KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > web > security > jacc > UncheckedPrefixWebConstraintsUnitTestCase


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.test.web.security.jacc;
23
24 import java.security.Policy JavaDoc;
25 import java.security.ProtectionDomain JavaDoc;
26 import java.util.ArrayList JavaDoc;
27 import java.util.List JavaDoc;
28 import javax.security.jacc.PolicyConfiguration JavaDoc;
29 import javax.security.jacc.PolicyContext JavaDoc;
30 import javax.security.jacc.WebResourcePermission JavaDoc;
31
32 import junit.framework.TestCase;
33 import org.jboss.metadata.WebMetaData;
34 import org.jboss.metadata.WebSecurityMetaData;
35 import org.jboss.security.SimplePrincipal;
36 import org.jboss.security.jacc.DelegatingPolicy;
37 import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
38 import org.jboss.web.WebPermissionMapping;
39
40 /** Test of the unchecked permission
41  
42 <?xml version="1.0" encoding="UTF-8"?>
43 <web-app version="2.4"
44    xmlns="http://java.sun.com/xml/ns/j2ee"
45    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
46    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
47    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
48
49    <description>Tests of various security-constraints</description>
50
51    <servlet>
52       <servlet-name>ConstraintsServlet</servlet-name>
53       <servlet-class>org.jboss.test.security.servlets.ConstraintsServlet</servlet-class>
54    </servlet>
55
56    <servlet-mapping>
57       <servlet-name>ConstraintsServlet</servlet-name>
58       <url-pattern>/*</url-pattern>
59    </servlet-mapping>
60
61    <security-constraint>
62       <web-resource-collection>
63          <web-resource-name>Excluded</web-resource-name>
64          <url-pattern>/restricted/post-only/excluded/*</url-pattern>
65          <url-pattern>/*</url-pattern>
66       </web-resource-collection>
67       <auth-constraint />
68       <user-data-constraint>
69          <transport-guarantee>NONE</transport-guarantee>
70       </user-data-constraint>
71    </security-constraint>
72
73    <security-constraint>
74       <web-resource-collection>
75          <web-resource-name>Restricted POST</web-resource-name>
76          <url-pattern>/restricted/post-only/*</url-pattern>
77          <http-method>POST</http-method>
78       </web-resource-collection>
79       <auth-constraint>
80          <role-name>PostRole</role-name>
81       </auth-constraint>
82       <user-data-constraint>
83          <transport-guarantee>NONE</transport-guarantee>
84       </user-data-constraint>
85    </security-constraint>
86    <security-constraint>
87       <web-resource-collection>
88          <web-resource-name>Excluded POST</web-resource-name>
89          <url-pattern>/restricted/post-only/*</url-pattern>
90          <http-method>DELETE</http-method>
91          <http-method>PUT</http-method>
92          <http-method>HEAD</http-method>
93          <http-method>OPTIONS</http-method>
94          <http-method>TRACE</http-method>
95          <http-method>GET</http-method>
96       </web-resource-collection>
97       <auth-constraint />
98       <user-data-constraint>
99          <transport-guarantee>NONE</transport-guarantee>
100       </user-data-constraint>
101    </security-constraint>
102
103    <security-role>
104       <role-name>PostRole</role-name>
105    </security-role>
106
107    <login-config>
108       <auth-method>BASIC</auth-method>
109       <realm-name>WebConstraintsUnitTestCase</realm-name>
110    </login-config>
111 </web-app>
112
113  @author Scott.Stark@jboss.org
114  @version $Revision: 37459 $
115  */
116 public class UncheckedPrefixWebConstraintsUnitTestCase extends TestCase
117 {
118    private PolicyConfiguration JavaDoc pc;
119
120    public void testUncheckedPrefix() throws Exception JavaDoc
121    {
122       Policy JavaDoc p = Policy.getPolicy();
123       SimplePrincipal[] caller = null;
124       ProtectionDomain JavaDoc pd = new ProtectionDomain JavaDoc(null, null, null, caller);
125
126       // There should be no
127 WebResourcePermission JavaDoc wrp = new WebResourcePermission JavaDoc("/restricted/post-only/x", "GET");
128       assertFalse("/restricted/post-only/x GET", p.implies(pd, wrp));
129       wrp = new WebResourcePermission JavaDoc("/restricted/post-only/x", "POST");
130       assertFalse("/restricted/post-only/x POST", p.implies(pd, wrp));
131
132       caller = new SimplePrincipal[]{new SimplePrincipal("PostRole")};
133       pd = new ProtectionDomain JavaDoc(null, null, null, caller);
134       wrp = new WebResourcePermission JavaDoc("/restricted/post-only/x", "GET");
135       assertFalse("/restricted/post-only/x GET", p.implies(pd, wrp));
136       wrp = new WebResourcePermission JavaDoc("/restricted/post-only/x", "POST");
137       assertTrue("/restricted/post-only/x POST", p.implies(pd, wrp));
138
139    }
140
141    protected void setUp() throws Exception JavaDoc
142    {
143       WebMetaData metaData = new WebMetaData();
144       ArrayList JavaDoc securityContraints = new ArrayList JavaDoc();
145       addSC(securityContraints);
146       metaData.setSecurityConstraints(securityContraints);
147
148       DelegatingPolicy policy = new DelegatingPolicy();
149       Policy.setPolicy(policy);
150       JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
151       pc = pcf.getPolicyConfiguration("UncheckedPrefixWebConstraintsUnitTestCase", true);
152       WebPermissionMapping.createPermissions(metaData, pc);
153       pc.commit();
154       System.out.println(policy.listContextPolicies());
155       PolicyContext.setContextID("UncheckedPrefixWebConstraintsUnitTestCase");
156    }
157
158    private void addSC(List JavaDoc securityContraints)
159    {
160       WebSecurityMetaData wsmd = new WebSecurityMetaData();
161       securityContraints.add(wsmd);
162       // web-resource-collection/web-resource-name = Excluded
163 WebSecurityMetaData.WebResourceCollection wrc = wsmd.addWebResource("Excluded");
164       wrc.addPattern("/restricted/post-only/excluded/*");
165       wrc.addPattern("/*");
166
167       // <auth-constraint />
168 wsmd.setExcluded(true);
169
170       // user-data-constraint/transport-guarantee
171 wsmd.setTransportGuarantee("NONE");
172
173       wsmd = new WebSecurityMetaData();
174       securityContraints.add(wsmd);
175       // web-resource-collection/web-resource-name = Restricted POST
176 wrc = wsmd.addWebResource("Restricted POST");
177       wrc.addPattern("/restricted/post-only/*");
178       wrc.addHttpMethod("POST");
179       wsmd.addRole("PostRole");
180       wsmd.setTransportGuarantee("NONE");
181
182       wsmd = new WebSecurityMetaData();
183       securityContraints.add(wsmd);
184       // web-resource-collection/web-resource-name = Excluded POST
185 wrc = wsmd.addWebResource("Excluded POST");
186       wrc.addPattern("/restricted/post-only/*");
187       wrc.addHttpMethod("DELETE");
188       wrc.addHttpMethod("PUT");
189       wrc.addHttpMethod("HEAD");
190       wrc.addHttpMethod("OPTIONS");
191       wrc.addHttpMethod("TRACE");
192       wrc.addHttpMethod("GET");
193       wsmd.setExcluded(true);
194       wsmd.setTransportGuarantee("NONE");
195    }
196
197 }
198
Popular Tags