Download as
Browse Code »

Commit ba660b18ddff078706ada9b233540e512c6dd5db

Authored by Cleverson Sacramento
1 parent 424dfc7b
Exists in master

IN PROGRESS - issue FWK-119: Testes da extensão Servlet 

https://demoiselle.atlassian.net/browse/FWK-119
Showing 8 changed files with 92 additions and 223 deletions   Show diff stats
impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
  Diff comments   View file @ba660b1
... ... @@ -3,6 +3,7 @@ package security.authentication.form;
3 3 import static org.apache.http.HttpStatus.SC_EXPECTATION_FAILED;
4 4 import static org.apache.http.HttpStatus.SC_FORBIDDEN;
5 5 import static org.apache.http.HttpStatus.SC_OK;
  6 +import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
6 7  
7 8 import java.io.IOException;
8 9  
... ... @@ -13,8 +14,10 @@ import javax.servlet.http.HttpServletResponse;
13 14  
14 15 import br.gov.frameworkdemoiselle.security.Credentials;
15 16 import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
  17 +import br.gov.frameworkdemoiselle.security.NotLoggedInException;
16 18 import br.gov.frameworkdemoiselle.security.SecurityContext;
17 19 import br.gov.frameworkdemoiselle.util.Beans;
  20 +import br.gov.frameworkdemoiselle.util.Strings;
18 21  
19 22 public class HelperServlet extends HttpServlet {
20 23  
... ... @@ -51,13 +54,21 @@ public class HelperServlet extends HttpServlet {
51 54 loadCredentials(request);
52 55 SecurityContext securityContext = Beans.getReference(SecurityContext.class);
53 56  
54   - securityContext.login();
55   - securityContext.logout();
  57 + if (isLogon(request)) {
  58 + securityContext.login();
  59 + }
56 60  
57   - if (!securityContext.isLoggedIn()) {
58   - response.setStatus(SC_OK);
59   - } else {
60   - response.setStatus(SC_EXPECTATION_FAILED);
  61 + try {
  62 + securityContext.logout();
  63 +
  64 + if (!securityContext.isLoggedIn()) {
  65 + response.setStatus(SC_OK);
  66 + } else {
  67 + response.setStatus(SC_EXPECTATION_FAILED);
  68 + }
  69 +
  70 + } catch (NotLoggedInException cause) {
  71 + response.setStatus(SC_UNAUTHORIZED);
61 72 }
62 73 }
63 74  
... ... @@ -66,4 +77,8 @@ public class HelperServlet extends HttpServlet {
66 77 credentials.setUsername(request.getParameter("username"));
67 78 credentials.setPassword(request.getParameter("password"));
68 79 }
  80 +
  81 + private boolean isLogon(HttpServletRequest request) {
  82 + return !Strings.isEmpty(request.getParameter("username"));
  83 + }
69 84 }
... ...
impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
  Diff comments   View file @ba660b1
... ... @@ -2,6 +2,7 @@ package security.authentication.form;
2 2  
3 3 import static org.apache.http.HttpStatus.SC_FORBIDDEN;
4 4 import static org.apache.http.HttpStatus.SC_OK;
  5 +import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
5 6 import static org.junit.Assert.assertEquals;
6 7  
7 8 import java.io.IOException;
... ... @@ -78,7 +79,13 @@ public class ServletAuthenticatorTest {
78 79 }
79 80  
80 81 @Test
81   - public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException {
  82 + public void logoutFailedByNotLoggedInException() throws ClientProtocolException, IOException, URISyntaxException {
82 83 URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout");
  84 +
  85 + HttpGet httpGet = new HttpGet(uriBuilder.build());
  86 + HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet);
  87 +
  88 + int status = httpResponse.getStatusLine().getStatusCode();
  89 + assertEquals(SC_UNAUTHORIZED, status);
83 90 }
84 91 }
... ...
impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java
View file @424dfc7
... ... @@ -1,37 +0,0 @@
1   -package security.unauthentication.form;
2   -
3   -import static org.apache.http.HttpStatus.SC_FORBIDDEN;
4   -import static org.apache.http.HttpStatus.SC_OK;
5   -
6   -import java.io.IOException;
7   -
8   -import javax.servlet.ServletException;
9   -import javax.servlet.http.HttpServlet;
10   -import javax.servlet.http.HttpServletRequest;
11   -import javax.servlet.http.HttpServletResponse;
12   -
13   -import br.gov.frameworkdemoiselle.security.AuthenticationException;
14   -import br.gov.frameworkdemoiselle.security.Credentials;
15   -import br.gov.frameworkdemoiselle.security.SecurityContext;
16   -import br.gov.frameworkdemoiselle.util.Beans;
17   -
18   -public class HelperServletUnauthenticationFail extends HttpServlet {
19   -
20   - private static final long serialVersionUID = 1L;
21   -
22   - @Override
23   - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
24   - String result = request.getHeader("Authorization");
25   - result = (result == null ? request.getHeader("authorization") : result);
26   -
27   - Credentials credentials = Beans.getReference(Credentials.class);
28   - credentials.setUsername(request.getParameter("username"));
29   - credentials.setPassword(request.getParameter("password"));
30   - try {
31   - Beans.getReference(SecurityContext.class).logout();
32   - response.setStatus(SC_OK);
33   - } catch (AuthenticationException e) {
34   - response.setStatus(SC_FORBIDDEN);
35   - }
36   - }
37   -}
impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java
View file @424dfc7
... ... @@ -1,38 +0,0 @@
1   -package security.unauthentication.form;
2   -
3   -import static org.apache.http.HttpStatus.SC_FORBIDDEN;
4   -import static org.apache.http.HttpStatus.SC_OK;
5   -
6   -import java.io.IOException;
7   -
8   -import javax.servlet.ServletException;
9   -import javax.servlet.http.HttpServlet;
10   -import javax.servlet.http.HttpServletRequest;
11   -import javax.servlet.http.HttpServletResponse;
12   -
13   -import br.gov.frameworkdemoiselle.security.AuthenticationException;
14   -import br.gov.frameworkdemoiselle.security.Credentials;
15   -import br.gov.frameworkdemoiselle.security.SecurityContext;
16   -import br.gov.frameworkdemoiselle.util.Beans;
17   -
18   -public class HelperServletUnauthenticationSuccess extends HttpServlet {
19   -
20   - private static final long serialVersionUID = 1L;
21   -
22   - @Override
23   - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
24   - String result = request.getHeader("Authorization");
25   - result = (result == null ? request.getHeader("authorization") : result);
26   -
27   - Credentials credentials = Beans.getReference(Credentials.class);
28   - credentials.setUsername(request.getParameter("username"));
29   - credentials.setPassword(request.getParameter("password"));
30   - try {
31   - Beans.getReference(SecurityContext.class).login();
32   - Beans.getReference(SecurityContext.class).logout();
33   - response.setStatus(SC_OK);
34   - } catch (AuthenticationException e) {
35   - response.setStatus(SC_FORBIDDEN);
36   - }
37   - }
38   -}
impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java
View file @424dfc7
... ... @@ -1,68 +0,0 @@
1   -package security.unauthentication.form;
2   -
3   -import static org.apache.http.HttpStatus.SC_FORBIDDEN;
4   -import static org.apache.http.HttpStatus.SC_OK;
5   -import static org.junit.Assert.assertEquals;
6   -
7   -import java.io.IOException;
8   -import java.net.URISyntaxException;
9   -import java.net.URL;
10   -
11   -import org.apache.http.HttpResponse;
12   -import org.apache.http.client.ClientProtocolException;
13   -import org.apache.http.client.methods.HttpGet;
14   -import org.apache.http.client.utils.URIBuilder;
15   -import org.apache.http.impl.client.HttpClientBuilder;
16   -import org.jboss.arquillian.container.test.api.Deployment;
17   -import org.jboss.arquillian.junit.Arquillian;
18   -import org.jboss.arquillian.test.api.ArquillianResource;
19   -import org.jboss.shrinkwrap.api.spec.WebArchive;
20   -import org.junit.Test;
21   -import org.junit.runner.RunWith;
22   -
23   -import test.Tests;
24   -
25   -import com.sun.enterprise.security.auth.login.FileLoginModule;
26   -
27   -@RunWith(Arquillian.class)
28   -public class ServletAuthenticatorTest {
29   -
30   - private static final String PATH = "src/test/resources/security/unauthentication/form";
31   -
32   - @ArquillianResource
33   - private URL deploymentUrl;
34   -
35   - @Deployment(testable = false)
36   - public static WebArchive createDeployment() {
37   - return Tests.createDeployment().addClasses(HelperServletUnauthenticationSuccess.class, FileLoginModule.class)
38   - .addAsWebInfResource(Tests.createFileAsset(PATH + "/web.xml"), "web.xml");
39   - }
40   -
41   - @Test
42   - public void logoutSucessfull() throws ClientProtocolException, IOException, URISyntaxException {
43   - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helperauthsuccess");
44   - uriBuilder.setParameter("username", "demoiselle");
45   - uriBuilder.setParameter("password", "changeit");
46   -
47   - HttpGet httpGet = new HttpGet(uriBuilder.build());
48   - HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet);
49   -
50   - int status = httpResponse.getStatusLine().getStatusCode();
51   - assertEquals(SC_OK, status);
52   - }
53   -
54   - @Test
55   - public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException {
56   - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helperauthfail");
57   - uriBuilder.setParameter("username", "demoiselle");
58   - uriBuilder.setParameter("password", "changeit");
59   -
60   - HttpGet get = new HttpGet(uriBuilder.build());
61   - HttpResponse response = HttpClientBuilder.create().build().execute(get);
62   -
63   - int status = response.getStatusLine().getStatusCode();
64   - assertEquals(SC_FORBIDDEN, status);
65   - }
66   -
67   -
68   -}
impl/extension/servlet/src/test/resources/domain.xml
  Diff comments   View file @ba660b1
... ... @@ -147,7 +147,7 @@
147 147 <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
148 148 <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
149 149 <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
150   - <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
  150 + <jvm-options>-Djava.security.auth.login.config=src/test/resources/login.conf</jvm-options>
151 151 <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
152 152 <jvm-options>-Xmx512m</jvm-options>
153 153 <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
... ... @@ -312,7 +312,7 @@
312 312 <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
313 313 <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
314 314 <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
315   - <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
  315 + <jvm-options>-Djava.security.auth.login.config=src/test/resources/login.conf</jvm-options>
316 316 <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
317 317 <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
318 318 <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
... ...
impl/extension/servlet/src/test/resources/login.conf 0 → 100644
  Diff comments   View file @ba660b1
... ... @@ -0,0 +1,61 @@
  1 +/*
  2 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  3 + *
  4 + * Copyright (c) 2004-2010 Oracle and/or its affiliates. All rights reserved.
  5 + *
  6 + * The contents of this file are subject to the terms of either the GNU
  7 + * General Public License Version 2 only ("GPL") or the Common Development
  8 + * and Distribution License("CDDL") (collectively, the "License"). You
  9 + * may not use this file except in compliance with the License. You can
  10 + * obtain a copy of the License at
  11 + * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
  12 + * or packager/legal/LICENSE.txt. See the License for the specific
  13 + * language governing permissions and limitations under the License.
  14 + *
  15 + * When distributing the software, include this License Header Notice in each
  16 + * file and include the License file at packager/legal/LICENSE.txt.
  17 + *
  18 + * GPL Classpath Exception:
  19 + * Oracle designates this particular file as subject to the "Classpath"
  20 + * exception as provided by Oracle in the GPL Version 2 section of the License
  21 + * file that accompanied this code.
  22 + *
  23 + * Modifications:
  24 + * If applicable, add the following below the License Header, with the fields
  25 + * enclosed by brackets [] replaced by your own identifying information:
  26 + * "Portions Copyright [year] [name of copyright owner]"
  27 + *
  28 + * Contributor(s):
  29 + * If you wish your version of this file to be governed by only the CDDL or
  30 + * only the GPL Version 2, indicate your decision by adding "[Contributor]
  31 + * elects to include this software in this distribution under the [CDDL or GPL
  32 + * Version 2] license." If you don't indicate a single choice of license, a
  33 + * recipient has the option to distribute your version of this file under
  34 + * either the CDDL, the GPL Version 2 or to extend the choice of license to
  35 + * its licensees as provided above. However, if you add GPL Version 2 code
  36 + * and therefore, elected the GPL Version 2 license, then the option applies
  37 + * only if the new code is made subject to such option by the copyright
  38 + * holder.
  39 + */
  40 +
  41 +fileRealm {
  42 + com.sun.enterprise.security.auth.login.FileLoginModule required;
  43 +};
  44 +
  45 +ldapRealm {
  46 + com.sun.enterprise.security.auth.login.LDAPLoginModule required;
  47 +};
  48 +
  49 +solarisRealm {
  50 + com.sun.enterprise.security.auth.login.SolarisLoginModule required;
  51 +};
  52 +
  53 +jdbcRealm {
  54 + com.sun.enterprise.security.auth.login.JDBCLoginModule required;
  55 +};
  56 +jdbcDigestRealm {
  57 + com.sun.enterprise.security.auth.login.JDBCDigestLoginModule required;
  58 +};
  59 +pamRealm {
  60 + com.sun.enterprise.security.auth.login.PamLoginModule required;
  61 +};
... ...
impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml
View file @424dfc7
... ... @@ -1,71 +0,0 @@
1   -<!--
2   - Demoiselle Framework
3   - Copyright (C) 2010 SERPRO
4   - ============================================================================
5   - This file is part of Demoiselle Framework.
6   -
7   - Demoiselle Framework is free software; you can redistribute it and/or
8   - modify it under the terms of the GNU Lesser General Public License version 3
9   - as published by the Free Software Foundation.
10   -
11   - This program is distributed in the hope that it will be useful,
12   - but WITHOUT ANY WARRANTY; without even the implied warranty of
13   - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14   - GNU General Public License for more details.
15   -
16   - You should have received a copy of the GNU Lesser General Public License version 3
17   - along with this program; if not, see <http://www.gnu.org/licenses />
18   - or write to the Free Software Foundation, Inc., 51 Franklin Street,
19   - Fifth Floor, Boston, MA 02110-1301, USA.
20   - ============================================================================
21   - Este arquivo é parte do Framework Demoiselle.
22   -
23   - O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24   - modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25   - do Software Livre (FSF).
26   -
27   - Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28   - GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29   - APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30   - para maiores detalhes.
31   -
32   - Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33   - "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses />
34   - ou escreva para a Fundação do Software Livre (FSF) Inc.,
35   - 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36   --->
37   -<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
38   - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
39   -
40   - <listener>
41   - <listener-class>br.gov.frameworkdemoiselle.util.ServletListener</listener-class>
42   - </listener>
43   -
44   - <filter>
45   - <filter-name>Demoiselle Servlet Filter</filter-name>
46   - <filter-class>br.gov.frameworkdemoiselle.util.ServletFilter</filter-class>
47   - </filter>
48   - <filter-mapping>
49   - <filter-name>Demoiselle Servlet Filter</filter-name>
50   - <url-pattern>/*</url-pattern>
51   - </filter-mapping>
52   -
53   - <servlet>
54   - <servlet-name>Helper Servlet Unauth Success</servlet-name>
55   - <servlet-class>security.unauthentication.form.HelperServletUnauthenticationSuccess</servlet-class>
56   - </servlet>
57   - <servlet-mapping>
58   - <servlet-name>Helper Servlet Unauth Success</servlet-name>
59   - <url-pattern>/helperauthsuccess</url-pattern>
60   - </servlet-mapping>
61   -
62   - <servlet>
63   - <servlet-name>Helper Servlet Unauth Fail</servlet-name>
64   - <servlet-class>security.unauthentication.form.HelperServletUnauthenticationFail</servlet-class>
65   - </servlet>
66   - <servlet-mapping>
67   - <servlet-name>Helper Servlet Unauth Fail</servlet-name>
68   - <url-pattern>/helperauthfail</url-pattern>
69   - </servlet-mapping>
70   -
71   -</web-app>
72 0 \ No newline at end of file