Author: bcarothers
Date: 2009-06-06 19:48:57 -0400 (Sat, 06 Jun 2009)
New Revision: 985
Added:
trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java
Removed:
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml
trunk/extensions/dna-web-jcr-rest/src/main/webapp/
Modified:
trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java
trunk/extensions/dna-web-jcr-rest-war/pom.xml
trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml
trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java
trunk/pom.xml
Log:
DNA-440 Integrate Servlet Security with DNA ExecutionContext
Applied patch that:
- Adds class ServletSecurityContext to wrap HttpServletRequests in a SecurityContext for
authorization within DNA
- Makes JcrResource utilize a wrapped HttpServletRequest to login to the JCR Repository
instead of a hardcoded user/password
- Refactors the SPI to remove the ability to get a repository by name and add the ability
to get a session from a request, repository name, and workspace name
- Refactors surrounding classes in accord with change from prior line
- Modifies integration test WAR to require basic authentication for all URIs
- Modifies POM to add a valid user/password combination with the correct connect role;
stripped all JAAS configuration
- Makes existing test cases use
- Adds test cases for bad password and user without connect role
The REST integration test case throws out a bunch of spurious warnings about authorization
failure, but since the test cases test that 1) nothing gets returned if authorization
actually fails and 2) the right things do get returned when authorization works, I'm
going to write this off as a Jetty quirk until proven otherwise.
Modified: trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java
===================================================================
--- trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java 2009-06-06
20:49:31 UTC (rev 984)
+++ trunk/dna-graph/src/test/java/org/jboss/dna/graph/MockSecurityContext.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -20,17 +20,14 @@
this.entitlements = entitlements != null ? entitlements :
Collections.<String>emptySet();
}
- @Override
public String getUserName() {
return userName;
}
- @Override
public boolean hasRole( String roleName ) {
return entitlements.contains(roleName);
}
- @Override
public void logout() {
}
Modified:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/JcrResources.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -35,7 +35,6 @@
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
-import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
@@ -126,36 +125,26 @@
public static final String EMPTY_WORKSPACE_NAME = "<default>";
/**
- * Returns a reference to the named repository, if it exists.
- *
- * @param repositoryName the name of the repository to load
- * @return the repository
- * @throws RepositoryException if any other error occurs
- */
- private Repository getRepository( String repositoryName ) throws RepositoryException
{
- return RepositoryFactory.getRepository(repositoryName);
- }
-
- /**
* Returns an active session for the given workspace name in the named repository.
*
+ * @param request the servlet request; may not be null or unauthenticated
* @param rawRepositoryName the URL-encoded name of the repository in which the
session is created
- * @param rawWorkspaceName the URL-endecoded name of the workspace to which the
session should be connected
+ * @param rawWorkspaceName the URL-encoded name of the workspace to which the session
should be connected
* @return an active session with the given workspace in the named repository
* @throws RepositoryException if any other error occurs
*/
- private Session getSession( String rawRepositoryName,
+ private Session getSession( HttpServletRequest request,
+ String rawRepositoryName,
String rawWorkspaceName ) throws NotFoundException,
RepositoryException {
+ assert request != null;
+ assert request.getUserPrincipal() != null: "Request must be
authorized";
- Repository repository;
- try {
- repository = getRepository(repositoryNameFor(rawRepositoryName));
-
- } catch (RepositoryException re) {
- throw new NotFoundException(re.getMessage(), re);
+ // Sanity check
+ if (request.getUserPrincipal() == null) {
+ throw new UnauthorizedException("Client is not authorized");
}
- return repository.login(null, workspaceNameFor(rawWorkspaceName));
+ return RepositoryFactory.getSession(request,
repositoryNameFor(rawRepositoryName), workspaceNameFor(rawWorkspaceName));
}
/**
@@ -205,7 +194,7 @@
Map<String, WorkspaceEntry> workspaces = new HashMap<String,
WorkspaceEntry>();
- Session session = getSession(rawRepositoryName, null);
+ Session session = getSession(request, rawRepositoryName, null);
rawRepositoryName = URL_ENCODER.encode(rawRepositoryName);
for (String name : session.getWorkspace().getAccessibleWorkspaceNames()) {
@@ -222,6 +211,7 @@
/**
* Handles GET requests for an item in a workspace.
*
+ * @param request the servlet request; may not be null or unauthenticated
* @param rawRepositoryName the URL-encoded repository name
* @param rawWorkspaceName the URL-encoded workspace name
* @param path the path to the item
@@ -242,7 +232,8 @@
@GET
@Path( "/{repositoryName}/{workspaceName}/items{path:.*}" )
@Produces( "application/json" )
- public String getItem( @PathParam( "repositoryName" ) String
rawRepositoryName,
+ public String getItem( @Context HttpServletRequest request,
+ @PathParam( "repositoryName" ) String
rawRepositoryName,
@PathParam( "workspaceName" ) String
rawWorkspaceName,
@PathParam( "path" ) String path,
@QueryParam( "dna:depth" ) @DefaultValue(
"0" ) int depth )
@@ -251,7 +242,7 @@
assert rawRepositoryName != null;
assert rawWorkspaceName != null;
- Session session = getSession(rawRepositoryName, rawWorkspaceName);
+ Session session = getSession(request, rawRepositoryName, rawWorkspaceName);
Item item;
if ("/".equals(path) || "".equals(path)) {
@@ -365,6 +356,7 @@
* jcr:mixinTypes} properties.
* </p>
*
+ * @param request the servlet request; may not be null or unauthenticated
* @param rawRepositoryName the URL-encoded repository name
* @param rawWorkspaceName the URL-encoded workspace name
* @param path the path to the item
@@ -379,7 +371,8 @@
@POST
@Path( "/{repositoryName}/{workspaceName}/items/{path:.*}" )
@Consumes( "application/json" )
- public Response postItem( @PathParam( "repositoryName" ) String
rawRepositoryName,
+ public Response postItem( @Context HttpServletRequest request,
+ @PathParam( "repositoryName" ) String
rawRepositoryName,
@PathParam( "workspaceName" ) String
rawWorkspaceName,
@PathParam( "path" ) String path,
String requestContent )
@@ -394,7 +387,7 @@
String parentPath = lastSlashInd == -1 ? "/" : "/" +
path.substring(0, lastSlashInd);
String newNodeName = lastSlashInd == -1 ? path : path.substring(lastSlashInd +
1);
- Session session = getSession(rawRepositoryName, rawWorkspaceName);
+ Session session = getSession(request, rawRepositoryName, rawWorkspaceName);
Node parentNode = (Node)session.getItem(parentPath);
@@ -499,6 +492,7 @@
/**
* Deletes the item at {@code path}.
*
+ * @param request the servlet request; may not be null or unauthenticated
* @param rawRepositoryName the URL-encoded repository name
* @param rawWorkspaceName the URL-encoded workspace name
* @param path the path to the item
@@ -509,7 +503,8 @@
@DELETE
@Path( "/{repositoryName}/{workspaceName}/items{path:.*}" )
@Consumes( "application/json" )
- public void deleteItem( @PathParam( "repositoryName" ) String
rawRepositoryName,
+ public void deleteItem( @Context HttpServletRequest request,
+ @PathParam( "repositoryName" ) String
rawRepositoryName,
@PathParam( "workspaceName" ) String
rawWorkspaceName,
@PathParam( "path" ) String path )
throws NotFoundException, UnauthorizedException, RepositoryException {
@@ -518,7 +513,7 @@
assert rawWorkspaceName != null;
assert path != null;
- Session session = getSession(rawRepositoryName, rawWorkspaceName);
+ Session session = getSession(request, rawRepositoryName, rawWorkspaceName);
Item item;
try {
@@ -539,6 +534,7 @@
* keys correspond to the values that will be set on the properties.
* </p>
*
+ * @param request the servlet request; may not be null or unauthenticated
* @param rawRepositoryName the URL-encoded repository name
* @param rawWorkspaceName the URL-encoded workspace name
* @param path the path to the item
@@ -552,7 +548,8 @@
@PUT
@Path( "/{repositoryName}/{workspaceName}/items{path:.*}" )
@Consumes( "application/json" )
- public String putItem( @PathParam( "repositoryName" ) String
rawRepositoryName,
+ public String putItem( @Context HttpServletRequest request,
+ @PathParam( "repositoryName" ) String
rawRepositoryName,
@PathParam( "workspaceName" ) String
rawWorkspaceName,
@PathParam( "path" ) String path,
String requestContent ) throws UnauthorizedException,
JSONException, RepositoryException {
@@ -561,7 +558,7 @@
assert rawRepositoryName != null;
assert rawWorkspaceName != null;
- Session session = getSession(rawRepositoryName, rawWorkspaceName);
+ Session session = getSession(request, rawRepositoryName, rawWorkspaceName);
Node node;
Item item;
if ("".equals(path) || "/".equals(path)) {
Modified:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/RepositoryFactory.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -1,9 +1,10 @@
package org.jboss.dna.web.jcr.rest;
import java.util.Collection;
-import javax.jcr.Repository;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
import org.jboss.dna.web.jcr.rest.spi.RepositoryProvider;
public class RepositoryFactory {
@@ -30,8 +31,8 @@
provider.startup(context);
}
- public static Repository getRepository( String repositoryName ) throws
RepositoryException {
- return provider.getRepository(repositoryName);
+ public static Session getSession( HttpServletRequest request, String repositoryName,
String workspaceName) throws RepositoryException {
+ return provider.getSession(request, repositoryName, workspaceName);
}
public static Collection<String> getJcrRepositoryNames() {
Added:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java
(rev 0)
+++
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -0,0 +1,53 @@
+package org.jboss.dna.web.jcr.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import org.jboss.dna.common.util.CheckArg;
+import org.jboss.dna.graph.SecurityContext;
+
+/**
+ * Servlet-based {@link SecurityContext security context} that assumes servlet-based
authentication and provides authorization
+ * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking
mechanism}.
+ */
+public class ServletSecurityContext implements SecurityContext {
+
+ private final String userName;
+ private final HttpServletRequest request;
+
+ /**
+ * Create a {@link ServletSecurityContext} with the supplied {@link
HttpServletRequest servlet information}.
+ *
+ * @param request the servlet request; may not be null
+ */
+ public ServletSecurityContext( HttpServletRequest request ) {
+ CheckArg.isNotNull(request, "request");
+ this.request = request;
+ this.userName = request.getUserPrincipal() != null ?
request.getUserPrincipal().getName() : null;
+ }
+
+ /**
+ * {@inheritDoc SecurityContext#getUserName()}
+ *
+ * @see SecurityContext#getUserName()
+ */
+ public final String getUserName() {
+ return userName;
+ }
+
+ /**
+ * {@inheritDoc SecurityContext#hasRole(String)}
+ *
+ * @see SecurityContext#hasRole(String)
+ */
+ public final boolean hasRole( String roleName ) {
+ return request.isUserInRole(roleName);
+ }
+
+ /**
+ * {@inheritDoc SecurityContext#logout()}
+ *
+ * @see SecurityContext#logout()
+ */
+ public void logout() {
+ }
+
+}
Property changes on:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/ServletSecurityContext.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/DnaJcrRepositoryProvider.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -6,9 +6,15 @@
import java.util.Set;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
import org.jboss.dna.jcr.JcrConfiguration;
import org.jboss.dna.jcr.JcrEngine;
+import org.jboss.dna.jcr.SecurityContextCredentials;
+import org.jboss.dna.web.jcr.rest.ServletSecurityContext;
+import org.jboss.resteasy.spi.NotFoundException;
+import org.jboss.resteasy.spi.UnauthorizedException;
import org.xml.sax.SAXException;
public class DnaJcrRepositoryProvider implements RepositoryProvider {
@@ -24,7 +30,7 @@
return new HashSet<String>(jcrEngine.getRepositoryNames());
}
- public Repository getRepository( String repositoryName ) throws RepositoryException
{
+ private Repository getRepository( String repositoryName ) throws RepositoryException
{
return jcrEngine.getRepository(repositoryName);
}
@@ -46,4 +52,37 @@
public void shutdown() {
jcrEngine.shutdown();
}
+
+ /**
+ * Returns an active session for the given workspace name in the named repository.
+ *
+ * @param request the servlet request; may not be null or unauthenticated
+ * @param repositoryName the name of the repository in which the session is created
+ * @param workspaceName the name of the workspace to which the session should be
connected
+ * @return an active session with the given workspace in the named repository
+ * @throws RepositoryException if any other error occurs
+ */
+ public Session getSession( HttpServletRequest request,
+ String repositoryName,
+ String workspaceName ) throws RepositoryException {
+ assert request != null;
+ assert request.getUserPrincipal() != null: "Request must be
authorized";
+
+ // Sanity check in case assertions are disabled
+ if (request.getUserPrincipal() == null) {
+ throw new UnauthorizedException("Client is not authorized");
+ }
+
+ Repository repository;
+
+ try {
+ repository = getRepository(repositoryName);
+
+ } catch (RepositoryException re) {
+ throw new NotFoundException(re.getMessage(), re);
+ }
+
+ return repository.login(new SecurityContextCredentials(new
ServletSecurityContext(request)), workspaceName);
+
+ }
}
Modified:
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest/src/main/java/org/jboss/dna/web/jcr/rest/spi/RepositoryProvider.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -1,9 +1,10 @@
package org.jboss.dna.web.jcr.rest.spi;
import java.util.Set;
-import javax.jcr.Repository;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
/**
* Interface for any class that provides access to one or more local JCR repositories.
Repository providers must provide a public,
@@ -12,15 +13,18 @@
public interface RepositoryProvider {
/**
- * Returns a reference to the named repository
+ * Returns an active session for the given workspace name in the named repository.
*
- * @param repositoryName the name of the repository to retrieve; may be null
- * @return the repository with the given name; may not be null
- * @throws RepositoryException if no repository with the given name exists or there
is an error obtaining a reference to the
- * named repository
+ * @param request the servlet request; may not be null or unauthenticated
+ * @param repositoryName the name of the repository in which the session is created
+ * @param workspaceName the name of the workspace to which the session should be
connected
+ * @return an active session with the given workspace in the named repository
+ * @throws RepositoryException if any other error occurs
*/
- Repository getRepository( String repositoryName ) throws RepositoryException;
-
+ public Session getSession( HttpServletRequest request,
+ String repositoryName,
+ String workspaceName ) throws RepositoryException;
+
/**
* Returns the available repository names
*
@@ -40,4 +44,5 @@
* any external resource held.
*/
void shutdown();
+
}
Modified: trunk/extensions/dna-web-jcr-rest-war/pom.xml
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/pom.xml 2009-06-06 20:49:31 UTC (rev 984)
+++ trunk/extensions/dna-web-jcr-rest-war/pom.xml 2009-06-06 23:48:57 UTC (rev 985)
@@ -42,16 +42,11 @@
</dependencies>
<build>
<finalName>resources</finalName>
- <pluginManagement>
- <plugins>
- <plugin>
- </plugin>
- </plugins>
- </pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.cargo</groupId>
<artifactId>cargo-maven2-plugin</artifactId>
+ <!-- >version>1.0.1-SNAPSHOT</version -->
<executions>
<execution>
<id>start-container</id>
@@ -71,14 +66,10 @@
<configuration>
<configuration>
<properties>
- <cargo.logging>high</cargo.logging>
+ <cargo.logging>low</cargo.logging>
+ <cargo.servlet.users>dnauser:password:connect,readwrite|unauthorized:password:bogus</cargo.servlet.users>
</properties>
</configuration>
- <container>
- <systemProperties>
- <java.security.auth.login.config>${project.build.directory}/test-classes/jetty-dna.policy</java.security.auth.login.config>
- </systemProperties>
- </container>
<wait>false</wait>
</configuration>
</plugin>
@@ -106,6 +97,7 @@
</executions>
</plugin>
</plugins>
+
</build>
</project>
Added: trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties
(rev 0)
+++ trunk/extensions/dna-web-jcr-rest-war/src/main/resources/log4j.properties 2009-06-06
23:48:57 UTC (rev 985)
@@ -0,0 +1,13 @@
+log4j.rootLogger = INFO, stdout
+
+log4j.category.org.apache=DEBUG
+log4j.category.org.jboss.resteasy=DEBUG
+log4j.category.org.mortbay.jetty.security=ERROR
+log4j.category.org.slf4j.impl.JCLLoggerAdapter=DEBUG
+log4j.category.org.springframework=INFO
+
+log4j.appender.stdout = org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.Threshold = INFO
+log4j.appender.stdout.Target = System.out
+log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern = [%-5p] [%C] : %m%n [%F:%L]
Modified: trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml 2009-06-06
20:49:31 UTC (rev 984)
+++ trunk/extensions/dna-web-jcr-rest-war/src/main/webapp/WEB-INF/web.xml 2009-06-06
23:48:57 UTC (rev 985)
@@ -21,39 +21,47 @@
-->
<web-app>
<display-name>JBoss DNA JCR RESTful Interface</display-name>
+
<context-param>
<param-name>org.jboss.dna.web.jcr.rest.REPOSITORY_PROVIDER</param-name>
<param-value>org.jboss.dna.web.jcr.rest.spi.DnaJcrRepositoryProvider</param-value>
</context-param>
+
<context-param>
<param-name>org.jboss.dna.web.jcr.rest.CONFIG_FILE</param-name>
<param-value>/configRepository.xml</param-value>
</context-param>
+
<context-param>
<param-name>resteasy.providers</param-name>
<param-value>org.jboss.dna.web.jcr.rest.JcrResources$NotFoundExceptionMapper,
org.jboss.dna.web.jcr.rest.JcrResources$JSONExceptionMapper,
org.jboss.dna.web.jcr.rest.JcrResources$RepositoryExceptionMapper</param-value>
</context-param>
+
<context-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.jboss.dna.web.jcr.rest.JcrApplication</param-value>
</context-param>
+
<listener>
<listener-class>org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>
+
<listener>
<listener-class>org.jboss.dna.web.jcr.rest.DnaJcrDeployer</listener-class>
</listener>
+
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
</servlet>
+
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
-<!--
+
<security-constraint>
<display-name>DNA REST</display-name>
<web-resource-collection>
@@ -64,12 +72,12 @@
<role-name>connect</role-name>
</auth-constraint>
</security-constraint>
+
<login-config>
<auth-method>BASIC</auth-method>
- <realm-name>MyRealm</realm-name>
</login-config>
+
<security-role>
<role-name>connect</role-name>
</security-role>
- -->
</web-app>
Modified:
trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java
===================================================================
---
trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest-war/src/test/java/org/jboss/dna/web/jcr/rest/JcrResourcesTest.java 2009-06-06
23:48:57 UTC (rev 985)
@@ -24,13 +24,15 @@
package org.jboss.dna.web.jcr.rest;
import static org.hamcrest.core.Is.is;
+import static org.hamcrest.core.IsInstanceOf.instanceOf;
import static org.hamcrest.core.IsNull.notNullValue;
-import static org.hamcrest.core.IsInstanceOf.instanceOf;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
+import java.net.Authenticator;
import java.net.HttpURLConnection;
+import java.net.PasswordAuthentication;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;
@@ -48,14 +50,15 @@
@Before
public void beforeEach() {
-// final String login ="dnauser";
-// final String password ="password";
-//
-// Authenticator.setDefault(new Authenticator() {
-// protected PasswordAuthentication getPasswordAuthentication() {
-// return new PasswordAuthentication (login, password.toCharArray());
-// }
-// });
+ // Configured in pom
+ final String login ="dnauser";
+ final String password ="password";
+
+ Authenticator.setDefault(new Authenticator() {
+ protected PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication (login, password.toCharArray());
+ }
+ });
}
private String getResponseFor( HttpURLConnection connection ) throws IOException {
@@ -72,6 +75,55 @@
}
@Test
+ public void shouldNotServeContentToUnauthorizedUser() throws Exception {
+
+ final String login ="dnauser";
+ final String password ="invalidpassword";
+
+ Authenticator.setDefault(new Authenticator() {
+ protected PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication (login, password.toCharArray());
+ }
+ });
+
+ URL postUrl = new URL(SERVER_URL + "/");
+ HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection();
+
+ connection.setDoOutput(true);
+ connection.setRequestMethod("GET");
+ connection.setRequestProperty("Content-Type",
MediaType.APPLICATION_JSON);
+
+ assertThat(connection.getResponseCode(),
is(HttpURLConnection.HTTP_UNAUTHORIZED));
+ connection.disconnect();
+
+ }
+
+ @Test
+ public void shouldNotServeContentToUserWithoutConnectRole() throws Exception {
+
+ // Configured in pom
+ final String login ="unauthorizeduser";
+ final String password ="password";
+
+ Authenticator.setDefault(new Authenticator() {
+ protected PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication (login, password.toCharArray());
+ }
+ });
+
+ URL postUrl = new URL(SERVER_URL + "/");
+ HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection();
+
+ connection.setDoOutput(true);
+ connection.setRequestMethod("GET");
+ connection.setRequestProperty("Content-Type",
MediaType.APPLICATION_JSON);
+
+ assertThat(connection.getResponseCode(),
is(HttpURLConnection.HTTP_UNAUTHORIZED));
+ connection.disconnect();
+
+ }
+
+ @Test
public void shouldServeContentAtRoot() throws Exception {
URL postUrl = new URL(SERVER_URL + "/");
HttpURLConnection connection = (HttpURLConnection)postUrl.openConnection();
Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props
===================================================================
---
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props 2009-06-06
20:49:31 UTC (rev 984)
+++
trunk/extensions/dna-web-jcr-rest-war/src/test/resources/dna-test-users.props 2009-06-06
23:48:57 UTC (rev 985)
@@ -1 +0,0 @@
-dnauser=password,readwrite
Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy 2009-06-06
20:49:31 UTC (rev 984)
+++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-dna.policy 2009-06-06
23:48:57 UTC (rev 985)
@@ -1,5 +0,0 @@
-dna-jcr {
- org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule optional
- debug="true"
- file="target/test-classes/dna-test-users.props";
-};
Deleted: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml 2009-06-06
20:49:31 UTC (rev 984)
+++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/jetty-jaas.xml 2009-06-06
23:48:57 UTC (rev 985)
@@ -1,9 +0,0 @@
-<Call name="addUserRealm">
- <Arg>
- <New class="org.mortbay.jetty.plus.jaas.JAASUserRealm">
- <Set name="name">xyzrealm</Set>
- <Set name="LoginModuleName">dna-jcr</Set>
- </New>
- </Arg>
-</Call>
-
Modified: trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties
===================================================================
--- trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties 2009-06-06
20:49:31 UTC (rev 984)
+++ trunk/extensions/dna-web-jcr-rest-war/src/test/resources/log4j.properties 2009-06-06
23:48:57 UTC (rev 985)
@@ -1,9 +1,9 @@
log4j.rootLogger = DEBUG, stdout
-log4j.category.org.apache=INFO
-log4j.category.org.jboss.resteasy=INFO
-log4j.category.org.mortbay=DEBUG
-log4j.category.org.slf4j.impl.JCLLoggerAdapter=INFO
+log4j.category.org.apache=DEBUG
+log4j.category.org.jboss.resteasy=DEBUG
+log4j.category.org.mortbay.jetty.security=ERROR
+log4j.category.org.slf4j.impl.JCLLoggerAdapter=DEBUG
log4j.category.org.springframework=INFO
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
Modified: trunk/pom.xml
===================================================================
--- trunk/pom.xml 2009-06-06 20:49:31 UTC (rev 984)
+++ trunk/pom.xml 2009-06-06 23:48:57 UTC (rev 985)
@@ -143,8 +143,8 @@
<module>extensions/dna-mimetype-detector-aperture</module>
<module>extensions/dna-common-jdbc</module>
<module>extensions/dna-connector-jdbc-metadata</module>
- <!-- module>extensions/dna-web-jcr-rest</module -->
- <!-- module>extensions/dna-web-jcr-rest-war</module -->
+ <module>extensions/dna-web-jcr-rest</module>
+ <module>extensions/dna-web-jcr-rest-war</module>
<module>dna-integration-tests</module>
<!--module>docs/examples/gettingstarted</module-->
</modules>