KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > web > security > jacc > ExcludedPrefixWebConstraintsUnitTestCase


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */

22 package org.jboss.test.web.security.jacc;
23
24 import java.security.Policy JavaDoc;
25 import java.security.ProtectionDomain JavaDoc;
26 import java.util.ArrayList JavaDoc;
27 import java.util.List JavaDoc;
28 import javax.security.jacc.PolicyConfiguration JavaDoc;
29 import javax.security.jacc.PolicyContext JavaDoc;
30 import javax.security.jacc.WebResourcePermission JavaDoc;
31
32 import junit.framework.TestCase;
33 import org.jboss.metadata.WebMetaData;
34 import org.jboss.metadata.WebSecurityMetaData;
35 import org.jboss.security.SimplePrincipal;
36 import org.jboss.security.jacc.DelegatingPolicy;
37 import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
38 import org.jboss.web.WebPermissionMapping;
39
40 /** Test of the unchecked permission
41  
42 <?xml version="1.0" encoding="UTF-8"?>
43 <web-app version="2.4"
44    xmlns="http://java.sun.com/xml/ns/j2ee"
45    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
46    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
47    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
48
49    <description>Tests of various security-constraints</description>
50
51    <servlet>
52       <servlet-name>ConstraintsServlet</servlet-name>
53       <servlet-class>org.jboss.test.security.servlets.ConstraintsServlet</servlet-class>
54    </servlet>
55
56    <servlet-mapping>
57       <servlet-name>ConstraintsServlet</servlet-name>
58       <url-pattern>/*</url-pattern>
59    </servlet-mapping>
60
61    <security-constraint>
62       <web-resource-collection>
63          <web-resource-name>Excluded</web-resource-name>
64          <url-pattern>/restricted/post-only/excluded/*</url-pattern>
65          <url-pattern>/*</url-pattern>
66       </web-resource-collection>
67       <auth-constraint />
68       <user-data-constraint>
69          <transport-guarantee>NONE</transport-guarantee>
70       </user-data-constraint>
71    </security-constraint>
72
73    <security-constraint>
74       <web-resource-collection>
75          <web-resource-name>Restricted POST</web-resource-name>
76          <url-pattern>/restricted/post-only/*</url-pattern>
77          <http-method>POST</http-method>
78       </web-resource-collection>
79       <auth-constraint>
80          <role-name>PostRole</role-name>
81       </auth-constraint>
82       <user-data-constraint>
83          <transport-guarantee>NONE</transport-guarantee>
84       </user-data-constraint>
85    </security-constraint>
86    <security-constraint>
87       <web-resource-collection>
88          <web-resource-name>Excluded POST</web-resource-name>
89          <url-pattern>/restricted/post-only/*</url-pattern>
90          <http-method>DELETE</http-method>
91          <http-method>PUT</http-method>
92          <http-method>HEAD</http-method>
93          <http-method>OPTIONS</http-method>
94          <http-method>TRACE</http-method>
95          <http-method>GET</http-method>
96       </web-resource-collection>
97       <auth-constraint />
98       <user-data-constraint>
99          <transport-guarantee>NONE</transport-guarantee>
100       </user-data-constraint>
101    </security-constraint>
102
103    <security-role>
104       <role-name>PostRole</role-name>
105    </security-role>
106
107    <login-config>
108       <auth-method>BASIC</auth-method>
109       <realm-name>WebConstraintsUnitTestCase</realm-name>
110    </login-config>
111 </web-app>
112
113  @author Scott.Stark@jboss.org
114  @version $Revision: 37459 $
115  */

116 public class ExcludedPrefixWebConstraintsUnitTestCase extends TestCase
117 {
118    private PolicyConfiguration JavaDoc pc;
119
120    public void testUncheckedPrefix() throws Exception JavaDoc
121    {
122       Policy JavaDoc p = Policy.getPolicy();
123       SimplePrincipal[] caller = null;
124       ProtectionDomain JavaDoc pd = new ProtectionDomain JavaDoc(null, null, null, caller);
125       // Test /unchecked
126
WebResourcePermission JavaDoc wrp = new WebResourcePermission JavaDoc("/unchecked", "GET");
127       assertTrue("/unchecked GET", p.implies(pd, wrp));
128       wrp = new WebResourcePermission JavaDoc("/unchecked/x", "GET");
129       assertTrue("/unchecked/x GET", p.implies(pd, wrp));
130
131       // Test the Unrestricted security-constraint
132
wrp = new WebResourcePermission JavaDoc("/restricted/not", "GET");
133       assertTrue("/restricted/not GET", p.implies(pd, wrp));
134       wrp = new WebResourcePermission JavaDoc("/restricted/not/x", "GET");
135       assertTrue("/restricted/not/x GET", p.implies(pd, wrp));
136       wrp = new WebResourcePermission JavaDoc("/restricted/not/x", "HEAD");
137       assertTrue("/restricted/not/x HEAD", p.implies(pd, wrp));
138       wrp = new WebResourcePermission JavaDoc("/restricted/not/x", "POST");
139       assertTrue("/restricted/not/x POST", p.implies(pd, wrp));
140
141       wrp = new WebResourcePermission JavaDoc("/", "GET");
142       assertTrue("/ GET", p.implies(pd, wrp));
143       wrp = new WebResourcePermission JavaDoc("/other", "GET");
144       assertTrue("/other GET", p.implies(pd, wrp));
145       wrp = new WebResourcePermission JavaDoc("/other", "HEAD");
146       assertTrue("/other HEAD", p.implies(pd, wrp));
147       wrp = new WebResourcePermission JavaDoc("/other", "POST");
148       assertTrue("/other POST", p.implies(pd, wrp));
149    }
150
151    protected void setUp() throws Exception JavaDoc
152    {
153       WebMetaData metaData = new WebMetaData();
154       ArrayList JavaDoc securityContraints = new ArrayList JavaDoc();
155       addSC(securityContraints);
156       metaData.setSecurityConstraints(securityContraints);
157
158       DelegatingPolicy policy = new DelegatingPolicy();
159       Policy.setPolicy(policy);
160       JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
161       pc = pcf.getPolicyConfiguration("UncheckedPrefixWebConstraintsUnitTestCase", true);
162       WebPermissionMapping.createPermissions(metaData, pc);
163       pc.commit();
164       System.out.println(policy.listContextPolicies());
165       PolicyContext.setContextID("UncheckedPrefixWebConstraintsUnitTestCase");
166    }
167
168    private void addSC(List JavaDoc securityContraints)
169    {
170       // security-constraint/ display-name = excluded
171
WebSecurityMetaData wsmd = new WebSecurityMetaData();
172       securityContraints.add(wsmd);
173       // web-resource-collection/web-resource-name = No Access
174
WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("No Access");
175       wrc.addPattern("/excluded/*");
176       wrc.addPattern("/restricted/get-only/excluded/*");
177       wrc.addPattern("/restricted/post-only/excluded/*");
178       wrc.addPattern("/restricted/any/excluded/*");
179       wrc.addPattern("/excluded/*");
180
181       // web-resource-collection/web-resource-name = No Access
182
wrc = wsmd.addWebResource("No Access");
183       wrc.addPattern("/restricted/*");
184       wrc.addHttpMethod("DELETE");
185       wrc.addHttpMethod("PUT");
186       wrc.addHttpMethod("HEAD");
187       wrc.addHttpMethod("OPTIONS");
188       wrc.addHttpMethod("TRACE");
189       wrc.addHttpMethod("GET");
190       wrc.addHttpMethod("POST");
191
192       wsmd.setExcluded(true);
193       wsmd.setTransportGuarantee("NONE");
194
195       wsmd = new WebSecurityMetaData();
196       securityContraints.add(wsmd);
197       wrc = wsmd.addWebResource("Unchecked");
198       wrc.addPattern("/unchecked/*");
199       wrc.addPattern("/restricted/not/*");
200       wrc.addHttpMethod("DELETE");
201       wrc.addHttpMethod("PUT");
202       wrc.addHttpMethod("HEAD");
203       wrc.addHttpMethod("OPTIONS");
204       wrc.addHttpMethod("TRACE");
205       wrc.addHttpMethod("GET");
206       wrc.addHttpMethod("POST");
207
208       // no auth-constraint
209
wsmd.setUnchecked(true);
210       // user-data-constraint/transport-guarantee
211
wsmd.setTransportGuarantee("NONE");
212    }
213
214 }
215
Popular Tags