KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > jetty6 > SecurityTest


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17
18 package org.apache.geronimo.jetty6;
19
20 import java.io.BufferedReader JavaDoc;
21 import java.io.IOException JavaDoc;
22 import java.io.InputStreamReader JavaDoc;
23 import java.net.HttpURLConnection JavaDoc;
24 import java.net.URL JavaDoc;
25 import java.security.PermissionCollection JavaDoc;
26 import java.security.Permissions JavaDoc;
27 import java.util.HashMap JavaDoc;
28 import java.util.HashSet JavaDoc;
29 import java.util.Iterator JavaDoc;
30 import java.util.Map JavaDoc;
31 import java.util.Set JavaDoc;
32 import javax.security.jacc.WebResourcePermission JavaDoc;
33 import javax.security.jacc.WebUserDataPermission JavaDoc;
34
35 import org.apache.geronimo.security.deploy.DefaultPrincipal;
36 import org.apache.geronimo.security.deploy.PrincipalInfo;
37 import org.apache.geronimo.security.deploy.Role;
38 import org.apache.geronimo.security.deploy.Security;
39 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
40 import org.apache.geronimo.security.jacc.ComponentPermissions;
41
42
43 /**
44  * Tests the JAAC security for Jetty by using both explicit and auto role mapping
45  *
46  * @version $Rev: 482336 $ $Date: 2006-12-04 15:12:19 -0500 (Mon, 04 Dec 2006) $
47  */
48 public class SecurityTest extends AbstractWebModuleTest {
49     /**
50      * Test the explicit map feature. Only Alan should be able to log in.
51      *
52      * @throws Exception thrown if an error in the test occurs
53      */
54     public void testExplicitMapping() throws Exception JavaDoc {
55         Security securityConfig = new Security();
56         securityConfig.setUseContextHandler(false);
57
58         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
59         PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal", "izumi", false);
60         defaultPrincipal.setPrincipal(principalInfo);
61
62         securityConfig.setDefaultPrincipal(defaultPrincipal);
63
64         Role role = new Role();
65         role.setRoleName("content-administrator");
66         principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal", "it", false);
67         role.getPrincipals().add(principalInfo);
68
69         securityConfig.getRoleMappings().put(role.getRoleName(), role);
70
71         Map JavaDoc roleDesignates = new HashMap JavaDoc();
72         Map JavaDoc principalRoleMap = new HashMap JavaDoc();
73         buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);
74
75         PermissionCollection JavaDoc uncheckedPermissions = new Permissions JavaDoc();
76
77         PermissionCollection JavaDoc excludedPermissions = new Permissions JavaDoc();
78         excludedPermissions.add(new WebResourcePermission JavaDoc("/auth/login.html", ""));
79         excludedPermissions.add(new WebUserDataPermission JavaDoc("/auth/login.html", ""));
80
81         Map JavaDoc rolePermissions = new HashMap JavaDoc();
82         PermissionCollection JavaDoc permissions = new Permissions JavaDoc();
83         permissions.add(new WebUserDataPermission JavaDoc("/protected/*", ""));
84         permissions.add(new WebResourcePermission JavaDoc("/protected/*", ""));
85         rolePermissions.put("content-administrator", permissions);
86         rolePermissions.put("auto-administrator", permissions);
87
88         Set JavaDoc securityRoles = new HashSet JavaDoc();
89         securityRoles.add("content-administrator");
90         securityRoles.add("auto-administrator");
91
92         ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
93
94         startWebApp(roleDesignates, principalRoleMap, componentPermissions, defaultPrincipal, permissions, securityRoles);
95
96         HttpURLConnection JavaDoc connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:5678/test/protected/hello.txt").openConnection();
97         connection.setInstanceFollowRedirects(false);
98         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
99
100         String JavaDoc cookie = connection.getHeaderField("Set-Cookie");
101         cookie = cookie == null? "": cookie.substring(0, cookie.lastIndexOf(';'));
102         String JavaDoc location = connection.getHeaderField("Location");
103
104         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
105         connection.setInstanceFollowRedirects(false);
106         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
107
108         location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=alan&j_password=starcraft";
109
110         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
111         connection.setRequestMethod("POST");
112         connection.setRequestProperty("Cookie", cookie);
113         connection.setInstanceFollowRedirects(false);
114         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
115
116         connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:5678/test/protected/hello.txt").openConnection();
117         connection.setRequestProperty("Cookie", cookie);
118         connection.setInstanceFollowRedirects(false);
119         BufferedReader JavaDoc reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
120
121         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
122         assertEquals("Hello World", reader.readLine());
123         connection.disconnect();
124
125         connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:5678/test/protected/hello.txt").openConnection();
126         connection.setInstanceFollowRedirects(false);
127         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
128
129         cookie = connection.getHeaderField("Set-Cookie");
130         cookie = cookie.substring(0, cookie.lastIndexOf(';'));
131         location = connection.getHeaderField("Location");
132
133         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
134         connection.setInstanceFollowRedirects(false);
135         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
136
137         location = location.substring(0, location.lastIndexOf('/')) + "/j_security_check?j_username=izumi&j_password=violin";
138
139         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
140         connection.setRequestMethod("POST");
141         connection.setRequestProperty("Cookie", cookie);
142         connection.setInstanceFollowRedirects(false);
143         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
144
145         try {
146             connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:5678/test/protected/hello.txt").openConnection();
147             connection.setRequestProperty("Cookie", cookie);
148             connection.setInstanceFollowRedirects(false);
149             reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
150
151             fail("Should throw an IOException for HTTP 403 response");
152         } catch (IOException JavaDoc e) {
153         }
154
155         assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
156         connection.disconnect();
157
158         stopWebApp();
159     }
160
161     protected void startWebApp(Map JavaDoc roleDesignates, Map JavaDoc principalRoleMap, ComponentPermissions componentPermissions, DefaultPrincipal defaultPrincipal, PermissionCollection JavaDoc checked, Set JavaDoc securityRoles) throws Exception JavaDoc {
162         JettyWebAppContext app = setUpSecureAppContext(roleDesignates, principalRoleMap, componentPermissions, defaultPrincipal, checked, securityRoles);
163         setUpStaticContentServlet(app);
164 // start(appName, app);
165 }
166
167     protected void stopWebApp() throws Exception JavaDoc {
168 // stop(appName);
169 }
170
171     protected void setUp() throws Exception JavaDoc {
172         super.setUp();
173         setUpSecurity();
174     }
175
176     protected void tearDown() throws Exception JavaDoc {
177         tearDownSecurity();
178         super.tearDown();
179     }
180
181     //copied from SecurityBuilder
182 public void buildPrincipalRoleMap(Security security, Map JavaDoc roleDesignates, Map JavaDoc principalRoleMap) {
183         Map JavaDoc roleToPrincipalMap = new HashMap JavaDoc();
184         GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, getClass().getClassLoader());
185         invertMap(roleToPrincipalMap, principalRoleMap);
186     }
187
188     private static Map JavaDoc invertMap(Map JavaDoc roleToPrincipalMap, Map JavaDoc principalRoleMapping) {
189         for (Iterator JavaDoc roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
190             Map.Entry JavaDoc entry = (Map.Entry JavaDoc) roles.next();
191             String JavaDoc role = (String JavaDoc) entry.getKey();
192             Set JavaDoc principals = (Set JavaDoc) entry.getValue();
193             for (Iterator JavaDoc iter = principals.iterator(); iter.hasNext();) {
194                 java.security.Principal JavaDoc principal = (java.security.Principal JavaDoc) iter.next();
195
196                 HashSet JavaDoc roleSet = (HashSet JavaDoc) principalRoleMapping.get(principal);
197                 if (roleSet == null) {
198                     roleSet = new HashSet JavaDoc();
199                     principalRoleMapping.put(principal, roleSet);
200                 }
201                 roleSet.add(role);
202             }
203         }
204         return principalRoleMapping;
205     }
206 }
207
Popular Tags