KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > web > security > CustomHeaderAuthTestCase


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */

22 package org.jboss.test.web.security;
23
24 import java.net.HttpURLConnection JavaDoc;
25
26 import junit.framework.Test;
27 import junit.framework.TestSuite;
28
29 import org.apache.commons.httpclient.Cookie;
30 import org.apache.commons.httpclient.Header;
31 import org.apache.commons.httpclient.HttpClient;
32 import org.apache.commons.httpclient.HttpState;
33 import org.apache.commons.httpclient.methods.GetMethod;
34 import org.apache.commons.httpclient.methods.PostMethod;
35 import org.jboss.test.JBossTestCase;
36 import org.jboss.test.JBossTestSetup;
37
38 //$Id$
39

40 /**
41  * JBAS-2283: Custom Header based authentication
42  * @author <a HREF="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
43  * @since Sep 11, 2006
44  * @version $Revision$
45  */

46 public class CustomHeaderAuthTestCase extends JBossTestCase
47 {
48    private String JavaDoc baseURLNoAuth = "http://" + getServerHost() + ":" + Integer.getInteger("web.port", 8080) + "/";
49    private HttpClient httpConn = new HttpClient();
50    
51    private String JavaDoc path = "header-form-auth/restricted/SecuredServlet";
52    
53    public CustomHeaderAuthTestCase(String JavaDoc name)
54    {
55       super(name);
56    }
57    
58    /**
59     * Ensure that in the absence of headers, there is regular
60     * form based authentication
61     * @throws Exception
62     */

63    public void testRegularFormAuth() throws Exception JavaDoc
64    {
65       doSecureGetWithLogin(path, "jduke", "theduke");
66    }
67    
68    /**
69     * Test usecases where the userid is sent via header and the
70     * session key is used as the password. To simplify testing,
71     * we pass a password as part of the session key. In reality,
72     * there needs to be a login module that can take the username
73     * and session key and validate.
74     * @throws Exception
75     */

76    public void testCustomHeaderBaseAuth() throws Exception JavaDoc
77    {
78       String JavaDoc serverHost = getServerHost();
79       //Siteminder usecase
80
performCustomAuth("sm_ssoid", new Cookie(serverHost,
81                   "SMSESSION", "theduke", "/", null, false), "SiteMinder");
82       
83       //Cleartrust usecase
84
performCustomAuth("ct-remote-user", new Cookie(serverHost,
85             "CTSESSION", "theduke", "/", null, false), "Cleartrust");
86       
87       //Oblix usecase
88
performCustomAuth("HTTP_OBLIX_UID", new Cookie(serverHost,
89             "ObSSOCookie", "theduke", "/", null, false), "Oblix");
90    }
91    
92    private void performCustomAuth(String JavaDoc headerId, Cookie cookie,
93          String JavaDoc usecase) throws Exception JavaDoc
94    {
95       GetMethod indexGet = new GetMethod(baseURLNoAuth+path);
96       indexGet.addRequestHeader(headerId, "jduke");
97       httpConn.getState().addCookie(cookie);
98       int responseCode = httpConn.executeMethod(indexGet);
99       String JavaDoc response = indexGet.getStatusText();
100       log.debug("Response from " + usecase + " case:"+response);
101       Header jex = indexGet.getResponseHeader("X-JException");
102       log.debug("Saw X-JException, "+jex);
103       assertNull("X-JException == null", jex);
104       assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
105    }
106    
107    private PostMethod doSecureGetWithLogin(String JavaDoc path, String JavaDoc username, String JavaDoc password)
108    throws Exception JavaDoc
109    {
110       GetMethod indexGet = new GetMethod(baseURLNoAuth+path);
111       int responseCode = httpConn.executeMethod(indexGet);
112       String JavaDoc body = indexGet.getResponseBodyAsString();
113       assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
114       assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 );
115
116       HttpState state = httpConn.getState();
117       Cookie[] cookies = state.getCookies();
118       String JavaDoc sessionID = null;
119       for(int c = 0; c < cookies.length; c ++)
120       {
121          Cookie k = cookies[c];
122          if( k.getName().equalsIgnoreCase("JSESSIONID") )
123             sessionID = k.getValue();
124       }
125       getLog().debug("Saw JSESSIONID="+sessionID);
126
127       // Submit the login form
128
PostMethod formPost = new PostMethod(baseURLNoAuth+"header-form-auth/j_security_check");
129       formPost.addRequestHeader("Referer", baseURLNoAuth+"header-form-auth/restricted/login.html");
130       formPost.addParameter("j_username", username);
131       formPost.addParameter("j_password", password);
132       responseCode = httpConn.executeMethod(formPost.getHostConfiguration(),
133             formPost, state);
134       String JavaDoc response = formPost.getStatusText();
135       log.debug("responseCode="+responseCode+", response="+response);
136       assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
137
138       // Follow the redirect to the SecureServlet
139
Header location = formPost.getResponseHeader("Location");
140       String JavaDoc indexURI = location.getValue();
141       GetMethod war1Index = new GetMethod(indexURI);
142       responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(),
143             war1Index, state);
144       response = war1Index.getStatusText();
145       log.debug("responseCode="+responseCode+", response="+response);
146       assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
147       body = war1Index.getResponseBodyAsString();
148       if( body.indexOf("j_security_check") > 0 )
149          fail("get of "+indexURI+" redirected to login page");
150       return formPost;
151    }
152
153    /** One time setup for all SingleSignOnUnitTestCase unit tests
154     */

155    public static Test suite() throws Exception JavaDoc
156    {
157       TestSuite suite = new TestSuite();
158       suite.addTest(new TestSuite(CustomHeaderAuthTestCase.class));
159
160       // Create an initializer for the test suite
161
Test wrapper = new JBossTestSetup(suite)
162       {
163          protected void setUp() throws Exception JavaDoc
164          {
165             super.setUp();
166             deploy("header-form-auth.ear");
167             // Make sure the security cache is clear
168
flushAuthCache();
169          }
170          protected void tearDown() throws Exception JavaDoc
171          {
172             undeploy("header-form-auth.ear");
173             super.tearDown();
174          }
175       };
176       return wrapper;
177    }
178 }
179
Popular Tags