SSOBaseCase


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  package org.jboss.test.web.test;
23  
24  import java.net.HttpURLConnection  ;
25  
26  import junit.framework.TestCase;
27  import org.apache.commons.httpclient.Cookie;
28  import org.apache.commons.httpclient.Header;
29  import org.apache.commons.httpclient.HttpClient;
30  import org.apache.commons.httpclient.HttpState;
31  import org.apache.commons.httpclient.methods.GetMethod;
32  import org.apache.commons.httpclient.methods.PostMethod;
33  import org.jboss.logging.Logger;
34  
35  /** 
36   * Base class for tests of web app single sign-on
37   * 
38   * @author Brian Stansberry
39   * @version $Revision: 58115 $
40   */
41  public abstract class SSOBaseCase extends TestCase
42  { 
43     /** Test single sign-on across two web apps using form based auth
44      * 
45      * @throws Exception
46      */ 
47     protected static void executeFormAuthSingleSignOnTest(String   serverA, 
48                                                    String   serverB,
49                                                    Logger log) 
50           throws Exception  
51     {
52        // Start by accessing the secured index.html of war1
53        HttpClient httpConn = new HttpClient();
54        GetMethod indexGet = new GetMethod(serverA+"/war1/index.html");
55        int responseCode = httpConn.executeMethod(indexGet);
56        String   body = indexGet.getResponseBodyAsString();
57        assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
58        assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0 );
59  
60        HttpState state = httpConn.getState();
61        Cookie[] cookies = state.getCookies();
62        String   sessionID = null;
63        for(int c = 0; c < cookies.length; c ++)
64        {
65           Cookie k = cookies[c];
66           if( k.getName().equalsIgnoreCase("JSESSIONID") )
67              sessionID = k.getValue();
68        }
69        log.debug("Saw JSESSIONID="+sessionID);
70  
71        // Submit the login form
72        PostMethod formPost = new PostMethod(serverA+"/war1/j_security_check");
73        formPost.addRequestHeader("Referer", serverA+"/war1/login.html");
74        formPost.addParameter("j_username", "jduke");
75        formPost.addParameter("j_password", "theduke");
76        responseCode = httpConn.executeMethod(formPost.getHostConfiguration(),
77           formPost, state);
78        String   response = formPost.getStatusText();
79        log.debug("responseCode="+responseCode+", response="+response);
80        assertTrue("Saw HTTP_MOVED_TEMP("+responseCode+")",
81           responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
82  
83        //  Follow the redirect to the index.html page
84        Header location = formPost.getResponseHeader("Location");
85        String   indexURI = location.getValue();
86        GetMethod war1Index = new GetMethod(indexURI);
87        responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(),
88           war1Index, state);
89        assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
90        body = war1Index.getResponseBodyAsString();
91        if( body.indexOf("j_security_check") > 0 )
92           fail("get of "+indexURI+" redirected to login page");
93  
94        cookies = state.getCookies();
95        String   ssoID = null;
96        for(int c = 0; c < cookies.length; c ++)
97        {
98           Cookie k = cookies[c];
99           if( k.getName().equalsIgnoreCase("JSESSIONIDSSO") )
100          {
101             ssoID = k.getValue();
102             if (serverA.equals(serverB) == false) 
103             {
104                // Make an sso cookie to send to serverB
105                Cookie copy = copyCookie(k, serverB);
106                state.addCookie(copy);
107                log.debug("Added state cookie: "+copy);
108             }
109          }
110       }
111       assertTrue("Saw JSESSIONIDSSO", ssoID != null);
112       log.debug("Saw JSESSIONIDSSO="+ssoID);
113 
114       // Pause a moment before switching wars to better simulate real life
115       // use cases.  Otherwise, the test case can "outrun" the async
116       // replication in the TreeCache used by the clustered SSO
117       // 500 ms is a long time, but this isn't a test of replication speed
118       // and we don't want spurious failures.
119       if (!serverA.equals(serverB))
120          Thread.sleep(500);
121 
122       // Now try getting the war2 index using the JSESSIONIDSSO cookie 
123       log.debug("Prepare /war2/index.html get");
124       GetMethod war2Index = new GetMethod(serverB+"/war2/index.html");
125       responseCode = httpConn.executeMethod(war2Index.getHostConfiguration(),
126          war2Index, state);
127       response = war2Index.getStatusText();
128       log.debug("responseCode="+responseCode+", response="+response);
129       assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
130       body = war2Index.getResponseBodyAsString();
131       log.debug("body: "+body);
132       if( body.indexOf("j_security_check") > 0 )
133          fail("get of /war2/index.html redirected to login page");
134 
135       /* Access a secured servlet that calls a secured ejb in war2 to test
136       propagation of the SSO identity to the ejb container.
137       */
138       GetMethod war2Servlet = new GetMethod(serverB+"/war2/EJBServlet");
139       responseCode = httpConn.executeMethod(war2Servlet.getHostConfiguration(),
140          war2Servlet, state);
141       response = war2Servlet.getStatusText();
142       log.debug("responseCode="+responseCode+", response="+response);
143       assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
144       body = war2Servlet.getResponseBodyAsString();
145       log.debug("body: "+body);
146       if( body.indexOf("j_security_check") > 0 )
147          fail("get of /war2/EJBServlet redirected to login page");
148 
149       // Now try logging out of war2 
150       GetMethod war2Logout = new GetMethod(serverB+"/war2/Logout");
151       war2Logout.setFollowRedirects(false);
152       responseCode = httpConn.executeMethod(war2Logout.getHostConfiguration(),
153          war2Logout, state);
154       response = war2Logout.getStatusText();
155       log.debug("responseCode="+responseCode+", response="+response);
156       assertTrue("Logout: Saw HTTP_MOVED_TEMP("+responseCode+")",
157          responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
158       location = war2Logout.getResponseHeader("Location");
159       indexURI = location.getValue();
160       if( indexURI.indexOf("index.html") < 0 )
161          fail("get of /war2/Logout not redirected to login page");
162       
163       // Again, pause before switching wars
164       if (!serverA.equals(serverB))
165          Thread.sleep(500);
166       
167       // Try accessing war1 again
168       war1Index = new GetMethod(serverA+"/war1/index.html");
169       responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(),
170          war1Index, state);
171       assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
172       body = war1Index.getResponseBodyAsString();
173       log.debug("body: " + body);
174       if( body.indexOf("j_security_check") < 0 )
175          fail("get of /war1/index.html not redirected to login page");
176       
177       // Try accessing war2 again
178       war2Index = new GetMethod(serverB+"/war2/index.html");
179       responseCode = httpConn.executeMethod(war2Index.getHostConfiguration(),
180          war2Index, state);
181       assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
182       body = war2Index.getResponseBodyAsString();
183       log.debug("body: " + body);
184       if( body.indexOf("j_security_check") < 0 )
185          fail("get of /war2/index.html not redirected to login page");      
186       
187    }
188    
189    public static Cookie copyCookie(Cookie toCopy, String   targetServer)
190    {
191       // Parse the target server down to a domain name
192       int index = targetServer.indexOf("://");
193       if (index > -1)
194       {
195          targetServer = targetServer.substring(index + 3);
196       }
197       index = targetServer.indexOf(":");
198       if (index > -1)
199       {
200          targetServer = targetServer.substring(0, index);         
201       }
202       index = targetServer.indexOf("/");
203       if (index > -1)
204       {
205          targetServer = targetServer.substring(0, index);
206       }
207       
208       Cookie copy = new Cookie(targetServer,
209                                toCopy.getName(),
210                                toCopy.getValue(),
211                                "/",
212                                null,
213                                false);
214       return copy;
215    }
216 }
217
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags