summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorThomas Becker2012-01-19 05:13:22 (EST)
committer Greg Wilkins2012-01-19 21:38:24 (EST)
commita5947342411fb69f1ab0029c0882e1b24dac6428 (patch)
tree74ec57401ed084db14850eb3e48455401a449b30
parent02d53f96123a25f762d5a7396f33888a43ef123f (diff)
downloadorg.eclipse.jetty.project-a5947342411fb69f1ab0029c0882e1b24dac6428.zip
org.eclipse.jetty.project-a5947342411fb69f1ab0029c0882e1b24dac6428.tar.gz
org.eclipse.jetty.project-a5947342411fb69f1ab0029c0882e1b24dac6428.tar.bz2
369048: more test cases for ConstraintSecurityHandler
Signed-off-by: Greg Wilkins <gregw@webtide.com>
-rw-r--r--jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java280
1 files changed, 269 insertions, 11 deletions
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
index 8b3ab58..38a2bb0 100644
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
@@ -23,12 +23,15 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jetty.http.HttpMethods;
import org.eclipse.jetty.http.HttpSchemes;
import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.LocalConnector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler;
@@ -53,6 +56,7 @@ public class DataConstraintsTest
{
_server = new Server();
_connector = new LocalConnector();
+ _connector.setMaxIdleTime(300000);
_connector.setIntegralPort(9998);
_connector.setIntegralScheme("FTP");
_connector.setConfidentialPort(9999);
@@ -89,7 +93,7 @@ public class DataConstraintsTest
_security = new ConstraintSecurityHandler();
_session.setHandler(_security);
-
+
_security.setHandler(new AbstractHandler()
{
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
@@ -98,7 +102,7 @@ public class DataConstraintsTest
response.sendError(404);
}
});
-
+
}
@After
@@ -121,14 +125,14 @@ public class DataConstraintsTest
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/integral/*");
mapping0.setConstraint(constraint0);
-
+
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
-
+
_server.start();
-
+
String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
@@ -137,12 +141,12 @@ public class DataConstraintsTest
assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: FTP://"));
assertThat(response, containsString(":9998"));
-
+
response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
-
+
@Test
public void testConfidential() throws Exception
{
@@ -153,14 +157,14 @@ public class DataConstraintsTest
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setConstraint(constraint0);
-
+
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
-
+
_server.start();
-
+
String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
@@ -169,10 +173,264 @@ public class DataConstraintsTest
assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: SPDY://"));
assertThat(response, containsString(":9999"));
-
+
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
+ @Test
+ public void testConfidentialWithNoRolesSetAndNoMethodRestriction() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setName("confid");
+ constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/confid/*");
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+
+ response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+ @Test
+ public void testConfidentialWithNoRolesSetAndMethodRestriction() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setName("confid");
+ constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/confid/*");
+ mapping0.setMethod(HttpMethods.POST);
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+
+ response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+ @Test
+ public void testConfidentialWithRolesSetAndMethodRestriction() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setRoles(new String[] { "admin" } );
+ constraint0.setName("confid");
+ constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/confid/*");
+ mapping0.setMethod(HttpMethods.POST);
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+
+ response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+ @Test
+ public void testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setRoles(new String[] { "admin" } );
+ constraint0.setAuthenticate(true);
+ constraint0.setName("confid");
+ constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/confid/*");
+ mapping0.setMethod(HttpMethods.POST);
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+ DefaultIdentityService identityService = new DefaultIdentityService();
+ _security.setLoginService(new CustomLoginService(identityService));
+ _security.setIdentityService(identityService);
+ _security.setAuthenticator(new BasicAuthenticator());
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+
+ response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+
+ response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+ @Test
+ public void testRestrictedWithoutAuthenticator() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setAuthenticate(true);
+ constraint0.setRoles(new String[] { "admin" } );
+ constraint0.setName("restricted");
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/restricted/*");
+ mapping0.setMethod("GET");
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
+
+ response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
+
+ response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
+
+ response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 403 Forbidden"));
+
+ }
+
+ @Test
+ public void testRestricted() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setAuthenticate(true);
+ constraint0.setRoles(new String[] { "admin" } );
+ constraint0.setName("restricted");
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/restricted/*");
+ mapping0.setMethod("GET");
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+ DefaultIdentityService identityService = new DefaultIdentityService();
+ _security.setLoginService(new CustomLoginService(identityService));
+ _security.setIdentityService(identityService);
+ _security.setAuthenticator(new BasicAuthenticator());
+ _server.start();
+
+ String response;
+
+ response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
+
+ response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 401 Unauthorized"));
+
+ response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+ private class CustomLoginService implements LoginService{
+ private IdentityService identityService;
+
+ public CustomLoginService(IdentityService identityService)
+ {
+ this.identityService = identityService;
+ }
+ public String getName()
+ {
+ return "name";
+ }
+
+ public UserIdentity login(String username, Object credentials)
+ {
+ if("admin".equals(username) && "password".equals(credentials))
+ return new DefaultUserIdentity(null,null,new String[] { "admin" } );
+ return null;
+ }
+
+ public boolean validate(UserIdentity user)
+ {
+ return false;
+ }
+
+ public IdentityService getIdentityService()
+ {
+ return identityService;
+ }
+
+ public void setIdentityService(IdentityService service)
+ {
+ }
+
+ public void logout(UserIdentity user)
+ {
+ }
+
+ }
+
}