1 22 package org.jboss.test.web.test; 23 24 import java.net.HttpURLConnection ; 25 import java.util.List ; 26 27 import javax.management.MBeanServerConnection ; 28 import javax.management.MBeanServerInvocationHandler ; 29 import javax.management.ObjectName ; 30 31 import org.apache.commons.httpclient.Cookie; 32 import org.apache.commons.httpclient.Header; 33 import org.apache.commons.httpclient.HttpClient; 34 import org.apache.commons.httpclient.HttpState; 35 import org.apache.commons.httpclient.methods.PostMethod; 36 import org.apache.commons.httpclient.methods.GetMethod; 37 import org.jboss.test.JBossTestCase; 38 import org.jboss.test.JBossTestSetup; 39 import org.jboss.security.plugins.JaasSecurityManagerServiceMBean; 40 import junit.framework.Test; 41 import junit.framework.TestSuite; 42 43 48 public class FormAuthUnitTestCase extends JBossTestCase 49 { 50 private String baseURLNoAuth = "http://" + getServerHost() + ":" + Integer.getInteger("web.port", 8080) + "/"; 51 private HttpClient httpConn = new HttpClient(); 52 53 public FormAuthUnitTestCase(String name) 54 { 55 super(name); 56 } 57 58 62 public void testFormAuth() throws Exception 63 { 64 log.info("+++ testFormAuth"); 65 doSecureGetWithLogin("form-auth/restricted/SecuredServlet"); 66 70 doSecureGet("form-auth/restricted/SecuredServlet"); 71 } 72 73 79 public void testFormAuthException() throws Exception 80 { 81 log.info("+++ testFormAuthException"); 82 GetMethod indexGet = new GetMethod(baseURLNoAuth+"form-auth/restricted/SecuredServlet"); 83 int responseCode = httpConn.executeMethod(indexGet); 84 String body = indexGet.getResponseBodyAsString(); 85 assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK); 86 assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 ); 87 88 HttpState state = httpConn.getState(); 89 Cookie[] cookies = state.getCookies(); 90 String sessionID = null; 91 for(int c = 0; c < cookies.length; c ++) 92 { 93 Cookie k = cookies[c]; 94 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 95 sessionID = k.getValue(); 96 } 97 getLog().debug("Saw JSESSIONID="+sessionID); 98 99 PostMethod formPost = new PostMethod(baseURLNoAuth+"form-auth/j_security_check"); 101 formPost.addRequestHeader("Referer", baseURLNoAuth+"form-auth/restricted/login.html"); 102 formPost.addParameter("j_username", "baduser"); 103 formPost.addParameter("j_password", "badpass"); 104 responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), 105 formPost, state); 106 String response = formPost.getStatusText(); 107 log.debug("responseCode="+responseCode+", response="+response); 108 Header jex = formPost.getResponseHeader("X-JException"); 109 log.debug("Saw X-JException, "+jex); 110 assertNotNull("X-JException != null", jex); 111 } 112 113 118 public void testFormAuthSubject() throws Exception 119 { 120 log.info("+++ testFormAuthSubject"); 121 HttpClient httpConn = new HttpClient(); 123 GetMethod indexGet = new GetMethod(baseURLNoAuth+"form-auth/restricted/SecuredServlet"); 124 indexGet.setQueryString("validateSubject=true"); 125 int responseCode = httpConn.executeMethod(indexGet); 126 String body = indexGet.getResponseBodyAsString(); 127 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 128 assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 ); 129 130 HttpState state = httpConn.getState(); 131 Cookie[] cookies = state.getCookies(); 132 String sessionID = null; 133 for(int c = 0; c < cookies.length; c ++) 134 { 135 Cookie k = cookies[c]; 136 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 137 sessionID = k.getValue(); 138 } 139 getLog().debug("Saw JSESSIONID="+sessionID); 140 141 PostMethod formPost = new PostMethod(baseURLNoAuth+"form-auth/j_security_check"); 143 formPost.addRequestHeader("Referer", baseURLNoAuth+"form-auth/restricted/login.html"); 144 formPost.addParameter("j_username", "jduke"); 145 formPost.addParameter("j_password", "theduke"); 146 responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), 147 formPost, state); 148 String response = formPost.getStatusText(); 149 log.debug("responseCode="+responseCode+", response="+response); 150 assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP); 151 152 Header location = formPost.getResponseHeader("Location"); 154 String indexURI = location.getValue(); 155 GetMethod war1Index = new GetMethod(indexURI); 156 responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(), 157 war1Index, state); 158 response = war1Index.getStatusText(); 159 log.debug("responseCode="+responseCode+", response="+response); 160 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 161 body = war1Index.getResponseBodyAsString(); 162 if( body.indexOf("j_security_check") > 0 ) 163 fail("get of "+indexURI+" redirected to login page"); 164 } 165 166 171 public void testPostDataFormAuth() throws Exception 172 { 173 log.info("+++ testPostDataFormAuth"); 174 HttpClient httpConn = new HttpClient(); 176 GetMethod indexGet = new GetMethod(baseURLNoAuth+"form-auth/unsecure_form.html"); 177 int responseCode = httpConn.executeMethod(indexGet); 178 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 179 PostMethod servletPost = new PostMethod(baseURLNoAuth+"form-auth/restricted/SecuredPostServlet"); 181 servletPost.addParameter("checkParam", "123456"); 182 responseCode = httpConn.executeMethod(servletPost); 183 184 String body = servletPost.getResponseBodyAsString(); 185 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 186 assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 ); 187 188 HttpState state = httpConn.getState(); 189 Cookie[] cookies = state.getCookies(); 190 String sessionID = null; 191 for(int c = 0; c < cookies.length; c ++) 192 { 193 Cookie k = cookies[c]; 194 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 195 sessionID = k.getValue(); 196 } 197 getLog().debug("Saw JSESSIONID="+sessionID); 198 PostMethod formPost = new PostMethod(baseURLNoAuth+"form-auth/j_security_check"); 200 formPost.addRequestHeader("Referer", baseURLNoAuth+"form-auth/unsecure_form.html"); 201 formPost.addParameter("j_username", "jduke"); 202 formPost.addParameter("j_password", "theduke"); 203 responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), 204 formPost, state); 205 String response = formPost.getStatusText(); 206 getLog().debug("responseCode="+responseCode+", response="+response); 207 assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP); 208 209 Header location = formPost.getResponseHeader("Location"); 211 String indexURI = location.getValue(); 212 GetMethod war1Index = new GetMethod(indexURI); 213 responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(), 214 war1Index, state); 215 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 216 body = war1Index.getResponseBodyAsString(); 217 if( body.indexOf("j_security_check") > 0 ) 218 fail("get of "+indexURI+" redirected to login page"); 219 } 220 221 225 public void testFlushOnSessionInvalidation() throws Exception 226 { 227 log.info("+++ testFlushOnSessionInvalidation"); 228 MBeanServerConnection conn = (MBeanServerConnection ) getServer(); 229 ObjectName name = new ObjectName ("jboss.security:service=JaasSecurityManager"); 230 JaasSecurityManagerServiceMBean secMgrService = (JaasSecurityManagerServiceMBean) 231 MBeanServerInvocationHandler.newProxyInstance(conn, name, JaasSecurityManagerServiceMBean.class, false); 232 233 doSecureGetWithLogin("form-auth/restricted/SecuredServlet"); 235 236 List principals = secMgrService.getAuthenticationCachePrincipals("jbossweb-form-auth"); 238 assertTrue("jbossweb-form-auth has one principal", principals.size() == 1); 239 240 doSecureGet("form-auth/Logout"); 242 principals = secMgrService.getAuthenticationCachePrincipals("jbossweb-form-auth"); 243 log.info("jbossweb-form-auth principals = "+principals); 244 assertTrue("jbossweb-form-auth has no cache principals", principals.size() == 0); 245 } 246 247 public PostMethod doSecureGetWithLogin(String path) throws Exception 248 { 249 return doSecureGetWithLogin(path, "jduke", "theduke"); 250 } 251 public PostMethod doSecureGetWithLogin(String path, String username, String password) 252 throws Exception 253 { 254 GetMethod indexGet = new GetMethod(baseURLNoAuth+path); 255 int responseCode = httpConn.executeMethod(indexGet); 256 String body = indexGet.getResponseBodyAsString(); 257 assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK); 258 assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 ); 259 260 HttpState state = httpConn.getState(); 261 Cookie[] cookies = state.getCookies(); 262 String sessionID = null; 263 for(int c = 0; c < cookies.length; c ++) 264 { 265 Cookie k = cookies[c]; 266 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 267 sessionID = k.getValue(); 268 } 269 getLog().debug("Saw JSESSIONID="+sessionID); 270 271 PostMethod formPost = new PostMethod(baseURLNoAuth+"form-auth/j_security_check"); 273 formPost.addRequestHeader("Referer", baseURLNoAuth+"form-auth/restricted/login.html"); 274 formPost.addParameter("j_username", username); 275 formPost.addParameter("j_password", password); 276 responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), 277 formPost, state); 278 String response = formPost.getStatusText(); 279 log.debug("responseCode="+responseCode+", response="+response); 280 assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP); 281 282 Header location = formPost.getResponseHeader("Location"); 284 String indexURI = location.getValue(); 285 GetMethod war1Index = new GetMethod(indexURI); 286 responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(), 287 war1Index, state); 288 response = war1Index.getStatusText(); 289 log.debug("responseCode="+responseCode+", response="+response); 290 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 291 body = war1Index.getResponseBodyAsString(); 292 if( body.indexOf("j_security_check") > 0 ) 293 fail("get of "+indexURI+" redirected to login page"); 294 return formPost; 295 } 296 public void doSecureGet(String path) throws Exception 297 { 298 HttpState state = httpConn.getState(); 299 Cookie[] cookies = state.getCookies(); 300 String sessionID = null; 301 for(int c = 0; c < cookies.length; c ++) 302 { 303 Cookie k = cookies[c]; 304 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 305 sessionID = k.getValue(); 306 } 307 getLog().debug("Saw JSESSIONID="+sessionID); 308 309 GetMethod indexGet = new GetMethod(baseURLNoAuth+path); 311 int responseCode = httpConn.executeMethod(indexGet.getHostConfiguration(), 312 indexGet, state); 313 assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK); 314 } 315 316 318 public static Test suite() throws Exception 319 { 320 TestSuite suite = new TestSuite(); 321 suite.addTest(new TestSuite(FormAuthUnitTestCase.class)); 322 323 Test wrapper = new JBossTestSetup(suite) 325 { 326 protected void setUp() throws Exception 327 { 328 super.setUp(); 329 deploy("form-auth.ear"); 330 flushAuthCache(); 332 String oname = "jboss.web:host="+getServerHost()+",name=ExtendedFormAuthenticator,path=/form-auth,type=Valve"; 334 ObjectName formAuth = new ObjectName (oname); 335 assertNotNull("Authenticator for FORM on host=localhost exists?", getServer().getObjectInstance(formAuth)); 337 338 } 339 protected void tearDown() throws Exception 340 { 341 undeploy("form-auth.ear"); 342 super.tearDown(); 343 } 344 }; 345 return wrapper; 346 } 347 } 348 | Popular Tags |