1 22 package org.jboss.test.security.test; 23 24 import java.net.HttpURLConnection ; 25 import java.net.URL ; 26 27 import org.jboss.test.util.web.HttpUtils; 28 import org.jboss.test.JBossTestCase; 29 import junit.framework.Test; 30 31 36 public class WebConstraintsUnitTestCase extends JBossTestCase 37 { 38 public static String REALM = "WebConstraintsUnitTestCase"; 39 public String baseURLNoAuth = HttpUtils.getBaseURLNoAuth(); 40 public static final String WAR = "web-constraints.war"; 41 static String username = "scott"; 42 static char[] password = "echoman".toCharArray(); 43 47 private boolean strictStarRolesMode; 48 49 public boolean isStrictStarRolesMode() 50 { 51 return strictStarRolesMode; 52 } 53 public void setStrictStarRolesMode(boolean strictStarRolesMode) 54 { 55 this.strictStarRolesMode = strictStarRolesMode; 56 } 57 58 public WebConstraintsUnitTestCase(String name) 59 { 60 super(name); 61 } 62 63 65 public void testUnchecked() throws Exception 66 { 67 log.debug("+++ testUnchecked"); 68 URL url = new URL (baseURLNoAuth+"web-constraints/unchecked"); 70 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 71 url = new URL (baseURLNoAuth+"web-constraints/unchecked/"); 72 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 73 url = new URL (baseURLNoAuth+"web-constraints/unchecked/x"); 74 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 75 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.HEAD); 76 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 77 78 url = new URL (baseURLNoAuth+"web-constraints/restricted/not"); 80 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 81 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.HEAD); 82 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 83 url = new URL (baseURLNoAuth+"web-constraints/restricted/not/x"); 84 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 85 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.HEAD); 86 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 87 88 url = new URL (baseURLNoAuth+"web-constraints/"); 90 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 91 url = new URL (baseURLNoAuth+"web-constraints/other"); 92 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 93 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.HEAD); 94 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 95 } 96 97 100 public void testGetAccess() throws Exception 101 { 102 log.debug("+++ testGetAccess"); 103 String baseURL = HttpUtils.getBaseURL("getUser", "getUserPass"); 104 URL url = new URL (baseURL+"web-constraints/restricted/get-only"); 106 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 107 url = new URL (baseURL+"web-constraints/restricted/get-only/x"); 108 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 109 110 url = new URL (baseURL+"web-constraints/restricted/any/x"); 112 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 113 114 url = new URL (baseURL+"web-constraints/restricted/get-only/x"); 116 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 117 url = new URL (baseURL+"web-constraints/restricted/post-only/x"); 119 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 120 121 url = new URL (baseURL+"web-constraints/restricted/get-only/excluded/x"); 123 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 124 125 baseURL = HttpUtils.getBaseURL("otherUser", "otherUserPass"); 127 128 url = new URL (baseURL+"web-constraints/restricted/get-only"); 130 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 131 url = new URL (baseURL+"web-constraints/restricted/get-only/x"); 132 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 133 134 if( strictStarRolesMode == false ) 135 { 136 url = new URL (baseURL+"web-constraints/restricted/any/x"); 138 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 139 } 140 } 141 142 144 public void testExcludedAccess() throws Exception 145 { 146 log.debug("+++ testExcludedAccess"); 147 String baseURL = HttpUtils.getBaseURL("getUser", "getUserPass"); 148 URL url = new URL (baseURL+"web-constraints/excluded/x"); 150 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 151 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.OPTIONS); 152 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.HEAD); 153 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 154 url = new URL (baseURL+"web-constraints/restricted/"); 155 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 156 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.OPTIONS); 157 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.HEAD); 158 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 159 160 url = new URL (baseURL+"web-constraints/restricted/get-only/excluded/x"); 161 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 162 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.OPTIONS); 163 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.HEAD); 164 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 165 166 url = new URL (baseURL+"web-constraints/restricted/put-only/excluded/x"); 167 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 168 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.OPTIONS); 169 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.HEAD); 170 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 171 172 url = new URL (baseURL+"web-constraints/restricted/any/excluded/x"); 173 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 174 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.OPTIONS); 175 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.HEAD); 176 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 177 } 178 179 182 public void testPostAccess() throws Exception 183 { 184 log.debug("+++ testPostAccess"); 185 String baseURL = HttpUtils.getBaseURL("postUser", "postUserPass"); 186 URL url = new URL (baseURL+"web-constraints/restricted/post-only/"); 188 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 189 url = new URL (baseURL+"web-constraints/restricted/post-only/x"); 190 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 191 192 url = new URL (baseURL+"web-constraints/restricted/any/x"); 194 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK, HttpUtils.POST); 195 196 url = new URL (baseURL+"web-constraints/restricted/post-only/excluded/x"); 198 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 199 200 url = new URL (baseURL+"web-constraints/restricted/post-only/x"); 202 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 203 url = new URL (baseURL+"web-constraints/restricted/get-only/x"); 205 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 206 207 baseURL = HttpUtils.getBaseURL("otherUser", "otherUserPass"); 209 210 url = new URL (baseURL+"web-constraints/restricted/post-only"); 212 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 213 url = new URL (baseURL+"web-constraints/restricted/post-only/x"); 214 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN, HttpUtils.POST); 215 216 if( strictStarRolesMode == false ) 217 { 218 url = new URL (baseURL+"web-constraints/restricted/any/x"); 220 HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK); 221 } 222 } 223 224 public static Test suite() throws Exception 225 { 226 return JBossTestCase.getDeploySetup(WebConstraintsUnitTestCase.class, WAR); 227 } 228 } 229 | Popular Tags |