KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > tomcat > JAASSecurityTest


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */

17 package org.apache.geronimo.tomcat;
18
19 import java.io.BufferedReader JavaDoc;
20 import java.io.InputStreamReader JavaDoc;
21 import java.net.HttpURLConnection JavaDoc;
22 import java.net.URL JavaDoc;
23 import java.util.Map JavaDoc;
24 import java.util.HashMap JavaDoc;
25 import java.security.PermissionCollection JavaDoc;
26 import java.security.Permissions JavaDoc;
27
28 import javax.management.ObjectName JavaDoc;
29
30 import org.apache.geronimo.tomcat.util.SecurityHolder;
31 import org.apache.geronimo.security.jacc.ComponentPermissions;
32
33 /**
34  * Tests the JAAS security for Tomcat
35  *
36  * @version $Revision: 483201 $ $Date: 2006-12-06 14:52:09 -0500 (Wed, 06 Dec 2006) $
37  */

38 public class JAASSecurityTest extends AbstractWebModuleTest {
39
40     ObjectName JavaDoc appName = null;
41
42     public void testNotAuthorized() throws Exception JavaDoc {
43
44         startWebApp();
45
46         //Begin the test
47
HttpURLConnection JavaDoc connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
48         connection.setInstanceFollowRedirects(false);
49         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
50         //Be sure we have been given the login page
51
BufferedReader JavaDoc reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
52         assertEquals("<!-- Login Page -->", reader.readLine());
53         reader.close();
54
55         String JavaDoc cookie = connection.getHeaderField("Set-Cookie");
56         cookie = cookie.substring(0, cookie.lastIndexOf(';'));
57         String JavaDoc location = "http://localhost:8181/test/protected/j_security_check?j_username=alan&j_password=starcraft";
58         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
59         connection.setRequestMethod("POST");
60         connection.setRequestProperty("Cookie", cookie);
61         connection.setInstanceFollowRedirects(false);
62         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
63
64         location = connection.getHeaderField("Location");
65         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
66         connection.setRequestProperty("Cookie", cookie);
67         connection.setInstanceFollowRedirects(true);
68         assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
69         connection.disconnect();
70
71         stopWebApp();
72     }
73
74     public void testBadAuthentication() throws Exception JavaDoc {
75
76         startWebApp();
77
78         //Begin the test
79
HttpURLConnection JavaDoc connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
80         connection.setInstanceFollowRedirects(false);
81         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
82
83         //Be sure we have been given the login page
84
BufferedReader JavaDoc reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
85         assertEquals("<!-- Login Page -->", reader.readLine());
86         reader.close();
87
88         String JavaDoc cookie = connection.getHeaderField("Set-Cookie");
89         cookie = cookie.substring(0, cookie.lastIndexOf(';'));
90         String JavaDoc location = "http://localhost:8181/test/protected/j_security_check?j_username=alan&j_password=basspassword";
91
92         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
93         connection.setRequestMethod("POST");
94         connection.setRequestProperty("Cookie", cookie);
95         connection.setInstanceFollowRedirects(true);
96
97         //Be sure we have been given the login error page
98
reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
99         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
100
101         location = connection.getHeaderField("Location");
102         assertEquals("<!-- Not Authorized -->", reader.readLine());
103         reader.close();
104
105         connection.disconnect();
106
107         stopWebApp();
108     }
109
110     public void testGoodAuthentication() throws Exception JavaDoc {
111     // this test is failing intermittently on tc6.
112
// disabling it for now while investigating if its a bug in the
113
// test case or in tc6.
114

115 // startWebApp();
116
//
117
// //Give the container some time to load the web context
118
// //this is wierd..it only needs to be done on this test
119
// Thread.sleep(5000);
120
//
121
// //Begin the test
122
// HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8181/test/protected/hello.txt").openConnection();
123
// connection.setInstanceFollowRedirects(false);
124
// assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
125
//
126
// //Be sure we have been given the login page
127
// BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
128
// assertEquals("<!-- Login Page -->", reader.readLine());
129
// reader.close();
130
//
131
// String cookie = connection.getHeaderField("Set-Cookie");
132
// cookie = cookie.substring(0, cookie.lastIndexOf(';'));
133
// String location = "http://localhost:8181/test/protected/j_security_check?j_username=izumi&j_password=violin";
134
//
135
// connection = (HttpURLConnection) new URL(location).openConnection();
136
// connection.setRequestMethod("POST");
137
// connection.setRequestProperty("Referer","http://localhost:8181/test/auth/logon.html?param=test");
138
// connection.setRequestProperty("Cookie", cookie);
139
// connection.setInstanceFollowRedirects(false);
140
// assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
141
//
142
// connection = (HttpURLConnection) new URL("http://localhost:8181/test/protected/hello.txt").openConnection();
143
// connection.setRequestProperty("Cookie", cookie);
144
// connection.setInstanceFollowRedirects(false);
145
// reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
146
//
147
// assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
148
// assertEquals("Hello World", reader.readLine());
149
// connection.disconnect();
150
//
151
// stopWebApp();
152
}
153
154     protected void startWebApp() throws Exception JavaDoc {
155         //Set a context level Realm and ignore the Engine level to test that
156
//the override along with a Security Realm Name set overrides the Engine
157
Map JavaDoc initParams = new HashMap JavaDoc();
158         initParams.put("userClassNames", "org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal");
159         initParams.put("roleClassNames", "org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");
160
161         RealmGBean realm = new RealmGBean("org.apache.geronimo.tomcat.realm.TomcatJAASRealm", initParams);
162         realm.doStart();
163
164         PermissionCollection JavaDoc excludedPermissions = new Permissions JavaDoc();
165         PermissionCollection JavaDoc uncheckedPermissions = new Permissions JavaDoc();
166         ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, new HashMap JavaDoc());
167         //Force a new realm name and ignore the application name
168
SecurityHolder securityHolder = new SecurityHolder();
169         securityHolder.setSecurityRealm(securityRealmName);
170         setUpSecureAppContext(new HashMap JavaDoc(),
171                 new HashMap JavaDoc(),
172                 componentPermissions,
173                 realm,
174                 securityHolder);
175     }
176
177     protected void stopWebApp() throws Exception JavaDoc {
178     }
179
180     protected void setUp() throws Exception JavaDoc {
181         super.setUp();
182         super.init("org.apache.geronimo.tomcat.realm.TomcatJAASRealm");
183         setUpSecurity();
184     }
185
186     protected void tearDown() throws Exception JavaDoc {
187         tearDownSecurity();
188         super.tearDown();
189     }
190
191 }
192
Popular Tags