JGuardServletRequestWrapperTest


1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.jee.authentication.http;
29  
30  import java.security.Principal  ;
31  
32  import javax.security.auth.Subject  ;
33  import javax.servlet.ServletContext  ;
34  
35  import junit.framework.TestCase;
36  import net.sf.jguard.core.CoreConstants;
37  import net.sf.jguard.core.authentication.credentials.JGuardCredential;
38  import net.sf.jguard.core.principals.RolePrincipal;
39  
40  
41  public class JGuardServletRequestWrapperTest extends TestCase {
42  
43      public void testIsUserInRole() {
44          HttpServletRequestSimulator request = new HttpServletRequestSimulator();
45          HttpSessionSimulator session = new HttpSessionSimulator();
46          request.setSession(session);
47          ServletContextSimulator context = new ServletContextSimulator();
48          String   applicationName="Myapp";
49          context.setAttribute(CoreConstants.APPLICATION_NAME, applicationName);
50          session.setServletContext(context);
51          // Mock subject and principal creation
52          Subject   subj = new Subject  ();
53          Principal   p1 = new RolePrincipal("testUser",applicationName);
54          Principal   p2 = new RolePrincipal("testAnotherUser",applicationName);
55          subj.getPrincipals().add(p1);
56          subj.getPrincipals().add(p2);
57          HttpAuthenticationUtilsMock httputils = new HttpAuthenticationUtilsMock();
58          httputils.setSubject(subj);
59          // Putting into session object
60          request.getSession().setAttribute(HttpConstants.AUTHN_UTILS, httputils);
61  
62          JGuardServletRequestWrapper wrapper = new JGuardServletRequestWrapper(request);
63  
64          // Testing
65          assertTrue(wrapper.isUserInRole("testUser"));
66          assertTrue(wrapper.isUserInRole("testAnotherUser"));
67          assertFalse(wrapper.isUserInRole("testOneMoreUser"));
68      }
69  
70      public void testGetRemoteUser() {
71          HttpServletRequestSimulator request = new HttpServletRequestSimulator();
72  
73          // Mock subject and credential
74          Subject   subj = new Subject  ();
75          JGuardCredential login = new JGuardCredential();
76          login.setId("login");
77          login.setValue("testUser");
78          HttpAuthenticationUtilsMock httputils= new HttpAuthenticationUtilsMock();
79          httputils.setSubject(subj);
80          request.getSession(true).setAttribute(HttpConstants.AUTHN_UTILS, httputils);
81          JGuardServletRequestWrapper wrapper = new JGuardServletRequestWrapper(request);
82  
83          // Testing with public credentials
84          subj.getPublicCredentials().add(login);
85          assertEquals(wrapper.getRemoteUser(), "testUser");
86  
87          // Testing with private credentials
88          subj.getPublicCredentials().clear();
89          assertEquals(subj.getPublicCredentials().size(), 0);
90          subj.getPrivateCredentials().add(login);
91          assertEquals(wrapper.getRemoteUser(), "testUser");
92  
93          // Testing with no valid credential
94          Subject   invalidSubj = new Subject  ();
95          JGuardCredential invalidCredential = new JGuardCredential();
96          invalidCredential.setId("bla");
97          invalidCredential.setValue("bla");
98          invalidSubj.getPublicCredentials().add(invalidCredential);
99          subj.getPrivateCredentials().add(invalidCredential);
100         ((HttpAuthenticationUtilsMock)request.getSession().getAttribute(HttpConstants.AUTHN_UTILS)).setSubject(invalidSubj);
101         assertNull(wrapper.getRemoteUser());
102     }
103 }
104
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags