1 22 package org.jboss.test.web.security; 23 24 import java.net.HttpURLConnection ; 25 26 import junit.framework.Test; 27 import junit.framework.TestSuite; 28 29 import org.apache.commons.httpclient.Cookie; 30 import org.apache.commons.httpclient.Header; 31 import org.apache.commons.httpclient.HttpClient; 32 import org.apache.commons.httpclient.HttpState; 33 import org.apache.commons.httpclient.methods.GetMethod; 34 import org.apache.commons.httpclient.methods.PostMethod; 35 import org.jboss.test.JBossTestCase; 36 import org.jboss.test.JBossTestSetup; 37 38 40 46 public class CustomHeaderAuthTestCase extends JBossTestCase 47 { 48 private String baseURLNoAuth = "http://" + getServerHost() + ":" + Integer.getInteger("web.port", 8080) + "/"; 49 private HttpClient httpConn = new HttpClient(); 50 51 private String path = "header-form-auth/restricted/SecuredServlet"; 52 53 public CustomHeaderAuthTestCase(String name) 54 { 55 super(name); 56 } 57 58 63 public void testRegularFormAuth() throws Exception 64 { 65 doSecureGetWithLogin(path, "jduke", "theduke"); 66 } 67 68 76 public void testCustomHeaderBaseAuth() throws Exception 77 { 78 String serverHost = getServerHost(); 79 performCustomAuth("sm_ssoid", new Cookie(serverHost, 81 "SMSESSION", "theduke", "/", null, false), "SiteMinder"); 82 83 performCustomAuth("ct-remote-user", new Cookie(serverHost, 85 "CTSESSION", "theduke", "/", null, false), "Cleartrust"); 86 87 performCustomAuth("HTTP_OBLIX_UID", new Cookie(serverHost, 89 "ObSSOCookie", "theduke", "/", null, false), "Oblix"); 90 } 91 92 private void performCustomAuth(String headerId, Cookie cookie, 93 String usecase) throws Exception 94 { 95 GetMethod indexGet = new GetMethod(baseURLNoAuth+path); 96 indexGet.addRequestHeader(headerId, "jduke"); 97 httpConn.getState().addCookie(cookie); 98 int responseCode = httpConn.executeMethod(indexGet); 99 String response = indexGet.getStatusText(); 100 log.debug("Response from " + usecase + " case:"+response); 101 Header jex = indexGet.getResponseHeader("X-JException"); 102 log.debug("Saw X-JException, "+jex); 103 assertNull("X-JException == null", jex); 104 assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK); 105 } 106 107 private PostMethod doSecureGetWithLogin(String path, String username, String password) 108 throws Exception 109 { 110 GetMethod indexGet = new GetMethod(baseURLNoAuth+path); 111 int responseCode = httpConn.executeMethod(indexGet); 112 String body = indexGet.getResponseBodyAsString(); 113 assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK); 114 assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 ); 115 116 HttpState state = httpConn.getState(); 117 Cookie[] cookies = state.getCookies(); 118 String sessionID = null; 119 for(int c = 0; c < cookies.length; c ++) 120 { 121 Cookie k = cookies[c]; 122 if( k.getName().equalsIgnoreCase("JSESSIONID") ) 123 sessionID = k.getValue(); 124 } 125 getLog().debug("Saw JSESSIONID="+sessionID); 126 127 PostMethod formPost = new PostMethod(baseURLNoAuth+"header-form-auth/j_security_check"); 129 formPost.addRequestHeader("Referer", baseURLNoAuth+"header-form-auth/restricted/login.html"); 130 formPost.addParameter("j_username", username); 131 formPost.addParameter("j_password", password); 132 responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), 133 formPost, state); 134 String response = formPost.getStatusText(); 135 log.debug("responseCode="+responseCode+", response="+response); 136 assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP); 137 138 Header location = formPost.getResponseHeader("Location"); 140 String indexURI = location.getValue(); 141 GetMethod war1Index = new GetMethod(indexURI); 142 responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(), 143 war1Index, state); 144 response = war1Index.getStatusText(); 145 log.debug("responseCode="+responseCode+", response="+response); 146 assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK); 147 body = war1Index.getResponseBodyAsString(); 148 if( body.indexOf("j_security_check") > 0 ) 149 fail("get of "+indexURI+" redirected to login page"); 150 return formPost; 151 } 152 153 155 public static Test suite() throws Exception 156 { 157 TestSuite suite = new TestSuite(); 158 suite.addTest(new TestSuite(CustomHeaderAuthTestCase.class)); 159 160 Test wrapper = new JBossTestSetup(suite) 162 { 163 protected void setUp() throws Exception 164 { 165 super.setUp(); 166 deploy("header-form-auth.ear"); 167 flushAuthCache(); 169 } 170 protected void tearDown() throws Exception 171 { 172 undeploy("header-form-auth.ear"); 173 super.tearDown(); 174 } 175 }; 176 return wrapper; 177 } 178 } 179 | Popular Tags |