[Jboss-cvs] JBossAS SVN: r56811 - in trunk/testsuite: imports/sections src/main/org/jboss/test/web/security src/resources/web/federation src/resources/web/federation/authext src/resources/web/federation/genericheader
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 13 13:52:09 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-09-13 13:52:07 -0400 (Wed, 13 Sep 2006)
New Revision: 56811
Added:
trunk/testsuite/src/main/org/jboss/test/web/security/CustomHeaderAuthTestCase.java
trunk/testsuite/src/resources/web/federation/genericheader/
trunk/testsuite/src/resources/web/federation/genericheader/application.xml
Modified:
trunk/testsuite/imports/sections/web.xml
trunk/testsuite/src/resources/web/federation/authext/jboss-service.xml
Log:
JBAS-2283: testcase/resources for custom header based auth
Modified: trunk/testsuite/imports/sections/web.xml
===================================================================
--- trunk/testsuite/imports/sections/web.xml 2006-09-13 17:51:00 UTC (rev 56810)
+++ trunk/testsuite/imports/sections/web.xml 2006-09-13 17:52:07 UTC (rev 56811)
@@ -511,6 +511,43 @@
<include name="**/*.html"/>
<include name="**/*.jsp"/>
</fileset>
- </war>
+ </war>
+
+ <!--JBAS-2283: Custom Header Based Auth -->
+ <war destfile="${build.lib}/header-form-auth.war"
+ webxml="${build.resources}/web/form-auth/form-auth-web.xml">
+ <webinf dir="${build.resources}/web/form-auth">
+ <include name="jboss-web.xml"/>
+ </webinf>
+ <classes dir="${build.classes}">
+ <include name="org/jboss/test/web/servlets/SecureServlet.class"/>
+ <include
+ name="org/jboss/test/web/servlets/SecuredPostServlet.class"/>
+ <include name="org/jboss/test/web/servlets/LogoutServlet.class"/>
+ </classes>
+ <fileset dir="${build.resources}/web/form-auth">
+ <include name="**/*.html"/>
+ <include name="**/*.jsp"/>
+ </fileset>
+ </war>
+ <zip destfile="${build.lib}/header-form-auth.ear">
+ <zipfileset dir="${build.resources}/web/form-auth" prefix="META-INF">
+ <include name="jboss-app.xml"/>
+ <include name="security-config.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web/federation/genericheader" prefix="META-INF">
+ <include name="application.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-users.properties"
+ includes="users.properties"/>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-roles.properties"
+ includes="roles.properties"/>
+ <zipfileset dir="${build.lib}" includes="header-form-auth.war"/>
+ <zipfileset dir="${build.resources}/web/form-auth"
+ includes="jboss-service.xml"/>
+ </zip>
+
</target>
</project>
Added: trunk/testsuite/src/main/org/jboss/test/web/security/CustomHeaderAuthTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/security/CustomHeaderAuthTestCase.java 2006-09-13 17:51:00 UTC (rev 56810)
+++ trunk/testsuite/src/main/org/jboss/test/web/security/CustomHeaderAuthTestCase.java 2006-09-13 17:52:07 UTC (rev 56811)
@@ -0,0 +1,178 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.security;
+
+import java.net.HttpURLConnection;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.commons.httpclient.Cookie;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+
+//$Id$
+
+/**
+ * JBAS-2283: Custom Header based authentication
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Sep 11, 2006
+ * @version $Revision$
+ */
+public class CustomHeaderAuthTestCase extends JBossTestCase
+{
+ private String baseURLNoAuth = "http://" + getServerHost() + ":" + Integer.getInteger("web.port", 8080) + "/";
+ private HttpClient httpConn = new HttpClient();
+
+ private String path = "header-form-auth/restricted/SecuredServlet";
+
+ public CustomHeaderAuthTestCase(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Ensure that in the absence of headers, there is regular
+ * form based authentication
+ * @throws Exception
+ */
+ public void testRegularFormAuth() throws Exception
+ {
+ doSecureGetWithLogin(path, "jduke", "theduke");
+ }
+
+ /**
+ * Test usecases where the userid is sent via header and the
+ * session key is used as the password. To simplify testing,
+ * we pass a password as part of the session key. In reality,
+ * there needs to be a login module that can take the username
+ * and session key and validate.
+ * @throws Exception
+ */
+ public void testCustomHeaderBaseAuth() throws Exception
+ {
+ String serverHost = getServerHost();
+ //Siteminder usecase
+ performCustomAuth("sm_ssoid", new Cookie(serverHost,
+ "SMSESSION", "theduke", "/", null, false), "SiteMinder");
+
+ //Cleartrust usecase
+ performCustomAuth("ct-remote-user", new Cookie(serverHost,
+ "CTSESSION", "theduke", "/", null, false), "Cleartrust");
+
+ //Oblix usecase
+ performCustomAuth("HTTP_OBLIX_UID", new Cookie(serverHost,
+ "ObSSOCookie", "theduke", "/", null, false), "Oblix");
+ }
+
+ private void performCustomAuth(String headerId, Cookie cookie,
+ String usecase) throws Exception
+ {
+ GetMethod indexGet = new GetMethod(baseURLNoAuth+path);
+ indexGet.addRequestHeader(headerId, "jduke");
+ httpConn.getState().addCookie(cookie);
+ int responseCode = httpConn.executeMethod(indexGet);
+ String response = indexGet.getStatusText();
+ log.debug("Response from " + usecase + " case:"+response);
+ Header jex = indexGet.getResponseHeader("X-JException");
+ log.debug("Saw X-JException, "+jex);
+ assertNull("X-JException == null", jex);
+ assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
+ }
+
+ private PostMethod doSecureGetWithLogin(String path, String username, String password)
+ throws Exception
+ {
+ GetMethod indexGet = new GetMethod(baseURLNoAuth+path);
+ int responseCode = httpConn.executeMethod(indexGet);
+ String body = indexGet.getResponseBodyAsString();
+ assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
+ assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 );
+
+ HttpState state = httpConn.getState();
+ Cookie[] cookies = state.getCookies();
+ String sessionID = null;
+ for(int c = 0; c < cookies.length; c ++)
+ {
+ Cookie k = cookies[c];
+ if( k.getName().equalsIgnoreCase("JSESSIONID") )
+ sessionID = k.getValue();
+ }
+ getLog().debug("Saw JSESSIONID="+sessionID);
+
+ // Submit the login form
+ PostMethod formPost = new PostMethod(baseURLNoAuth+"header-form-auth/j_security_check");
+ formPost.addRequestHeader("Referer", baseURLNoAuth+"header-form-auth/restricted/login.html");
+ formPost.addParameter("j_username", username);
+ formPost.addParameter("j_password", password);
+ responseCode = httpConn.executeMethod(formPost.getHostConfiguration(),
+ formPost, state);
+ String response = formPost.getStatusText();
+ log.debug("responseCode="+responseCode+", response="+response);
+ assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
+
+ // Follow the redirect to the SecureServlet
+ Header location = formPost.getResponseHeader("Location");
+ String indexURI = location.getValue();
+ GetMethod war1Index = new GetMethod(indexURI);
+ responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(),
+ war1Index, state);
+ response = war1Index.getStatusText();
+ log.debug("responseCode="+responseCode+", response="+response);
+ assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
+ body = war1Index.getResponseBodyAsString();
+ if( body.indexOf("j_security_check") > 0 )
+ fail("get of "+indexURI+" redirected to login page");
+ return formPost;
+ }
+
+ /** One time setup for all SingleSignOnUnitTestCase unit tests
+ */
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(CustomHeaderAuthTestCase.class));
+
+ // Create an initializer for the test suite
+ Test wrapper = new JBossTestSetup(suite)
+ {
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ deploy("header-form-auth.ear");
+ // Make sure the security cache is clear
+ flushAuthCache();
+ }
+ protected void tearDown() throws Exception
+ {
+ undeploy("header-form-auth.ear");
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+}
Modified: trunk/testsuite/src/resources/web/federation/authext/jboss-service.xml
===================================================================
--- trunk/testsuite/src/resources/web/federation/authext/jboss-service.xml 2006-09-13 17:51:00 UTC (rev 56810)
+++ trunk/testsuite/src/resources/web/federation/authext/jboss-service.xml 2006-09-13 17:52:07 UTC (rev 56811)
@@ -25,7 +25,7 @@
</java:property>
<java:property>
<java:key>FORM</java:key>
- <java:value>org.apache.catalina.authenticator.FormAuthenticator</java:value>
+ <java:value>org.jboss.web.tomcat.security.GenericHeaderAuthenticator</java:value>
</java:property>
<java:property>
<java:key>NONE</java:key>
@@ -67,6 +67,10 @@
<attribute name="LenientEjbLink">true</attribute>
+ <!-- JBAS-2283: Custom Header based authentication -->
+ <attribute name="HttpHeaderForSSOAuth">sm_ssoid,ct-remote-user,HTTP_OBLIX_UID</attribute>
+ <attribute name="SessionCookieForSSOAuth">SMSESSION,CTSESSION,ObSSOCookie</attribute>
+
<!--
Class of the session manager (used if context is marked as 'distributable'. Currently allowed values:
- org.jboss.web.tomcat.tc6.session.JBossCacheManager
Added: trunk/testsuite/src/resources/web/federation/genericheader/application.xml
===================================================================
--- trunk/testsuite/src/resources/web/federation/genericheader/application.xml 2006-09-13 17:51:00 UTC (rev 56810)
+++ trunk/testsuite/src/resources/web/federation/genericheader/application.xml 2006-09-13 17:52:07 UTC (rev 56811)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC
+ "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
+ "http://java.sun.com/dtd/application_1_3.dtd">
+
+<application>
+ <display-name>JBossTest Web Container FORM auth tests</display-name>
+
+ <module>
+ <web>
+ <web-uri>header-form-auth.war</web-uri>
+ </web>
+ </module>
+
+</application>
More information about the jboss-cvs-commits
mailing list