diff options
| author | Greg Wilkins | 2011-02-22 23:13:24 +0000 |
|---|---|---|
| committer | Greg Wilkins | 2011-02-22 23:13:24 +0000 |
| commit | 8480cbdf97565e4911a03d970ee98822077309f8 (patch) | |
| tree | 8ed0c85c2a0943679f27077c5fb2d7f1d096817a | |
| parent | 8acf49568cd0d19ab20f1fa8f3a7ebd9071bbf55 (diff) | |
| download | org.eclipse.jetty.project-8480cbdf97565e4911a03d970ee98822077309f8.tar.gz org.eclipse.jetty.project-8480cbdf97565e4911a03d970ee98822077309f8.tar.xz org.eclipse.jetty.project-8480cbdf97565e4911a03d970ee98822077309f8.zip | |
337878 Extra tests of security constraints
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2820 7e9141cc-0065-0410-87d8-b60c137991c4
| -rw-r--r-- | VERSION.txt | 1 | ||||
| -rw-r--r-- | jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java | 32 |
2 files changed, 32 insertions, 1 deletions
diff --git a/VERSION.txt b/VERSION.txt index 623afd5296..1a16327fa0 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -14,6 +14,7 @@ jetty-7.3.1-SNAPSHOT + 337685 Work in progress on draft 5 websockets + 337746 Fixed Session deIdle recursion + 337784 Improve HashSessionManager for session migrations + + 337878 Extra tests of security constraints + 337896 HttpExchange.timeout does not override HttpClient.timeout + 337898 increase client test timeout + JETTY-1331 Allow alternate XML configuration processors (eg spring) diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 3c5760b1a4..9a40357de9 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -127,13 +127,22 @@ public class ConstraintTest mapping4.setPathSpec("/testLoginPage"); mapping4.setConstraint(constraint4); + Constraint constraint5 = new Constraint(); + constraint5.setAuthenticate(false); + constraint5.setName("allow forbidden POST"); + ConstraintMapping mapping5 = new ConstraintMapping(); + mapping5.setPathSpec("/forbid/post"); + mapping5.setConstraint(constraint5); + mapping5.setMethod("POST"); + + Set<String> knownRoles=new HashSet<String>(); knownRoles.add("user"); knownRoles.add("administrator"); _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { - mapping0, mapping1, mapping2, mapping3, mapping4 + mapping0, mapping1, mapping2, mapping3, mapping4, mapping5 }), knownRoles); } @@ -812,6 +821,27 @@ public class ConstraintTest assertTrue(response.indexOf("user=admin") > 0); } + @Test + public void testRelaxedMethod() throws Exception + { + _security.setAuthenticator(new BasicAuthenticator()); + _security.setStrict(false); + _server.start(); + + String response; + response = _connector.getResponses("GET /ctx/forbid/somethig HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 403 ")); + + response = _connector.getResponses("POST /ctx/forbid/post HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 ")); + + response = _connector.getResponses("GET /ctx/forbid/post HTTP/1.0\r\n\r\n"); + System.err.println(response); + assertTrue(response.startsWith("HTTP/1.1 200 ")); // This is so stupid, but it is the S P E C + + + + } private class RequestHandler extends AbstractHandler { public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException |