public class ConstraintTest extends TestCase
// log in again as admin
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
// assertTrue(response.startsWith("HTTP/1.1 302 "));
// assertTrue(response.indexOf("testLoginPage") > 0);
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 36\r\n" +
"\r\n" +
"j_username=admin&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/ctx/auth/info") > 0);
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
}
public void testStrictFormRedirect()
throws Exception
{
_security.setAuthenticator(new SessionCachingAuthenticator(
new FormAuthenticator("/testLoginPage","/testErrorPage",false)));
_server.start();
String response;
_connector.reopen();
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
assertTrue(response.indexOf(" 302 Found") > 0);
assertTrue(response.indexOf("/ctx/testLoginPage") > 0);
String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 31\r\n" +
"\r\n" +
"j_username=user&j_password=wrong\r\n");
assertTrue(response.indexOf("Location") > 0);
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 35\r\n" +
"\r\n" +
"j_username=user&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/ctx/auth/info") > 0);
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 403"));
assertTrue(response.indexOf("!role") > 0);
_connector.reopen();
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 403"));
assertTrue(response.indexOf("!role") > 0);
// log in again as user2
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("testLoginPage") > 0);
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
_connector.reopen();
response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"Content-Type: application/x-www-form-urlencoded\r\n" +
"Content-Length: 36\r\n" +
"\r\n" +
"j_username=user2&j_password=password\r\n");
assertTrue(response.startsWith("HTTP/1.1 302 "));
assertTrue(response.indexOf("Location") > 0);
assertTrue(response.indexOf("/ctx/auth/info") > 0);
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
_connector.reopen();
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
"Cookie: JSESSIONID=" + session + "\r\n" +
"\r\n");
assertTrue(response.startsWith("HTTP/1.1 403"));
assertTrue(response.indexOf("!role") > 0);
// log in again as admin
_connector.reopen();
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");