[jboss-cvs] JBossAS SVN: r60785 - trunk/testsuite/src/main/org/jboss/test/web/test.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Feb 21 18:29:59 EST 2007
Author: bstansberry at jboss.com
Date: 2007-02-21 18:29:58 -0500 (Wed, 21 Feb 2007)
New Revision: 60785
Modified:
trunk/testsuite/src/main/org/jboss/test/web/test/WebIntegrationUnitTestCase.java
Log:
[JBAS-3279] Port test from Branch_4_2
Modified: trunk/testsuite/src/main/org/jboss/test/web/test/WebIntegrationUnitTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/test/WebIntegrationUnitTestCase.java 2007-02-21 23:26:42 UTC (rev 60784)
+++ trunk/testsuite/src/main/org/jboss/test/web/test/WebIntegrationUnitTestCase.java 2007-02-21 23:29:58 UTC (rev 60785)
@@ -282,7 +282,21 @@
{
URL url = new URL(baseURL+"jbosstest/restricted/include_ejb.jsp");
HttpUtils.accessURL(url);
+ }
+
+ /**
+ * JBAS-3279: Authenticated user can bypass declarative role checks for servlets
+ */
+ public void testUnauthorizedAccess() throws Exception
+ {
+ URL url = new URL(baseURL+"jbosstest//restricted3//SecureServlet");
+ HttpUtils.accessURL(url,REALM, HttpURLConnection.HTTP_FORBIDDEN);
+ url = new URL(baseURL+"jbosstest/%2frestricted3//SecureServlet");
+ // BES 2007/02/21 -- %xx encoded '/' is verboten so we now expect 400
+ //HttpUtils.accessURL(url,REALM, HttpURLConnection.HTTP_FORBIDDEN);
+ HttpUtils.accessURL(url,REALM, HttpURLConnection.HTTP_BAD_REQUEST);
}
+
/** Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
* to test that an unsecured servlet cannot access a secured EJB method
* that requires a valid permission. This should fail.
More information about the jboss-cvs-commits
mailing list