/testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/web/security/WebSecurityFORMTestCase.java
Java | 157 lines | 100 code | 22 blank | 35 comment | 12 complexity | d65fed2278c5dc65571dc7ee8b6b13ba MD5 | raw file
- /*
- * JBoss, Home of Professional Open Source.
- * Copyright (c) 2011, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
- package org.jboss.as.test.integration.web.security;
- import static org.junit.Assert.assertEquals;
- import java.net.URL;
- import java.util.ArrayList;
- import java.util.List;
- import org.apache.http.Header;
- import org.apache.http.HttpEntity;
- import org.apache.http.HttpResponse;
- import org.apache.http.NameValuePair;
- import org.apache.http.StatusLine;
- import org.apache.http.client.entity.UrlEncodedFormEntity;
- import org.apache.http.client.methods.HttpGet;
- import org.apache.http.client.methods.HttpPost;
- import org.apache.http.cookie.Cookie;
- import org.apache.http.impl.client.DefaultHttpClient;
- import org.apache.http.message.BasicNameValuePair;
- import org.apache.http.protocol.HTTP;
- import org.apache.http.util.EntityUtils;
- import org.jboss.arquillian.container.test.api.Deployment;
- import org.jboss.arquillian.container.test.api.RunAsClient;
- import org.jboss.arquillian.junit.Arquillian;
- import org.jboss.shrinkwrap.api.spec.WebArchive;
- import org.junit.runner.RunWith;
- /**
- * Unit Test web security
- *
- * @author Anil Saldhana
- */
- @RunWith(Arquillian.class)
- @RunAsClient
- public class WebSecurityFORMTestCase extends WebSecurityPasswordBasedBase {
- @Deployment
- public static WebArchive deployment() {
- // FIXME hack to get things prepared before the deployment happens
- try {
- // create required security domains
- createSecurityDomain();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- ClassLoader tccl = Thread.currentThread().getContextClassLoader();
- URL webxml = tccl.getResource("web-secure.war/web.xml");
- WebArchive war = WebSecurityPasswordBasedBase.create("web-secure.war", SecuredServlet.class, true, webxml);
- war.addAsWebResource(tccl.getResource("web-secure.war/login.jsp"), "login.jsp");
- war.addAsWebResource(tccl.getResource("web-secure.war/error.jsp"), "error.jsp");
- war.addAsWebInfResource("web-secure-basic.war/jboss-web.xml", "jboss-web.xml");
- WebSecurityPasswordBasedBase.printWar(war);
- return war;
- }
- protected void makeCall(String user, String pass, int expectedStatusCode) throws Exception {
- DefaultHttpClient httpclient = new DefaultHttpClient();
- try {
- HttpGet httpget = new HttpGet(URL);
- HttpResponse response = httpclient.execute(httpget);
- HttpEntity entity = response.getEntity();
- if (entity != null)
- EntityUtils.consume(entity);
- // We should get the Login Page
- StatusLine statusLine = response.getStatusLine();
- System.out.println("Login form get: " + statusLine);
- assertEquals(200, statusLine.getStatusCode());
- System.out.println("Initial set of cookies:");
- List<Cookie> cookies = httpclient.getCookieStore().getCookies();
- if (cookies.isEmpty()) {
- System.out.println("None");
- } else {
- for (int i = 0; i < cookies.size(); i++) {
- System.out.println("- " + cookies.get(i).toString());
- }
- }
- // We should now login with the user name and password
- HttpPost httpost = new HttpPost(URL + "/j_security_check");
- List<NameValuePair> nvps = new ArrayList<NameValuePair>();
- nvps.add(new BasicNameValuePair("j_username", user));
- nvps.add(new BasicNameValuePair("j_password", pass));
- httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
- response = httpclient.execute(httpost);
- entity = response.getEntity();
- if (entity != null)
- EntityUtils.consume(entity);
- statusLine = response.getStatusLine();
- // Post authentication - we have a 302
- assertEquals(302, statusLine.getStatusCode());
- Header locationHeader = response.getFirstHeader("Location");
- String location = locationHeader.getValue();
- HttpGet httpGet = new HttpGet(location);
- response = httpclient.execute(httpGet);
- entity = response.getEntity();
- if (entity != null)
- EntityUtils.consume(entity);
- System.out.println("Post logon cookies:");
- cookies = httpclient.getCookieStore().getCookies();
- if (cookies.isEmpty()) {
- System.out.println("None");
- } else {
- for (int i = 0; i < cookies.size(); i++) {
- System.out.println("- " + cookies.get(i).toString());
- }
- }
- // Either the authentication passed or failed based on the expected status code
- statusLine = response.getStatusLine();
- assertEquals(expectedStatusCode, statusLine.getStatusCode());
- } finally {
- // When HttpClient instance is no longer needed,
- // shut down the connection manager to ensure
- // immediate deallocation of all system resources
- httpclient.getConnectionManager().shutdown();
- }
- }
- @Override
- public String getContextPath() {
- return "web-secure";
- }
- }