Author: bcarothers Date: 2009-06-06 19:48:57 -0400 (Sat, 06 Jun 2009) New Revision: 985 Added: trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java Removed: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml trunk/extensions/dna-web-jcr-rest/src/main/webapp/ Modified: trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java trunk/extensions/dna-web-jcr-rest-war/pom.xml trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java trunk/pom.xml Log: DNA-440 Integrate Servlet Security with DNA ExecutionContext Applied patch that: - Adds class ServletSecurityContext to wrap HttpServletRequests in a SecurityContext for authorization within DNA - Makes JcrResource utilize a wrapped HttpServletRequest to login to the JCR Repository instead of a hardcoded user/password - Refactors the SPI to remove the ability to get a repository by name and add the ability to get a session from a request, repository name, and workspace name - Refactors surrounding classes in accord with change from prior line - Modifies integration test WAR to require basic authentication for all URIs - Modifies POM to add a valid user/password combination with the correct connect role; stripped all JAAS configuration - Makes existing test cases use - Adds test cases for bad password and user without connect role The REST integration test case throws out a bunch of spurious warnings about authorization failure, but since the test cases test that 1) nothing gets returned if authorization actually fails and 2) the right things do get returned when authorization works, I'm going to write this off as a Jetty quirk until proven otherwise. Modified: trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java =================================================================== --- trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java 2009-06-06 23:48:57 UTC (rev 985) @@ -20,17 +20,14 @@ this.entitlements = entitlements != null ? entitlements : Collections.<String>emptySet(); } - @Override public String getUserName() { return userName; } - @Override public boolean hasRole( String roleName ) { return entitlements.contains(roleName); } - @Override public void logout() { } Modified: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java =================================================================== --- trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java 2009-06-06 23:48:57 UTC (rev 985) @@ -35,7 +35,6 @@ import javax.jcr.PathNotFoundException; import javax.jcr.Property; import javax.jcr.PropertyIterator; -import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.Value; @@ -126,36 +125,26 @@ public static final String EMPTY_WORKSPACE_NAME = "<default>"; /** - * Returns a reference to the named repository, if it exists. - * - * @param repositoryName the name of the repository to load - * @return the repository - * @throws RepositoryException if any other error occurs - */ - private Repository getRepository( String repositoryName ) throws RepositoryException { - return RepositoryFactory.getRepository(repositoryName); - } - - /** * Returns an active session for the given workspace name in the named repository. * + * @param request the servlet request; may not be null or unauthenticated * @param rawRepositoryName the URL-encoded name of the repository in which the session is created - * @param rawWorkspaceName the URL-endecoded name of the workspace to which the session should be connected + * @param rawWorkspaceName the URL-encoded name of the workspace to which the session should be connected * @return an active session with the given workspace in the named repository * @throws RepositoryException if any other error occurs */ - private Session getSession( String rawRepositoryName, + private Session getSession( HttpServletRequest request, + String rawRepositoryName, String rawWorkspaceName ) throws NotFoundException, RepositoryException { + assert request != null; + assert request.getUserPrincipal() != null: "Request must be authorized"; - Repository repository; - try { - repository = getRepository(repositoryNameFor(rawRepositoryName)); - - } catch (RepositoryException re) { - throw new NotFoundException(re.getMessage(), re); + // Sanity check + if (request.getUserPrincipal() == null) { + throw new UnauthorizedException("Client is not authorized"); } - return repository.login(null, workspaceNameFor(rawWorkspaceName)); + return RepositoryFactory.getSession(request, repositoryNameFor(rawRepositoryName), workspaceNameFor(rawWorkspaceName)); } /** @@ -205,7 +194,7 @@ Map<String, WorkspaceEntry> workspaces = new HashMap<String, WorkspaceEntry>(); - Session session = getSession(rawRepositoryName, null); + Session session = getSession(request, rawRepositoryName, null); rawRepositoryName = URL_ENCODER.encode(rawRepositoryName); for (String name : session.getWorkspace().getAccessibleWorkspaceNames()) { @@ -222,6 +211,7 @@ /** * Handles GET requests for an item in a workspace. * + * @param request the servlet request; may not be null or unauthenticated * @param rawRepositoryName the URL-encoded repository name * @param rawWorkspaceName the URL-encoded workspace name * @param path the path to the item @@ -242,7 +232,8 @@ @GET @Path( "/{repositoryName}/{workspaceName}/items{path:.*}" ) @Produces( "application/json" ) - public String getItem( @PathParam( "repositoryName" ) String rawRepositoryName, + public String getItem( @Context HttpServletRequest request, + @PathParam( "repositoryName" ) String rawRepositoryName, @PathParam( "workspaceName" ) String rawWorkspaceName, @PathParam( "path" ) String path, @QueryParam( "dna:depth" ) @DefaultValue( "0" ) int depth ) @@ -251,7 +242,7 @@ assert rawRepositoryName != null; assert rawWorkspaceName != null; - Session session = getSession(rawRepositoryName, rawWorkspaceName); + Session session = getSession(request, rawRepositoryName, rawWorkspaceName); Item item; if ("/".equals(path) || "".equals(path)) { @@ -365,6 +356,7 @@ * jcr:mixinTypes} properties. * </p> * + * @param request the servlet request; may not be null or unauthenticated * @param rawRepositoryName the URL-encoded repository name * @param rawWorkspaceName the URL-encoded workspace name * @param path the path to the item @@ -379,7 +371,8 @@ @POST @Path( "/{repositoryName}/{workspaceName}/items/{path:.*}" ) @Consumes( "application/json" ) - public Response postItem( @PathParam( "repositoryName" ) String rawRepositoryName, + public Response postItem( @Context HttpServletRequest request, + @PathParam( "repositoryName" ) String rawRepositoryName, @PathParam( "workspaceName" ) String rawWorkspaceName, @PathParam( "path" ) String path, String requestContent ) @@ -394,7 +387,7 @@ String parentPath = lastSlashInd == -1 ? "/" : "/" + path.substring(0, lastSlashInd); String newNodeName = lastSlashInd == -1 ? path : path.substring(lastSlashInd + 1); - Session session = getSession(rawRepositoryName, rawWorkspaceName); + Session session = getSession(request, rawRepositoryName, rawWorkspaceName); Node parentNode = (Node)session.getItem(parentPath); @@ -499,6 +492,7 @@ /** * Deletes the item at {@code path}. * + * @param request the servlet request; may not be null or unauthenticated * @param rawRepositoryName the URL-encoded repository name * @param rawWorkspaceName the URL-encoded workspace name * @param path the path to the item @@ -509,7 +503,8 @@ @DELETE @Path( "/{repositoryName}/{workspaceName}/items{path:.*}" ) @Consumes( "application/json" ) - public void deleteItem( @PathParam( "repositoryName" ) String rawRepositoryName, + public void deleteItem( @Context HttpServletRequest request, + @PathParam( "repositoryName" ) String rawRepositoryName, @PathParam( "workspaceName" ) String rawWorkspaceName, @PathParam( "path" ) String path ) throws NotFoundException, UnauthorizedException, RepositoryException { @@ -518,7 +513,7 @@ assert rawWorkspaceName != null; assert path != null; - Session session = getSession(rawRepositoryName, rawWorkspaceName); + Session session = getSession(request, rawRepositoryName, rawWorkspaceName); Item item; try { @@ -539,6 +534,7 @@ * keys correspond to the values that will be set on the properties. * </p> * + * @param request the servlet request; may not be null or unauthenticated * @param rawRepositoryName the URL-encoded repository name * @param rawWorkspaceName the URL-encoded workspace name * @param path the path to the item @@ -552,7 +548,8 @@ @PUT @Path( "/{repositoryName}/{workspaceName}/items{path:.*}" ) @Consumes( "application/json" ) - public String putItem( @PathParam( "repositoryName" ) String rawRepositoryName, + public String putItem( @Context HttpServletRequest request, + @PathParam( "repositoryName" ) String rawRepositoryName, @PathParam( "workspaceName" ) String rawWorkspaceName, @PathParam( "path" ) String path, String requestContent ) throws UnauthorizedException, JSONException, RepositoryException { @@ -561,7 +558,7 @@ assert rawRepositoryName != null; assert rawWorkspaceName != null; - Session session = getSession(rawRepositoryName, rawWorkspaceName); + Session session = getSession(request, rawRepositoryName, rawWorkspaceName); Node node; Item item; if ("".equals(path) || "/".equals(path)) { Modified: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java =================================================================== --- trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java 2009-06-06 23:48:57 UTC (rev 985) @@ -1,9 +1,10 @@ package org.jboss.dna.web.jcr.rest; import java.util.Collection; -import javax.jcr.Repository; import javax.jcr.RepositoryException; +import javax.jcr.Session; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; import org.jboss.dna.web.jcr.rest.spi.RepositoryProvider; public class RepositoryFactory { @@ -30,8 +31,8 @@ provider.startup(context); } - public static Repository getRepository( String repositoryName ) throws RepositoryException { - return provider.getRepository(repositoryName); + public static Session getSession( HttpServletRequest request, String repositoryName, String workspaceName) throws RepositoryException { + return provider.getSession(request, repositoryName, workspaceName); } public static Collection<String> getJcrRepositoryNames() { Added: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java =================================================================== --- trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java (rev 0) +++ trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java 2009-06-06 23:48:57 UTC (rev 985) @@ -0,0 +1,53 @@ +package org.jboss.dna.web.jcr.rest; + +import javax.servlet.http.HttpServletRequest; +import org.jboss.dna.common.util.CheckArg; +import org.jboss.dna.graph.SecurityContext; + +/** + * Servlet-based {@link SecurityContext security context} that assumes servlet-based authentication and provides authorization + * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking mechanism}. + */ +public class ServletSecurityContext implements SecurityContext { + + private final String userName; + private final HttpServletRequest request; + + /** + * Create a {@link ServletSecurityContext} with the supplied {@link HttpServletRequest servlet information}. + * + * @param request the servlet request; may not be null + */ + public ServletSecurityContext( HttpServletRequest request ) { + CheckArg.isNotNull(request, "request"); + this.request = request; + this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null; + } + + /** + * {@inheritDoc SecurityContext#getUserName()} + * + * @see SecurityContext#getUserName() + */ + public final String getUserName() { + return userName; + } + + /** + * {@inheritDoc SecurityContext#hasRole(String)} + * + * @see SecurityContext#hasRole(String) + */ + public final boolean hasRole( String roleName ) { + return request.isUserInRole(roleName); + } + + /** + * {@inheritDoc SecurityContext#logout()} + * + * @see SecurityContext#logout() + */ + public void logout() { + } + +} Property changes on: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Modified: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java =================================================================== --- trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java 2009-06-06 23:48:57 UTC (rev 985) @@ -6,9 +6,15 @@ import java.util.Set; import javax.jcr.Repository; import javax.jcr.RepositoryException; +import javax.jcr.Session; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; import org.jboss.dna.jcr.JcrConfiguration; import org.jboss.dna.jcr.JcrEngine; +import org.jboss.dna.jcr.SecurityContextCredentials; +import org.jboss.dna.web.jcr.rest.ServletSecurityContext; +import org.jboss.resteasy.spi.NotFoundException; +import org.jboss.resteasy.spi.UnauthorizedException; import org.xml.sax.SAXException; public class DnaJcrRepositoryProvider implements RepositoryProvider { @@ -24,7 +30,7 @@ return new HashSet<String>(jcrEngine.getRepositoryNames()); } - public Repository getRepository( String repositoryName ) throws RepositoryException { + private Repository getRepository( String repositoryName ) throws RepositoryException { return jcrEngine.getRepository(repositoryName); } @@ -46,4 +52,37 @@ public void shutdown() { jcrEngine.shutdown(); } + + /** + * Returns an active session for the given workspace name in the named repository. + * + * @param request the servlet request; may not be null or unauthenticated + * @param repositoryName the name of the repository in which the session is created + * @param workspaceName the name of the workspace to which the session should be connected + * @return an active session with the given workspace in the named repository + * @throws RepositoryException if any other error occurs + */ + public Session getSession( HttpServletRequest request, + String repositoryName, + String workspaceName ) throws RepositoryException { + assert request != null; + assert request.getUserPrincipal() != null: "Request must be authorized"; + + // Sanity check in case assertions are disabled + if (request.getUserPrincipal() == null) { + throw new UnauthorizedException("Client is not authorized"); + } + + Repository repository; + + try { + repository = getRepository(repositoryName); + + } catch (RepositoryException re) { + throw new NotFoundException(re.getMessage(), re); + } + + return repository.login(new SecurityContextCredentials(new ServletSecurityContext(request)), workspaceName); + + } } Modified: trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java =================================================================== --- trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java 2009-06-06 23:48:57 UTC (rev 985) @@ -1,9 +1,10 @@ package org.jboss.dna.web.jcr.rest.spi; import java.util.Set; -import javax.jcr.Repository; import javax.jcr.RepositoryException; +import javax.jcr.Session; import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; /** * Interface for any class that provides access to one or more local JCR repositories. Repository providers must provide a public, @@ -12,15 +13,18 @@ public interface RepositoryProvider { /** - * Returns a reference to the named repository + * Returns an active session for the given workspace name in the named repository. * - * @param repositoryName the name of the repository to retrieve; may be null - * @return the repository with the given name; may not be null - * @throws RepositoryException if no repository with the given name exists or there is an error obtaining a reference to the - * named repository + * @param request the servlet request; may not be null or unauthenticated + * @param repositoryName the name of the repository in which the session is created + * @param workspaceName the name of the workspace to which the session should be connected + * @return an active session with the given workspace in the named repository + * @throws RepositoryException if any other error occurs */ - Repository getRepository( String repositoryName ) throws RepositoryException; - + public Session getSession( HttpServletRequest request, + String repositoryName, + String workspaceName ) throws RepositoryException; + /** * Returns the available repository names * @@ -40,4 +44,5 @@ * any external resource held. */ void shutdown(); + } Modified: trunk/extensions/dna-web-jcr-rest-war/pom.xml =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/pom.xml 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/pom.xml 2009-06-06 23:48:57 UTC (rev 985) @@ -42,16 +42,11 @@ </dependencies> <build> <finalName>resources</finalName> - <pluginManagement> - <plugins> - <plugin> - </plugin> - </plugins> - </pluginManagement> <plugins> <plugin> <groupId>org.codehaus.cargo</groupId> <artifactId>cargo-maven2-plugin</artifactId> + <!-- >version>1.0.1-SNAPSHOT</version --> <executions> <execution> <id>start-container</id> @@ -71,14 +66,10 @@ <configuration> <configuration> <properties> - <cargo.logging>high</cargo.logging> + <cargo.logging>low</cargo.logging> + <cargo.servlet.users>dnauser:password:connect,readwrite|unauthorized:password:bogus</cargo.servlet.users> </properties> </configuration> - <container> - <systemProperties> - <java.security.auth.login.config>${project.build.directory}/test-classes/jetty-dna.policy</java.security.auth.login.config> - </systemProperties> - </container> <wait>false</wait> </configuration> </plugin> @@ -106,6 +97,7 @@ </executions> </plugin> </plugins> + </build> </project> Added: trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties (rev 0) +++ trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties 2009-06-06 23:48:57 UTC (rev 985) @@ -0,0 +1,13 @@ +log4j.rootLogger = INFO, stdout + +log4j.category.org.apache=DEBUG +log4j.category.org.jboss.resteasy=DEBUG +log4j.category.org.mortbay.jetty.security=ERROR +log4j.category.org.slf4j.impl.JCLLoggerAdapter=DEBUG +log4j.category.org.springframework=INFO + +log4j.appender.stdout = org.apache.log4j.ConsoleAppender +log4j.appender.stdout.Threshold = INFO +log4j.appender.stdout.Target = System.out +log4j.appender.stdout.layout = org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern = [%-5p] [%C] : %m%n [%F:%L] Modified: trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml 2009-06-06 23:48:57 UTC (rev 985) @@ -21,39 +21,47 @@ --> <web-app> <display-name>JBoss DNA JCR RESTful Interface</display-name> + <context-param> <param-name>org.jboss.dna.web.jcr.rest.REPOSITORY_PROVIDER</param-name> <param-value>org.jboss.dna.web.jcr.rest.spi.DnaJcrRepositoryProvider</param-value> </context-param> + <context-param> <param-name>org.jboss.dna.web.jcr.rest.CONFIG_FILE</param-name> <param-value>/configRepository.xml</param-value> </context-param> + <context-param> <param-name>resteasy.providers</param-name> <param-value>org.jboss.dna.web.jcr.rest.JcrResources$NotFoundExceptionMapper, org.jboss.dna.web.jcr.rest.JcrResources$JSONExceptionMapper, org.jboss.dna.web.jcr.rest.JcrResources$RepositoryExceptionMapper</param-value> </context-param> + <context-param> <param-name>javax.ws.rs.Application</param-name> <param-value>org.jboss.dna.web.jcr.rest.JcrApplication</param-value> </context-param> + <listener> <listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class> </listener> + <listener> <listener-class>org.jboss.dna.web.jcr.rest.DnaJcrDeployer</listener-class> </listener> + <servlet> <servlet-name>Resteasy</servlet-name> <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class> </servlet> + <servlet-mapping> <servlet-name>Resteasy</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> -<!-- + <security-constraint> <display-name>DNA REST</display-name> <web-resource-collection> @@ -64,12 +72,12 @@ <role-name>connect</role-name> </auth-constraint> </security-constraint> + <login-config> <auth-method>BASIC</auth-method> - <realm-name>MyRealm</realm-name> </login-config> + <security-role> <role-name>connect</role-name> </security-role> - --> </web-app> Modified: trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java 2009-06-06 23:48:57 UTC (rev 985) @@ -24,13 +24,15 @@ package org.jboss.dna.web.jcr.rest; import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsInstanceOf.instanceOf; import static org.hamcrest.core.IsNull.notNullValue; -import static org.hamcrest.core.IsInstanceOf.instanceOf; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.io.InputStream; +import java.net.Authenticator; import java.net.HttpURLConnection; +import java.net.PasswordAuthentication; import java.net.URL; import java.util.HashSet; import java.util.Set; @@ -48,14 +50,15 @@ @Before public void beforeEach() { -// final String login ="dnauser"; -// final String password ="password"; -// -// Authenticator.setDefault(new Authenticator() { -// protected PasswordAuthentication getPasswordAuthentication() { -// return new PasswordAuthentication (login, password.toCharArray()); -// } -// }); + // Configured in pom + final String login ="dnauser"; + final String password ="password"; + + Authenticator.setDefault(new Authenticator() { + protected PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication (login, password.toCharArray()); + } + }); } private String getResponseFor( HttpURLConnection connection ) throws IOException { @@ -72,6 +75,55 @@ } @Test + public void shouldNotServeContentToUnauthorizedUser() throws Exception { + + final String login ="dnauser"; + final String password ="invalidpassword"; + + Authenticator.setDefault(new Authenticator() { + protected PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication (login, password.toCharArray()); + } + }); + + URL postUrl = new URL(SERVER_URL + "/"); + HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection(); + + connection.setDoOutput(true); + connection.setRequestMethod("GET"); + connection.setRequestProperty("Content-Type", MediaType.APPLICATION_JSON); + + assertThat(connection.getResponseCode(), is(HttpURLConnection.HTTP_UNAUTHORIZED)); + connection.disconnect(); + + } + + @Test + public void shouldNotServeContentToUserWithoutConnectRole() throws Exception { + + // Configured in pom + final String login ="unauthorizeduser"; + final String password ="password"; + + Authenticator.setDefault(new Authenticator() { + protected PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication (login, password.toCharArray()); + } + }); + + URL postUrl = new URL(SERVER_URL + "/"); + HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection(); + + connection.setDoOutput(true); + connection.setRequestMethod("GET"); + connection.setRequestProperty("Content-Type", MediaType.APPLICATION_JSON); + + assertThat(connection.getResponseCode(), is(HttpURLConnection.HTTP_UNAUTHORIZED)); + connection.disconnect(); + + } + + @Test public void shouldServeContentAtRoot() throws Exception { URL postUrl = new URL(SERVER_URL + "/"); HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection(); Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props 2009-06-06 23:48:57 UTC (rev 985) @@ -1 +0,0 @@ -dnauser=password,readwrite Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy 2009-06-06 23:48:57 UTC (rev 985) @@ -1,5 +0,0 @@ -dna-jcr { - org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule optional - debug="true" - file="target/test-classes/dna-test-users.props"; -}; Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml 2009-06-06 23:48:57 UTC (rev 985) @@ -1,9 +0,0 @@ -<Call name="addUserRealm"> - <Arg> - <New class="org.mortbay.jetty.plus.jaas.JAASUserRealm"> - <Set name="name">xyzrealm</Set> - <Set name="LoginModuleName">dna-jcr</Set> - </New> - </Arg> -</Call> - Modified: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties =================================================================== --- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties 2009-06-06 23:48:57 UTC (rev 985) @@ -1,9 +1,9 @@ log4j.rootLogger = DEBUG, stdout -log4j.category.org.apache=INFO -log4j.category.org.jboss.resteasy=INFO -log4j.category.org.mortbay=DEBUG -log4j.category.org.slf4j.impl.JCLLoggerAdapter=INFO +log4j.category.org.apache=DEBUG +log4j.category.org.jboss.resteasy=DEBUG +log4j.category.org.mortbay.jetty.security=ERROR +log4j.category.org.slf4j.impl.JCLLoggerAdapter=DEBUG log4j.category.org.springframework=INFO log4j.appender.stdout = org.apache.log4j.ConsoleAppender Modified: trunk/pom.xml =================================================================== --- trunk/pom.xml 2009-06-06 20:49:31 UTC (rev 984) +++ trunk/pom.xml 2009-06-06 23:48:57 UTC (rev 985) @@ -143,8 +143,8 @@ <module>extensions/dna-mimetype-detector-aperture</module> <module>extensions/dna-common-jdbc</module> <module>extensions/dna-connector-jdbc-metadata</module> - <!-- module>extensions/dna-web-jcr-rest</module --> - <!-- module>extensions/dna-web-jcr-rest-war</module --> + <module>extensions/dna-web-jcr-rest</module> + <module>extensions/dna-web-jcr-rest-war</module> <module>dna-integration-tests</module> <!--module>docs/examples/gettingstarted</module--> </modules>