[jboss-cvs] JBossAS SVN: r66441 - in branches/Branch_4_2/testsuite: imports/sections and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 25 12:07:07 EDT 2007
Author: sguilhen at redhat.com
Date: 2007-10-25 12:07:07 -0400 (Thu, 25 Oct 2007)
New Revision: 66441
Added:
branches/Branch_4_2/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java
branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/
branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml
branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/context.xml
branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml
branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/jboss-web.xml
Modified:
branches/Branch_4_2/testsuite/build.xml
branches/Branch_4_2/testsuite/imports/sections/web.xml
branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/application.xml
Log:
JBAS-4804: Test files for the ssoid/session name injection capabilities of GenericHeaderAuthenticator.
Modified: branches/Branch_4_2/testsuite/build.xml
===================================================================
--- branches/Branch_4_2/testsuite/build.xml 2007-10-25 15:50:40 UTC (rev 66440)
+++ branches/Branch_4_2/testsuite/build.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -618,6 +618,7 @@
<!-- Tests needing tomcat federation -->
<patternset id="tc-federation.includes">
<include name="org/jboss/test/web/security/*TestCase.class"/>
+ <exclude name="org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.class"/>
<include name="org/jboss/test/web/test/FormAuthUnitTestCase.class"/>
</patternset>
<!-- Tests needing tomcat SSL -->
Modified: branches/Branch_4_2/testsuite/imports/sections/web.xml
===================================================================
--- branches/Branch_4_2/testsuite/imports/sections/web.xml 2007-10-25 15:50:40 UTC (rev 66440)
+++ branches/Branch_4_2/testsuite/imports/sections/web.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -512,7 +512,7 @@
<include name="jboss-app.xml"/>
<include name="security-config.xml"/>
</zipfileset>
- <zipfileset dir="${build.resources}/web/federation/genericheader" prefix="META-INF">
+ <zipfileset dir="${build.resources}/web/federation/customheader" prefix="META-INF">
<include name="application.xml"/>
</zipfileset>
<zipfileset dir="${build.resources}/web"
@@ -526,6 +526,40 @@
includes="jboss-service.xml"/>
</zip>
+ <!--JBAS-4804: Generic Header Based Auth -->
+ <war destfile="${build.lib}/generic-header-auth.war"
+ webxml="${build.resources}/web/federation/genericheader/header-auth-web.xml">
+ <webinf dir="${build.resources}/web/federation/genericheader">
+ <include name="jboss-web.xml"/>
+ <include name="context.xml"/>
+ </webinf>
+ <classes dir="${build.classes}">
+ <include name="org/jboss/test/web/servlets/SecureServlet.class"/>
+ </classes>
+ <fileset dir="${build.resources}/web/form-auth">
+ <include name="**/*.html"/>
+ <include name="**/*.jsp"/>
+ </fileset>
+ </war>
+ <zip destfile="${build.lib}/generic-header-auth.ear">
+ <zipfileset dir="${build.resources}/web/form-auth" prefix="META-INF">
+ <include name="jboss-app.xml"/>
+ <include name="security-config.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web/federation/genericheader" prefix="META-INF">
+ <include name="application.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-users.properties"
+ includes="users.properties"/>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-roles.properties"
+ includes="roles.properties"/>
+ <zipfileset dir="${build.lib}" includes="generic-header-auth.war"/>
+ <zipfileset dir="${build.resources}/web/form-auth"
+ includes="jboss-service.xml"/>
+ </zip>
+
<!-- JBAS-4077: Programmatic Web Login -->
<war destfile="${build.lib}/programmaticweblogin.war"
webxml="${build.resources}/web/programmatic/WEB-INF/jbosstest-web.xml">
Added: branches/Branch_4_2/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java
===================================================================
--- branches/Branch_4_2/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java (rev 0)
+++ branches/Branch_4_2/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java 2007-10-25 16:07:07 UTC (rev 66441)
@@ -0,0 +1,246 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.security;
+
+import java.net.HttpURLConnection;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.commons.httpclient.Cookie;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+
+/**
+ * <p>
+ * JBAS-4804: Generic Header Based Authentication. This test case addresses the scenarios in which the
+ * <code>GenericHeaderAuthenticator</code> is configured in the <code>WEB-INF/context.xml</code> file of
+ * the web application. The <code>HttpHeaderForSSOAuth</code> and <code>SessionCookieForSSOAuth</code>
+ * properties are defined as attributes of the <code>GenericHeaderAuthenticator</code>, requiring no
+ * further configuration of the application server.
+ * </p>
+ * <p>
+ * The web application's <code>contex.xml</code> file should look like the following:
+ * <pre>
+ * <Context>
+ * <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator"
+ * httpHeaderForSSOAuth="sm_ssoid,ct-remote-user,HTTP_OBLIX_UID"
+ * sessionCookieForSSOAuth="SMSESSION,CTSESSION,ObSSOCookie"/>
+ * </Context>
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ * @since Oct 18, 2007
+ */
+public class GenericHeaderAuthUnitTestCase extends JBossTestCase
+{
+ private String testAppBaseURL;
+
+ private String securedServletPath;
+
+ private HttpClient httpClient;
+
+ /**
+ * <p>
+ * Creates an instance of <code>GenericHeaderAuthUnitTestCase</code> with the specified name.
+ * </p>
+ *
+ * @param name the name of the test case.
+ */
+ public GenericHeaderAuthUnitTestCase(String name)
+ {
+ super(name);
+ this.testAppBaseURL = "http://" + super.getServerHost() + ":" + Integer.getInteger("web.port", 8080)
+ + "/generic-header-auth/";
+ this.securedServletPath = "restricted/SecuredServlet";
+ this.httpClient = new HttpClient();
+ }
+
+ /**
+ * <p>
+ * Check that, in the absence of headers, regular form authentication takes place.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testRegularFormAuth() throws Exception
+ {
+ GetMethod getMethod = new GetMethod(this.testAppBaseURL + this.securedServletPath);
+ // execute a plain request to the SecureServlet
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(getMethod);
+ String body = getMethod.getResponseBodyAsString();
+ // check the response code and assert the redirection to the login page
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ assertTrue("Failed to redirect the request to the login page", body.indexOf("j_security_check") > 0);
+ }
+ finally
+ {
+ getMethod.releaseConnection();
+ }
+
+ HttpState state = this.httpClient.getState();
+ // fill in the login form and submit it
+ PostMethod postMethod = new PostMethod(this.testAppBaseURL + "j_security_check");
+ postMethod.addRequestHeader("Referer", this.testAppBaseURL + "restricted/login.html");
+ postMethod.addParameter("j_username", "jduke");
+ postMethod.addParameter("j_password", "theduke");
+ Header location = null;
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(postMethod.getHostConfiguration(), postMethod, state);
+ log.debug("responseCode=" + responseCode + ", response=" + postMethod.getStatusText());
+ // check the response code received and the presence of a location header in the response
+ assertTrue("Unexpected response code received: " + responseCode,
+ responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
+ location = postMethod.getResponseHeader("Location");
+ assertNotNull("Location header not found in response", location);
+ }
+ finally
+ {
+ postMethod.releaseConnection();
+ }
+
+ // follow the redirect as defined by the location header
+ String indexURI = location.getValue();
+ getMethod = new GetMethod(indexURI);
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(getMethod.getHostConfiguration(), getMethod, state);
+ log.debug("responseCode=" + responseCode + ", response=" + getMethod.getStatusText());
+ // check the reponse code received
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ String body = getMethod.getResponseBodyAsString();
+ // assert the redirection of to the SecureServlet
+ assertTrue("Redirect to SecureServlet has failed", body.indexOf("SecureServlet") > 0);
+ }
+ finally
+ {
+ getMethod.releaseConnection();
+ }
+ }
+
+ /**
+ * <p>
+ * Test usecases where the userid is sent via header and the session key is used as the password. To simplify
+ * testing, we pass a password as part of the session key. In reality, there needs to be a login module that can
+ * take the username and session key and validate.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testGenericHeaderBaseAuth() throws Exception
+ {
+ String serverHost = super.getServerHost();
+ // Siteminder usecase
+ this
+ .performHeaderAuth("sm_ssoid", new Cookie(serverHost, "SMSESSION", "theduke", "/", null, false),
+ "SiteMinder");
+ // Cleartrust usecase
+ this.performHeaderAuth("ct-remote-user", new Cookie(serverHost, "CTSESSION", "theduke", "/", null, false),
+ "Cleartrust");
+ // Oblix usecase
+ this.performHeaderAuth("HTTP_OBLIX_UID", new Cookie(serverHost, "ObSSOCookie", "theduke", "/", null, false),
+ "Oblix");
+ }
+
+ /**
+ * <p>
+ * Invoke the <code>SecureServlet</code> setting the specified <code>headerId</code> and <code>cookie</code> objects
+ * in the request.
+ * </p>
+ *
+ * @param headerId a <code>String</code> representing the name of the request header that holds the user id.
+ * @param cookie a <code>Cookie</code> object containing the user's password.
+ * @param usecase a <code>String</code> representing the name of the use case being tested.
+ * @throws Exception if an error occurs when authenticating the user.
+ */
+ private void performHeaderAuth(String headerId, Cookie cookie, String usecase) throws Exception
+ {
+ GetMethod method = new GetMethod(this.testAppBaseURL + this.securedServletPath);
+ // add the headerId and cookie objects to the request
+ method.addRequestHeader(headerId, "jduke");
+ this.httpClient.getState().addCookie(cookie);
+ // execute the request
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(method);
+ // check the response code received
+ log.debug("Response from " + usecase + " case:" + method.getStatusText());
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ // check that access to the secure servlet has been granted
+ String body = method.getResponseBodyAsString();
+ assertTrue("Access to SecureServlet has not been granted", body.indexOf("SecureServlet") > 0);
+ }
+ finally
+ {
+ // release the connection
+ method.releaseConnection();
+ }
+ }
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(GenericHeaderAuthUnitTestCase.class));
+
+ // create an initializer for the test suite
+ Test wrapper = new JBossTestSetup(suite)
+ {
+ /**
+ * <p>
+ * Deploy the ear file containing the Servlets used by the tests.
+ * </p>
+ *
+ * @throws Exception if an error occurs when deploying the ear.
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ super.deploy("generic-header-auth.ear");
+ // make sure the security cache is clear
+ super.flushAuthCache();
+ }
+
+ /**
+ * <p>
+ * Undeploy the ear file containing the Servlets used by the tests.
+ * </p>
+ *
+ * @throws Exception if an error occurs when undeploying the ear.
+ */
+ protected void tearDown() throws Exception
+ {
+ super.undeploy("generic-header-auth.ear");
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+}
\ No newline at end of file
Added: branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml (rev 0)
+++ branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC
+ "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
+ "http://java.sun.com/dtd/application_1_3.dtd">
+
+<application>
+ <display-name>JBossTest Web Container FORM auth tests</display-name>
+
+ <module>
+ <web>
+ <web-uri>header-form-auth.war</web-uri>
+ </web>
+ </module>
+
+</application>
Modified: branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/application.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/application.xml 2007-10-25 15:50:40 UTC (rev 66440)
+++ branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/application.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -1,15 +1,15 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE application PUBLIC
- "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
- "http://java.sun.com/dtd/application_1_3.dtd">
-
-<application>
- <display-name>JBossTest Web Container FORM auth tests</display-name>
-
- <module>
- <web>
- <web-uri>header-form-auth.war</web-uri>
- </web>
- </module>
-
-</application>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC
+ "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
+ "http://java.sun.com/dtd/application_1_3.dtd">
+
+<application>
+ <display-name>JBossTest Web Container Generic Header Tests</display-name>
+
+ <module>
+ <web>
+ <web-uri>generic-header-auth.war</web-uri>
+ </web>
+ </module>
+
+</application>
Added: branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/context.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/context.xml (rev 0)
+++ branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/context.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator" httpHeaderForSSOAuth="sm_ssoid,ct-remote-user,HTTP_OBLIX_UID"
+ sessionCookieForSSOAuth="SMSESSION,CTSESSION,ObSSOCookie"/>
+</Context>
Added: branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml (rev 0)
+++ branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <description>Security Tests Using FORM Authentication</description>
+
+ <!-- ### Servlets -->
+ <servlet>
+ <servlet-name>SecureServlet</servlet-name>
+ <servlet-class>org.jboss.test.web.servlets.SecureServlet</servlet-class>
+ </servlet>
+
+ <!-- The servlet and jsp page mappings -->
+ <servlet-mapping>
+ <servlet-name>SecureServlet</servlet-name>
+ <url-pattern>/restricted/SecuredServlet</url-pattern>
+ </servlet-mapping>
+
+ <!-- The Welcome File List -->
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ </welcome-file-list>
+
+ <!-- ### Security -->
+ <security-constraint>
+ <web-resource-collection>
+
+ <web-resource-name>Restricted</web-resource-name>
+ <description>Declarative security tests</description>
+ <url-pattern>/restricted/*</url-pattern>
+ <http-method>HEAD</http-method>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description>Only authenticated users can access secure content</description>
+ <role-name>AuthorizedUser</role-name>
+ </auth-constraint>
+
+ <user-data-constraint>
+ <description>no description</description>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+
+ <form-login-config>
+ <form-login-page>/restricted/login.html</form-login-page>
+ <form-error-page>/restricted/errors.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <security-role>
+ <description>An AuthorizedUser is one with a valid username and password</description>
+
+ <role-name>AuthorizedUser</role-name>
+ </security-role>
+
+</web-app>
Added: branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/jboss-web.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/jboss-web.xml (rev 0)
+++ branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/jboss-web.xml 2007-10-25 16:07:07 UTC (rev 66441)
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web
+ PUBLIC "-//JBoss//DTD Web Application 2.4//EN"
+ "http://www.jboss.org/j2ee/dtds/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <!-- Specify the security domain for authentication/authorization and
+ require that the domain's cache be flushed when the session invalidates.
+ -->
+ <security-domain flushOnSessionInvalidation="true">
+ java:/jaas/jbossweb-form-auth
+ </security-domain>
+</jboss-web>
More information about the jboss-cvs-commits
mailing list