ExcludedPrefixWebConstraintsUnitTestCase


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.test.web.security.jacc;
23  
24  import java.security.Policy  ;
25  import java.security.ProtectionDomain  ;
26  import java.util.ArrayList  ;
27  import java.util.List  ;
28  import javax.security.jacc.PolicyConfiguration  ;
29  import javax.security.jacc.PolicyContext  ;
30  import javax.security.jacc.WebResourcePermission  ;
31  
32  import junit.framework.TestCase;
33  import org.jboss.metadata.WebMetaData;
34  import org.jboss.metadata.WebSecurityMetaData;
35  import org.jboss.security.SimplePrincipal;
36  import org.jboss.security.jacc.DelegatingPolicy;
37  import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
38  import org.jboss.web.WebPermissionMapping;
39  
40  /** Test of the unchecked permission
41   
42  <?xml version="1.0" encoding="UTF-8"?>
43  <web-app version="2.4"
44     xmlns="http://java.sun.com/xml/ns/j2ee"
45     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
46     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
47     http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
48  
49     <description>Tests of various security-constraints</description>
50  
51     <servlet>
52        <servlet-name>ConstraintsServlet</servlet-name>
53        <servlet-class>org.jboss.test.security.servlets.ConstraintsServlet</servlet-class>
54     </servlet>
55  
56     <servlet-mapping>
57        <servlet-name>ConstraintsServlet</servlet-name>
58        <url-pattern>/*</url-pattern>
59     </servlet-mapping>
60  
61     <security-constraint>
62        <web-resource-collection>
63           <web-resource-name>Excluded</web-resource-name>
64           <url-pattern>/restricted/post-only/excluded/*</url-pattern>
65           <url-pattern>/*</url-pattern>
66        </web-resource-collection>
67        <auth-constraint />
68        <user-data-constraint>
69           <transport-guarantee>NONE</transport-guarantee>
70        </user-data-constraint>
71     </security-constraint>
72  
73     <security-constraint>
74        <web-resource-collection>
75           <web-resource-name>Restricted POST</web-resource-name>
76           <url-pattern>/restricted/post-only/*</url-pattern>
77           <http-method>POST</http-method>
78        </web-resource-collection>
79        <auth-constraint>
80           <role-name>PostRole</role-name>
81        </auth-constraint>
82        <user-data-constraint>
83           <transport-guarantee>NONE</transport-guarantee>
84        </user-data-constraint>
85     </security-constraint>
86     <security-constraint>
87        <web-resource-collection>
88           <web-resource-name>Excluded POST</web-resource-name>
89           <url-pattern>/restricted/post-only/*</url-pattern>
90           <http-method>DELETE</http-method>
91           <http-method>PUT</http-method>
92           <http-method>HEAD</http-method>
93           <http-method>OPTIONS</http-method>
94           <http-method>TRACE</http-method>
95           <http-method>GET</http-method>
96        </web-resource-collection>
97        <auth-constraint />
98        <user-data-constraint>
99           <transport-guarantee>NONE</transport-guarantee>
100       </user-data-constraint>
101    </security-constraint>
102 
103    <security-role>
104       <role-name>PostRole</role-name>
105    </security-role>
106 
107    <login-config>
108       <auth-method>BASIC</auth-method>
109       <realm-name>WebConstraintsUnitTestCase</realm-name>
110    </login-config>
111 </web-app>
112 
113  @author Scott.Stark@jboss.org
114  @version $Revision: 37459 $
115  */
116 public class ExcludedPrefixWebConstraintsUnitTestCase extends TestCase
117 {
118    private PolicyConfiguration   pc;
119 
120    public void testUncheckedPrefix() throws Exception  
121    {
122       Policy   p = Policy.getPolicy();
123       SimplePrincipal[] caller = null;
124       ProtectionDomain   pd = new ProtectionDomain  (null, null, null, caller);
125       // Test /unchecked
126       WebResourcePermission   wrp = new WebResourcePermission  ("/unchecked", "GET");
127       assertTrue("/unchecked GET", p.implies(pd, wrp));
128       wrp = new WebResourcePermission  ("/unchecked/x", "GET");
129       assertTrue("/unchecked/x GET", p.implies(pd, wrp));
130 
131       // Test the Unrestricted security-constraint
132       wrp = new WebResourcePermission  ("/restricted/not", "GET");
133       assertTrue("/restricted/not GET", p.implies(pd, wrp));
134       wrp = new WebResourcePermission  ("/restricted/not/x", "GET");
135       assertTrue("/restricted/not/x GET", p.implies(pd, wrp));
136       wrp = new WebResourcePermission  ("/restricted/not/x", "HEAD");
137       assertTrue("/restricted/not/x HEAD", p.implies(pd, wrp));
138       wrp = new WebResourcePermission  ("/restricted/not/x", "POST");
139       assertTrue("/restricted/not/x POST", p.implies(pd, wrp));
140 
141       wrp = new WebResourcePermission  ("/", "GET");
142       assertTrue("/ GET", p.implies(pd, wrp));
143       wrp = new WebResourcePermission  ("/other", "GET");
144       assertTrue("/other GET", p.implies(pd, wrp));
145       wrp = new WebResourcePermission  ("/other", "HEAD");
146       assertTrue("/other HEAD", p.implies(pd, wrp));
147       wrp = new WebResourcePermission  ("/other", "POST");
148       assertTrue("/other POST", p.implies(pd, wrp));
149    }
150 
151    protected void setUp() throws Exception  
152    {
153       WebMetaData metaData = new WebMetaData();
154       ArrayList   securityContraints = new ArrayList  ();
155       addSC(securityContraints);
156       metaData.setSecurityConstraints(securityContraints);
157 
158       DelegatingPolicy policy = new DelegatingPolicy();
159       Policy.setPolicy(policy);
160       JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
161       pc = pcf.getPolicyConfiguration("UncheckedPrefixWebConstraintsUnitTestCase", true);
162       WebPermissionMapping.createPermissions(metaData, pc);
163       pc.commit();
164       System.out.println(policy.listContextPolicies());
165       PolicyContext.setContextID("UncheckedPrefixWebConstraintsUnitTestCase");
166    }
167 
168    private void addSC(List   securityContraints)
169    {
170       // security-constraint/ display-name = excluded
171       WebSecurityMetaData wsmd = new WebSecurityMetaData();
172       securityContraints.add(wsmd);
173       // web-resource-collection/web-resource-name = No Access
174       WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("No Access");
175       wrc.addPattern("/excluded/*");
176       wrc.addPattern("/restricted/get-only/excluded/*");
177       wrc.addPattern("/restricted/post-only/excluded/*");
178       wrc.addPattern("/restricted/any/excluded/*");
179       wrc.addPattern("/excluded/*");
180 
181       // web-resource-collection/web-resource-name = No Access
182       wrc = wsmd.addWebResource("No Access");
183       wrc.addPattern("/restricted/*");
184       wrc.addHttpMethod("DELETE");
185       wrc.addHttpMethod("PUT");
186       wrc.addHttpMethod("HEAD");
187       wrc.addHttpMethod("OPTIONS");
188       wrc.addHttpMethod("TRACE");
189       wrc.addHttpMethod("GET");
190       wrc.addHttpMethod("POST");
191 
192       wsmd.setExcluded(true);
193       wsmd.setTransportGuarantee("NONE");      
194 
195       wsmd = new WebSecurityMetaData();
196       securityContraints.add(wsmd);
197       wrc = wsmd.addWebResource("Unchecked");
198       wrc.addPattern("/unchecked/*");
199       wrc.addPattern("/restricted/not/*");
200       wrc.addHttpMethod("DELETE");
201       wrc.addHttpMethod("PUT");
202       wrc.addHttpMethod("HEAD");
203       wrc.addHttpMethod("OPTIONS");
204       wrc.addHttpMethod("TRACE");
205       wrc.addHttpMethod("GET");
206       wrc.addHttpMethod("POST");
207 
208       // no auth-constraint
209       wsmd.setUnchecked(true);
210       // user-data-constraint/transport-guarantee
211       wsmd.setTransportGuarantee("NONE");            
212    }
213 
214 }
215
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags