From ba660b18ddff078706ada9b233540e512c6dd5db Mon Sep 17 00:00:00 2001
From: Cleverson Sacramento <cleverson.sacramento@gmail.com>
Date: Thu, 26 Sep 2013 14:00:13 -0300
Subject: [PATCH] IN PROGRESS - issue FWK-119: Testes da extensão Servlet  

---
 impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java                          | 27 +++++++++++++++++++++------
 impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java               |  9 ++++++++-
 impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java    | 37 -------------------------------------
 impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java | 38 --------------------------------------
 impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java             | 68 --------------------------------------------------------------------
 impl/extension/servlet/src/test/resources/domain.xml                                                          |  4 ++--
 impl/extension/servlet/src/test/resources/login.conf                                                          | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml                              | 71 -----------------------------------------------------------------------
 8 files changed, 92 insertions(+), 223 deletions(-)
 delete mode 100644 impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java
 delete mode 100644 impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java
 delete mode 100644 impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java
 create mode 100644 impl/extension/servlet/src/test/resources/login.conf
 delete mode 100644 impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml

diff --git a/impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java b/impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
index fc5a5d6..d77db38 100644
--- a/impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
+++ b/impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
@@ -3,6 +3,7 @@ package security.authentication.form;
 import static org.apache.http.HttpStatus.SC_EXPECTATION_FAILED;
 import static org.apache.http.HttpStatus.SC_FORBIDDEN;
 import static org.apache.http.HttpStatus.SC_OK;
+import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
 
 import java.io.IOException;
 
@@ -13,8 +14,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import br.gov.frameworkdemoiselle.security.Credentials;
 import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
+import br.gov.frameworkdemoiselle.security.NotLoggedInException;
 import br.gov.frameworkdemoiselle.security.SecurityContext;
 import br.gov.frameworkdemoiselle.util.Beans;
+import br.gov.frameworkdemoiselle.util.Strings;
 
 public class HelperServlet extends HttpServlet {
 
@@ -51,13 +54,21 @@ public class HelperServlet extends HttpServlet {
 		loadCredentials(request);
 		SecurityContext securityContext = Beans.getReference(SecurityContext.class);
 
-		securityContext.login();
-		securityContext.logout();
+		if (isLogon(request)) {
+			securityContext.login();
+		}
 
-		if (!securityContext.isLoggedIn()) {
-			response.setStatus(SC_OK);
-		} else {
-			response.setStatus(SC_EXPECTATION_FAILED);
+		try {
+			securityContext.logout();
+			
+			if (!securityContext.isLoggedIn()) {
+				response.setStatus(SC_OK);
+			} else {
+				response.setStatus(SC_EXPECTATION_FAILED);
+			}
+			
+		} catch (NotLoggedInException cause) {
+			response.setStatus(SC_UNAUTHORIZED);
 		}
 	}
 
@@ -66,4 +77,8 @@ public class HelperServlet extends HttpServlet {
 		credentials.setUsername(request.getParameter("username"));
 		credentials.setPassword(request.getParameter("password"));
 	}
+
+	private boolean isLogon(HttpServletRequest request) {
+		return !Strings.isEmpty(request.getParameter("username"));
+	}
 }
diff --git a/impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java b/impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
index da0089c..de2e97b 100644
--- a/impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
+++ b/impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
@@ -2,6 +2,7 @@ package security.authentication.form;
 
 import static org.apache.http.HttpStatus.SC_FORBIDDEN;
 import static org.apache.http.HttpStatus.SC_OK;
+import static org.apache.http.HttpStatus.SC_UNAUTHORIZED;
 import static org.junit.Assert.assertEquals;
 
 import java.io.IOException;
@@ -78,7 +79,13 @@ public class ServletAuthenticatorTest {
 	}
 
 	@Test
-	public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException {
+	public void logoutFailedByNotLoggedInException() throws ClientProtocolException, IOException, URISyntaxException {
 		URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout");
+
+		HttpGet httpGet = new HttpGet(uriBuilder.build());
+		HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet);
+
+		int status = httpResponse.getStatusLine().getStatusCode();
+		assertEquals(SC_UNAUTHORIZED, status);
 	}
 }
diff --git a/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java b/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java
deleted file mode 100644
index df8ad7d..0000000
--- a/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationFail.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package security.unauthentication.form;
-
-import static org.apache.http.HttpStatus.SC_FORBIDDEN;
-import static org.apache.http.HttpStatus.SC_OK;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import br.gov.frameworkdemoiselle.security.AuthenticationException;
-import br.gov.frameworkdemoiselle.security.Credentials;
-import br.gov.frameworkdemoiselle.security.SecurityContext;
-import br.gov.frameworkdemoiselle.util.Beans;
-
-public class HelperServletUnauthenticationFail extends HttpServlet {
-
-	private static final long serialVersionUID = 1L;
-
-	@Override
-	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		String result = request.getHeader("Authorization");
-		result = (result == null ? request.getHeader("authorization") : result);
-
-		Credentials credentials = Beans.getReference(Credentials.class);
-		credentials.setUsername(request.getParameter("username"));
-		credentials.setPassword(request.getParameter("password"));
-		try {
-			Beans.getReference(SecurityContext.class).logout();
-			response.setStatus(SC_OK);
-		} catch (AuthenticationException e) {
-			response.setStatus(SC_FORBIDDEN);
-		}
-	}
-}
diff --git a/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java b/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java
deleted file mode 100644
index 3bb2b01..0000000
--- a/impl/extension/servlet/src/test/java/security/unauthentication/form/HelperServletUnauthenticationSuccess.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package security.unauthentication.form;
-
-import static org.apache.http.HttpStatus.SC_FORBIDDEN;
-import static org.apache.http.HttpStatus.SC_OK;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import br.gov.frameworkdemoiselle.security.AuthenticationException;
-import br.gov.frameworkdemoiselle.security.Credentials;
-import br.gov.frameworkdemoiselle.security.SecurityContext;
-import br.gov.frameworkdemoiselle.util.Beans;
-
-public class HelperServletUnauthenticationSuccess extends HttpServlet {
-
-	private static final long serialVersionUID = 1L;
-
-	@Override
-	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-		String result = request.getHeader("Authorization");
-		result = (result == null ? request.getHeader("authorization") : result);
-
-		Credentials credentials = Beans.getReference(Credentials.class);
-		credentials.setUsername(request.getParameter("username"));
-		credentials.setPassword(request.getParameter("password"));
-		try {
-			Beans.getReference(SecurityContext.class).login();
-			Beans.getReference(SecurityContext.class).logout();
-			response.setStatus(SC_OK);
-		} catch (AuthenticationException e) {
-			response.setStatus(SC_FORBIDDEN);
-		}
-	}
-}
diff --git a/impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java b/impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java
deleted file mode 100644
index 2867f55..0000000
--- a/impl/extension/servlet/src/test/java/security/unauthentication/form/ServletAuthenticatorTest.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package security.unauthentication.form;
-
-import static org.apache.http.HttpStatus.SC_FORBIDDEN;
-import static org.apache.http.HttpStatus.SC_OK;
-import static org.junit.Assert.assertEquals;
-
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.net.URL;
-
-import org.apache.http.HttpResponse;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.junit.Arquillian;
-import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import test.Tests;
-
-import com.sun.enterprise.security.auth.login.FileLoginModule;
-
-@RunWith(Arquillian.class)
-public class ServletAuthenticatorTest {
-
-	private static final String PATH = "src/test/resources/security/unauthentication/form";
-
-	@ArquillianResource
-	private URL deploymentUrl;
-
-	@Deployment(testable = false)
-	public static WebArchive createDeployment() {
-		return Tests.createDeployment().addClasses(HelperServletUnauthenticationSuccess.class, FileLoginModule.class)
-				.addAsWebInfResource(Tests.createFileAsset(PATH + "/web.xml"), "web.xml");
-	}
-
-	@Test
-	public void logoutSucessfull() throws ClientProtocolException, IOException, URISyntaxException {
-		URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helperauthsuccess");
-		uriBuilder.setParameter("username", "demoiselle");
-		uriBuilder.setParameter("password", "changeit");
-
-		HttpGet httpGet = new HttpGet(uriBuilder.build());
-		HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet);
-
-		int status = httpResponse.getStatusLine().getStatusCode();
-		assertEquals(SC_OK, status);
-	}
-
-	@Test
-	public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException {
-		URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helperauthfail");
-		uriBuilder.setParameter("username", "demoiselle");
-		uriBuilder.setParameter("password", "changeit");
-
-		HttpGet get = new HttpGet(uriBuilder.build());
-		HttpResponse response = HttpClientBuilder.create().build().execute(get);
-
-		int status = response.getStatusLine().getStatusCode();
-		assertEquals(SC_FORBIDDEN, status);
-	}
-	
-
-}
diff --git a/impl/extension/servlet/src/test/resources/domain.xml b/impl/extension/servlet/src/test/resources/domain.xml
index 1c8bcbf..f96f5eb 100644
--- a/impl/extension/servlet/src/test/resources/domain.xml
+++ b/impl/extension/servlet/src/test/resources/domain.xml
@@ -147,7 +147,7 @@
         <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
         <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
         <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
-        <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
+        <jvm-options>-Djava.security.auth.login.config=src/test/resources/login.conf</jvm-options>
         <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
         <jvm-options>-Xmx512m</jvm-options>
         <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
@@ -312,7 +312,7 @@
         <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
         <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
         <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
-        <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
+        <jvm-options>-Djava.security.auth.login.config=src/test/resources/login.conf</jvm-options>
         <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
         <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
         <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
diff --git a/impl/extension/servlet/src/test/resources/login.conf b/impl/extension/servlet/src/test/resources/login.conf
new file mode 100644
index 0000000..2d9f91d
--- /dev/null
+++ b/impl/extension/servlet/src/test/resources/login.conf
@@ -0,0 +1,61 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright (c) 2004-2010 Oracle and/or its affiliates. All rights reserved.
+ *
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License").  You
+ * may not use this file except in compliance with the License.  You can
+ * obtain a copy of the License at
+ * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+ * or packager/legal/LICENSE.txt.  See the License for the specific
+ * language governing permissions and limitations under the License.
+ *
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at packager/legal/LICENSE.txt.
+ *
+ * GPL Classpath Exception:
+ * Oracle designates this particular file as subject to the "Classpath"
+ * exception as provided by Oracle in the GPL Version 2 section of the License
+ * file that accompanied this code.
+ *
+ * Modifications:
+ * If applicable, add the following below the License Header, with the fields
+ * enclosed by brackets [] replaced by your own identifying information:
+ * "Portions Copyright [year] [name of copyright owner]"
+ *
+ * Contributor(s):
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license."  If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above.  However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+
+fileRealm {
+	com.sun.enterprise.security.auth.login.FileLoginModule required;
+};
+
+ldapRealm {
+	com.sun.enterprise.security.auth.login.LDAPLoginModule required;
+};
+
+solarisRealm {
+	com.sun.enterprise.security.auth.login.SolarisLoginModule required;
+};
+
+jdbcRealm {
+	com.sun.enterprise.security.auth.login.JDBCLoginModule required;
+};
+jdbcDigestRealm {
+       com.sun.enterprise.security.auth.login.JDBCDigestLoginModule required;
+};
+pamRealm {
+	com.sun.enterprise.security.auth.login.PamLoginModule required;
+};
diff --git a/impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml b/impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml
deleted file mode 100644
index ef96be9..0000000
--- a/impl/extension/servlet/src/test/resources/security/unauthentication/form/web.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-<!--
- Demoiselle Framework
- Copyright (C) 2010 SERPRO
- ============================================================================
- This file is part of Demoiselle Framework.
- 
- Demoiselle Framework is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public License version 3
- as published by the Free Software Foundation.
- 
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
- 
- You should have received a copy of the GNU Lesser General Public License version 3
- along with this program; if not,  see <http://www.gnu.org/licenses />
- or write to the Free Software Foundation, Inc., 51 Franklin Street,
- Fifth Floor, Boston, MA  02110-1301, USA.
- ============================================================================
- Este arquivo é parte do Framework Demoiselle.
- 
- O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
- modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
- do Software Livre (FSF).
- 
- Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
- GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
- APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
- para maiores detalhes.
- 
- Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
- "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses />
- ou escreva para a Fundação do Software Livre (FSF) Inc.,
- 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
--->
-<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
-
-	<listener>
-		<listener-class>br.gov.frameworkdemoiselle.util.ServletListener</listener-class>
-	</listener>
-
-	<filter>
-		<filter-name>Demoiselle Servlet Filter</filter-name>
-		<filter-class>br.gov.frameworkdemoiselle.util.ServletFilter</filter-class>
-	</filter>
-	<filter-mapping>
-		<filter-name>Demoiselle Servlet Filter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
-	<servlet>
-		<servlet-name>Helper Servlet Unauth Success</servlet-name>
-		<servlet-class>security.unauthentication.form.HelperServletUnauthenticationSuccess</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>Helper Servlet Unauth Success</servlet-name>
-		<url-pattern>/helperauthsuccess</url-pattern>
-	</servlet-mapping>
-	
-	<servlet>
-		<servlet-name>Helper Servlet Unauth Fail</servlet-name>
-		<servlet-class>security.unauthentication.form.HelperServletUnauthenticationFail</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>Helper Servlet Unauth Fail</servlet-name>
-		<url-pattern>/helperauthfail</url-pattern>
-	</servlet-mapping>
-	
-</web-app>
\ No newline at end of file
--
libgit2 0.21.2