[jboss-cvs] JBossAS SVN: r108387 - in branches/JBPAPP_5_1/testsuite: imports/config and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Sep 30 09:42:34 EDT 2010
Author: rsvoboda at redhat.com
Date: 2010-09-30 09:42:33 -0400 (Thu, 30 Sep 2010)
New Revision: 108387
Added:
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/AbstractHttpAuthenticationUnitTest.java
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJBossWSAuthenticationUnitTestCase.java
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestWebConsoleAuthenticationUnitTestCase.java
Modified:
branches/JBPAPP_5_1/testsuite/build.xml
branches/JBPAPP_5_1/testsuite/imports/config/tests-secured.xml
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJmxAuthenticationUnitTestCase.java
branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestStatusServletAuthenticationUnitTestCase.java
Log:
JBQA-3817 tests for security bypass for web-console, jbossws and status servlet
Modified: branches/JBPAPP_5_1/testsuite/build.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/build.xml 2010-09-30 12:22:37 UTC (rev 108386)
+++ branches/JBPAPP_5_1/testsuite/build.xml 2010-09-30 13:42:33 UTC (rev 108387)
@@ -1222,7 +1222,7 @@
<exclude name="**/test/security/test/client/*UnitTestCase.class"/>
<exclude name="**/test/profileservice/testsecure/*UnitTestCase.class"/>
<exclude name="**/test/passwordinjection/test/*UnitTestCase.class"/>
- <exclude name="**/test/security/test/authorization/secured/*UnitTestCase.class"/>
+ <exclude name="**/test/security/test/authorization/secured/*.class"/>
</patternset>
<!-- A patternset required for Common Criteria certification -->
<patternset id="cc.includes">
Modified: branches/JBPAPP_5_1/testsuite/imports/config/tests-secured.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/imports/config/tests-secured.xml 2010-09-30 12:22:37 UTC (rev 108386)
+++ branches/JBPAPP_5_1/testsuite/imports/config/tests-secured.xml 2010-09-30 13:42:33 UTC (rev 108387)
@@ -19,10 +19,6 @@
<target name="tests-secured"
description="Run tests on secured profiles">
- <server:start name="all"/>
- <run-junit junit.patternset="secured.mask.includes"/>
- <server:stop name="all"/>
-
<server:start name="production"/>
<run-junit junit.patternset="secured.mask.includes"/>
<server:stop name="production"/>
Added: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/AbstractHttpAuthenticationUnitTest.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/AbstractHttpAuthenticationUnitTest.java (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/AbstractHttpAuthenticationUnitTest.java 2010-09-30 13:42:33 UTC (rev 108387)
@@ -0,0 +1,96 @@
+package org.jboss.test.security.test.authorization.secured;
+
+import java.net.*;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+
+/**
+ * Test verifies that there is no jmx-console security baypass in secured profiles.
+ * Reused test from JBPAPP-3952, JBPAPP-4160.
+ *
+ * @author bshim at redhat.com
+ * @author rsvoboda at redhat.com
+ */
+public abstract class AbstractHttpAuthenticationUnitTest extends JBossTestCase {
+
+ private URL u;
+ private HttpURLConnection con;
+ private static final String GET = "GET";
+ private static final String POST = "POST";
+ private static final String HEAD = "HEAD";
+ private static final String OPTIONS = "OPTIONS";
+ private static final String PUT = "PUT";
+ private static final String DELETE = "DELETE";
+ private static final String TRACE = "TRACE";
+
+ public AbstractHttpAuthenticationUnitTest(String name){
+ super(name);
+ }
+
+ public void testGet() throws Exception {
+ con.setRequestMethod(GET);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ public void testPost() throws Exception {
+ con.setRequestMethod(POST);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ public void testHead() throws Exception {
+ con.setRequestMethod(HEAD);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ public void testOptions() throws Exception {
+ con.setRequestMethod(OPTIONS);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ public void testPut() throws Exception {
+ con.setRequestMethod(PUT);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ public void testTrace() throws Exception {
+ con.setRequestMethod(TRACE);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_BAD_METHOD, con.getResponseCode());
+ }
+
+ public void testDelete() throws Exception {
+ con.setRequestMethod(DELETE);
+ con.connect();
+ assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+// u = new URL("http://" + getServerHost() + ":8080/jmx-console");
+ u = getURL();
+ con = (HttpURLConnection) u.openConnection();
+ try {
+ con.setDoInput(true);
+ con.setRequestProperty("Cookie","MODIFY ME IF NEEDED");
+ } finally {
+ con.disconnect();
+ }
+ }
+
+ protected abstract URL getURL() throws MalformedURLException;
+
+ protected void tearDown(){
+ if (con != null)
+ con.disconnect();
+ }
+}
Added: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJBossWSAuthenticationUnitTestCase.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJBossWSAuthenticationUnitTestCase.java (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJBossWSAuthenticationUnitTestCase.java 2010-09-30 13:42:33 UTC (rev 108387)
@@ -0,0 +1,20 @@
+package org.jboss.test.security.test.authorization.secured;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * Test verifies that there is no jbossws console security baypass in secured profiles.
+ *
+ * @author rsvoboda at redhat.com
+ */
+public class HttpRequestJBossWSAuthenticationUnitTestCase extends AbstractHttpAuthenticationUnitTest {
+
+ public HttpRequestJBossWSAuthenticationUnitTestCase(String name) {
+ super(name);
+ }
+
+ protected URL getURL() throws MalformedURLException {
+ return new URL("http://" + getServerHost() + ":8080/jbossws");
+ }
+}
Modified: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJmxAuthenticationUnitTestCase.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJmxAuthenticationUnitTestCase.java 2010-09-30 12:22:37 UTC (rev 108386)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestJmxAuthenticationUnitTestCase.java 2010-09-30 13:42:33 UTC (rev 108387)
@@ -1,114 +1,20 @@
package org.jboss.test.security.test.authorization.secured;
-import java.net.*;
+import java.net.MalformedURLException;
+import java.net.URL;
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
-import org.jboss.test.JBossTestCase;
-import org.jboss.test.JBossTestSetup;
-
/**
* Test verifies that there is no jmx-console security baypass in secured profiles.
- * Reused test from JBPAPP-3952, JBPAPP-4160.
*
- * @author bshim at redhat.com
* @author rsvoboda at redhat.com
*/
-public class HttpRequestJmxAuthenticationUnitTestCase extends JBossTestCase {
-
- private URL u;
- private HttpURLConnection con;
- private static final String GET = "GET";
- private static final String POST = "POST";
- private static final String HEAD = "HEAD";
- private static final String OPTIONS = "OPTIONS";
- private static final String PUT = "PUT";
- private static final String DELETE = "DELETE";
- private static final String TRACE = "TRACE";
-
- public HttpRequestJmxAuthenticationUnitTestCase(String name){
- super(name);
- }
-
- public static Test suite() throws Exception {
- TestSuite suite = new TestSuite();
- suite.addTest(new TestSuite(HttpRequestJmxAuthenticationUnitTestCase.class));
- // Create an initializer for the test suite
- TestSetup wrapper = new JBossTestSetup(suite)
- {
- @Override
- protected void setUp() throws Exception
- {
- super.setUp();
- }
+public class HttpRequestJmxAuthenticationUnitTestCase extends AbstractHttpAuthenticationUnitTest {
- @Override
- protected void tearDown() throws Exception
- {
- super.tearDown();
- }
- };
- return wrapper;
- }
+ public HttpRequestJmxAuthenticationUnitTestCase(String name) {
+ super(name);
+ }
- public void testGet() throws Exception {
- con.setRequestMethod(GET);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testPost() throws Exception {
- con.setRequestMethod(POST);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testHead() throws Exception {
- con.setRequestMethod(HEAD);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testOptions() throws Exception {
- con.setRequestMethod(OPTIONS);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testPut() throws Exception {
- con.setRequestMethod(PUT);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testTrace() throws Exception {
- con.setRequestMethod(TRACE);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_BAD_METHOD, con.getResponseCode());
- }
-
- public void testDelete() throws Exception {
- con.setRequestMethod(DELETE);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- protected void setUp() throws Exception {
- super.setUp();
- u = new URL("http://" + getServerHost() + ":8080/jmx-console");
- con = (HttpURLConnection) u.openConnection();
- try {
- con.setDoInput(true);
- con.setRequestProperty("Cookie","MODIFY ME IF NEEDED");
- } finally {
- con.disconnect();
- }
- }
-
- protected void tearDown(){
- if (con != null)
- con.disconnect();
- }
+ protected URL getURL() throws MalformedURLException {
+ return new URL("http://" + getServerHost() + ":8080/jmx-console");
+ }
}
Modified: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestStatusServletAuthenticationUnitTestCase.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestStatusServletAuthenticationUnitTestCase.java 2010-09-30 12:22:37 UTC (rev 108386)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestStatusServletAuthenticationUnitTestCase.java 2010-09-30 13:42:33 UTC (rev 108387)
@@ -1,112 +1,20 @@
package org.jboss.test.security.test.authorization.secured;
-import java.net.HttpURLConnection;
import java.net.URL;
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-import junit.framework.TestSuite;
+import java.net.MalformedURLException;
-import org.jboss.test.JBossTestCase;
-import org.jboss.test.JBossTestSetup;
-
/**
* Test verifies that there is no /status servlet security baypass in secured profiles.
*
* @author rsvoboda at redhat.com
*/
-public class HttpRequestStatusServletAuthenticationUnitTestCase extends JBossTestCase {
-
- private URL u;
- private HttpURLConnection con;
- private static final String GET = "GET";
- private static final String POST = "POST";
- private static final String HEAD = "HEAD";
- private static final String OPTIONS = "OPTIONS";
- private static final String PUT = "PUT";
- private static final String DELETE = "DELETE";
- private static final String TRACE = "TRACE";
-
- public HttpRequestStatusServletAuthenticationUnitTestCase(String name){
- super(name);
- }
-
- public static Test suite() throws Exception {
- TestSuite suite = new TestSuite();
- suite.addTest(new TestSuite(HttpRequestStatusServletAuthenticationUnitTestCase.class));
- // Create an initializer for the test suite
- TestSetup wrapper = new JBossTestSetup(suite)
- {
- @Override
- protected void setUp() throws Exception
- {
- super.setUp();
- }
+public class HttpRequestStatusServletAuthenticationUnitTestCase extends AbstractHttpAuthenticationUnitTest {
- @Override
- protected void tearDown() throws Exception
- {
- super.tearDown();
- }
- };
- return wrapper;
- }
+ public HttpRequestStatusServletAuthenticationUnitTestCase(String name) {
+ super(name);
+ }
- public void testGet() throws Exception {
- con.setRequestMethod(GET);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testPost() throws Exception {
- con.setRequestMethod(POST);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testHead() throws Exception {
- con.setRequestMethod(HEAD);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testOptions() throws Exception {
- con.setRequestMethod(OPTIONS);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testPut() throws Exception {
- con.setRequestMethod(PUT);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- public void testTrace() throws Exception {
- con.setRequestMethod(TRACE);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_BAD_METHOD, con.getResponseCode());
- }
-
- public void testDelete() throws Exception {
- con.setRequestMethod(DELETE);
- con.connect();
- assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
- }
-
- protected void setUp() throws Exception {
- super.setUp();
- u = new URL("http://" + getServerHost() + ":8080/status");
- con = (HttpURLConnection) u.openConnection();
- try {
- con.setDoInput(true);
- con.setRequestProperty("Cookie","MODIFY ME IF NEEDED");
- } finally {
- con.disconnect();
- }
- }
-
- protected void tearDown(){
- if (con != null)
- con.disconnect();
- }
+ protected URL getURL() throws MalformedURLException {
+ return new URL("http://" + getServerHost() + ":8080/status");
+ }
}
Added: branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestWebConsoleAuthenticationUnitTestCase.java
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestWebConsoleAuthenticationUnitTestCase.java (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/main/org/jboss/test/security/test/authorization/secured/HttpRequestWebConsoleAuthenticationUnitTestCase.java 2010-09-30 13:42:33 UTC (rev 108387)
@@ -0,0 +1,20 @@
+package org.jboss.test.security.test.authorization.secured;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * Test verifies that there is no jmx-console security baypass in secured profiles.
+ *
+ * @author rsvoboda at redhat.com
+ */
+public class HttpRequestWebConsoleAuthenticationUnitTestCase extends AbstractHttpAuthenticationUnitTest {
+
+ public HttpRequestWebConsoleAuthenticationUnitTestCase(String name) {
+ super(name);
+ }
+
+ protected URL getURL() throws MalformedURLException {
+ return new URL("http://" + getServerHost() + ":8080/web-console");
+ }
+}
More information about the jboss-cvs-commits
mailing list