<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Writing a AS7 Test Case in testsuite module
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/anil.saldhana">Anil Saldhana</a> in <i>JBoss AS7 Development</i> - <a href="http://community.jboss.org/docs/DOC-16664">View the full document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><h2>Background</h2><h2></h2><p>I wanted to write a test case for web security using FORM authentication in the AS7 testsuite. I chose the testsuite/integration submodule.</p><h2></h2><h2>Requirements</h2><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><ul><li>I wanted to be able to run the test case in Eclipse.</li><li>I wanted to use JPDA to set breakpoints in the AS7 codebase.</li></ul><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2>Choices of Technologies</h2><ul><li>Arquilian</li><li>Shrinkwrap</li><li>JUnit</li><li>Eclipse</li></ul><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>Note</strong>:  Both Arquilian and Shrinkwrap are available in the AS7 development environment by default.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Test Case</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java"><font color="darkgreen">/*
* JBoss, Home of Professional Open Source.
* Copyright (c) 2011, Red Hat, Inc., and individual contributors
<snip> Copyright header
*/</font>
<font color="navy"><b>package</b></font> org.jboss.as.testsuite.integration.websecurity;
 
<font color="navy"><b>import</b></font> <font color="navy"><b>static</b></font> org.junit.Assert.assertEquals;
 
<font color="navy"><b>import</b></font> java.io.File;
<font color="navy"><b>import</b></font> java.net.URL;
<font color="navy"><b>import</b></font> java.util.ArrayList;
<font color="navy"><b>import</b></font> java.util.List;
 
<font color="navy"><b>import</b></font> org.apache.http.Header;
<font color="navy"><b>import</b></font> org.apache.http.HttpEntity;
<font color="navy"><b>import</b></font> org.apache.http.HttpResponse;
<font color="navy"><b>import</b></font> org.apache.http.NameValuePair;
<font color="navy"><b>import</b></font> org.apache.http.StatusLine;
<font color="navy"><b>import</b></font> org.apache.http.client.entity.UrlEncodedFormEntity;
<font color="navy"><b>import</b></font> org.apache.http.client.methods.HttpGet;
<font color="navy"><b>import</b></font> org.apache.http.client.methods.HttpPost;
<font color="navy"><b>import</b></font> org.apache.http.cookie.Cookie;
<font color="navy"><b>import</b></font> org.apache.http.impl.client.DefaultHttpClient;
<font color="navy"><b>import</b></font> org.apache.http.message.BasicNameValuePair;
<font color="navy"><b>import</b></font> org.apache.http.protocol.HTTP;
<font color="navy"><b>import</b></font> org.jboss.arquillian.api.Deployment;
<font color="navy"><b>import</b></font> org.jboss.arquillian.api.Run;
<font color="navy"><b>import</b></font> org.jboss.arquillian.api.RunModeType;
<font color="navy"><b>import</b></font> org.jboss.arquillian.junit.Arquillian;
<font color="navy"><b>import</b></font> org.jboss.shrinkwrap.api.ShrinkWrap;
<font color="navy"><b>import</b></font> org.jboss.shrinkwrap.api.spec.WebArchive;
<font color="navy"><b>import</b></font> org.junit.Test;
<font color="navy"><b>import</b></font> org.junit.runner.RunWith;
 
<font color="darkgreen">/**
* Unit Test web security
*
* @author Anil Saldhana
*/</font>
@RunWith(Arquillian.class)
@Run(RunModeType.AS_CLIENT)
<font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> WebSecurityFORMTestCase <font color="navy">{</font>
 
    <font color="navy"><b>private</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>final</b></font> String URL = <font color="red">"http://localhost:8080/web-secure/secured/"</font>;
 
    @Deployment
    <font color="navy"><b>public</b></font> <font color="navy"><b>static</b></font> WebArchive deployment() <font color="navy">{</font>
        ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        URL webxml = tccl.getResource(<font color="red">"web-secure.war/web.xml"</font>);
        WebArchive war = ShrinkWrap.create(WebArchive.class, <font color="red">"web-secure.war"</font>);
        war.addClass(SecuredServlet.class);
 
        File userProp = <font color="navy"><b>new</b></font> File(tccl.getResource(<font color="red">"web-secure.war/users.properties"</font>).getPath());
        File roleProp = <font color="navy"><b>new</b></font> File(tccl.getResource(<font color="red">"web-secure.war/roles.properties"</font>).getPath());
        File loginJSP = <font color="navy"><b>new</b></font> File(tccl.getResource(<font color="red">"web-secure.war/login.jsp"</font>).getPath());
        File errorJSP = <font color="navy"><b>new</b></font> File(tccl.getResource(<font color="red">"web-secure.war/error.jsp"</font>).getPath());
 
        war.addResource(loginJSP);
        war.addResource(errorJSP);
 
        war.addResource(userProp, <font color="red">"/WEB-INF/classes/users.properties"</font>);
        war.addResource(roleProp, <font color="red">"/WEB-INF/classes/roles.properties"</font>);
 
        war.setWebXML(webxml);
 
        <font color="navy"><b>return</b></font> war;
    <font color="navy">}</font>
 
    <font color="darkgreen">/**
     * Test with user "anil" who has the right password and the right role to access the servlet
     *
     * @throws Exception
     */</font>
    @Test
    <font color="navy"><b>public</b></font> <font color="navy"><b>void</b></font> testSuccessfulAuth() <font color="navy"><b>throws</b></font> Exception <font color="navy">{</font>
        makeCall(<font color="red">"anil"</font>, <font color="red">"anil"</font>, 200);
    <font color="navy">}</font>
 
    <font color="darkgreen">/**
     * <p>
     * Test with user "marcus" who has the right password but does not have the right role
     * </p>
     * <p>
     * Should be a HTTP/403
     * </p>
     *
     * @throws Exception
     */</font>
    @Test
    <font color="navy"><b>public</b></font> <font color="navy"><b>void</b></font> testUnsuccessfulAuth() <font color="navy"><b>throws</b></font> Exception <font color="navy">{</font>
        makeCall(<font color="red">"marcus"</font>, <font color="red">"marcus"</font>, 403);
    <font color="navy">}</font>
 
    <font color="navy"><b>protected</b></font> <font color="navy"><b>void</b></font> makeCall(String user, String pass, <font color="navy"><b>int</b></font> expectedStatusCode) <font color="navy"><b>throws</b></font> Exception <font color="navy">{</font>
        DefaultHttpClient httpclient = <font color="navy"><b>new</b></font> DefaultHttpClient();
        <font color="navy"><b>try</b></font> <font color="navy">{</font>
            HttpGet httpget = <font color="navy"><b>new</b></font> HttpGet(URL);
 
            HttpResponse response = httpclient.execute(httpget);
 
            HttpEntity entity = response.getEntity();
            <font color="navy"><b>if</b></font> (entity != <font color="navy"><b>null</b></font>)
                entity.consumeContent();
 
            <font color="darkgreen">// We should get the Login Page</font>
            StatusLine statusLine = response.getStatusLine();
            System.out.println(<font color="red">"Login form get: "</font> + statusLine);
            assertEquals(200, statusLine.getStatusCode());
 
            System.out.println(<font color="red">"Initial set of cookies:"</font>);
            List<Cookie> cookies = httpclient.getCookieStore().getCookies();
            <font color="navy"><b>if</b></font> (cookies.isEmpty()) <font color="navy">{</font>
                System.out.println(<font color="red">"None"</font>);
            <font color="navy">}</font> <font color="navy"><b>else</b></font> <font color="navy">{</font>
                <font color="navy"><b>for</b></font> (<font color="navy"><b>int</b></font> i = 0; i < cookies.size(); i++) <font color="navy">{</font>
                    System.out.println(<font color="red">"- "</font> + cookies.get(i).toString());
                <font color="navy">}</font>
            <font color="navy">}</font>
 
            <font color="darkgreen">// We should now login with the user name and password</font>
            HttpPost httpost = <font color="navy"><b>new</b></font> HttpPost(URL + <font color="red">"/j_security_check"</font>);
 
            List<NameValuePair> nvps = <font color="navy"><b>new</b></font> ArrayList<NameValuePair>();
            nvps.add(<font color="navy"><b>new</b></font> BasicNameValuePair(<font color="red">"j_username"</font>, user));
            nvps.add(<font color="navy"><b>new</b></font> BasicNameValuePair(<font color="red">"j_password"</font>, pass));
 
            httpost.setEntity(<font color="navy"><b>new</b></font> UrlEncodedFormEntity(nvps, HTTP.UTF_8));
 
            response = httpclient.execute(httpost);
            entity = response.getEntity();
            <font color="navy"><b>if</b></font> (entity != <font color="navy"><b>null</b></font>)
                entity.consumeContent();
 
            statusLine = response.getStatusLine();
 
            <font color="darkgreen">// Post authentication - we have a 302</font>
            assertEquals(302, statusLine.getStatusCode());
            Header locationHeader = response.getFirstHeader(<font color="red">"Location"</font>);
            String location = locationHeader.getValue();
 
            HttpGet httpGet = <font color="navy"><b>new</b></font> HttpGet(location);
            response = httpclient.execute(httpGet);
 
            entity = response.getEntity();
            <font color="navy"><b>if</b></font> (entity != <font color="navy"><b>null</b></font>)
                entity.consumeContent();
 
            System.out.println(<font color="red">"Post logon cookies:"</font>);
            cookies = httpclient.getCookieStore().getCookies();
            <font color="navy"><b>if</b></font> (cookies.isEmpty()) <font color="navy">{</font>
                System.out.println(<font color="red">"None"</font>);
            <font color="navy">}</font> <font color="navy"><b>else</b></font> <font color="navy">{</font>
                <font color="navy"><b>for</b></font> (<font color="navy"><b>int</b></font> i = 0; i < cookies.size(); i++) <font color="navy">{</font>
                    System.out.println(<font color="red">"- "</font> + cookies.get(i).toString());
                <font color="navy">}</font>
            <font color="navy">}</font>
 
            <font color="darkgreen">// Either the authentication passed or failed based on the expected status code</font>
            statusLine = response.getStatusLine();
            assertEquals(expectedStatusCode, statusLine.getStatusCode());
        <font color="navy">}</font> <font color="navy"><b>finally</b></font> <font color="navy">{</font>
            <font color="darkgreen">// When HttpClient instance is no longer needed,</font>
            <font color="darkgreen">// shut down the connection manager to ensure</font>
            <font color="darkgreen">// immediate deallocation of all system resources</font>
            httpclient.getConnectionManager().shutdown();
        <font color="navy">}</font>
    <font color="navy">}</font>
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>In this test case, I am specifying that the test case should run using Arquilian  (via @RunWith) annotation.  Plus I am telling Arquilian to run the test as a client test case and not inside AS7.  [via @Run(RunModeType.AS_CLIENT) ]  <em> If you want the test to run inside AS7, then you have to use IN_CONTAINER (which is default anyway).</em></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Web Deployment</h2><h2></h2><p>I need the following Items in my web archive</p><ul><li>Servlet</li><li>web.xml</li><li>Two properties files (users.properties and roles.properties)</li></ul><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Let us look at the servlet</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java"><font color="darkgreen">/*
* JBoss, Home of Professional Open Source.
* Copyright (c) 2011, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
* <SNIP>
*/</font>
<font color="navy"><b>package</b></font> org.jboss.as.testsuite.integration.websecurity;
 
<font color="navy"><b>import</b></font> java.io.IOException;
<font color="navy"><b>import</b></font> java.io.Writer;
 
<font color="navy"><b>import</b></font> javax.servlet.ServletException;
<font color="navy"><b>import</b></font> javax.servlet.annotation.HttpConstraint;
<font color="navy"><b>import</b></font> javax.servlet.annotation.ServletSecurity;
<font color="navy"><b>import</b></font> javax.servlet.annotation.WebServlet;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServlet;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServletRequest;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServletResponse;
 
<font color="darkgreen">/**
* A simple servlet that just writes back a string
*
* @author Anil Saldhana
*/</font>
@WebServlet(urlPatterns = <font color="navy">{</font> <font color="red">"/secured/"</font> <font color="navy">}</font>)
@ServletSecurity(@HttpConstraint(rolesAllowed = <font color="navy">{</font> <font color="red">"gooduser"</font> <font color="navy">}</font>))
<font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> SecuredServlet <font color="navy"><b>extends</b></font> HttpServlet <font color="navy">{</font>
 
    <font color="navy"><b>private</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>final</b></font> <font color="navy"><b>long</b></font> serialVersionUID = 1L;
 
    @Override
    <font color="navy"><b>protected</b></font> <font color="navy"><b>void</b></font> doGet(HttpServletRequest req, HttpServletResponse resp) <font color="navy"><b>throws</b></font> ServletException, IOException <font color="navy">{</font>
 
        Writer writer = resp.getWriter();
        writer.write(<font color="red">"GOOD"</font>);
    <font color="navy">}</font>
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>My test resources were in a folder as</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>web-secure.war/</p><p>login.jsp</p><p>error.jsp</p><p>users.properties</p><p>roles.properties</p><p>web.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2>Where should I look for the source code?</h2><p><a class="jive-link-external-small" href="https://github.com/anilsaldhana/jboss-as/commit/0efdc673a45d6d172559183243a99e0927e33e65"><br/></a></p><p><a class="jive-link-external-small" href="https://github.com/anilsaldhana/jboss-as/commit/0efdc673a45d6d172559183243a99e0927e33e65">https://github.com/anilsaldhana/jboss-as/commit/0efdc673a45d6d172559183243a99e0927e33e65</a></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2></h2><h2>Show me the test in action, buddy</h2><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code">anil@localhost:~/as7/jboss-as/testsuite/integration$ mvn clean install
Running org.jboss.as.testsuite.integration.websecurity.WebSecurityFORMTestCase
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.531 sec
</code></pre></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a href="http://community.jboss.org/docs/DOC-16664">going to Community</a></p>
<p style="margin: 0;">Create a new document in JBoss AS7 Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>