Java tutorial
/* * ***** BEGIN LICENSE BLOCK ***** * * Zimbra Collaboration Suite Server * Copyright (C) 2014, 2016 Synacor, Inc. * * This program is free software: you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software Foundation, * version 2 of the License. * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * You should have received a copy of the GNU General Public License along with this program. * If not, see <https://www.gnu.org/licenses/>. * * ***** END LICENSE BLOCK ***** */ package com.zimbra.qa.unittest; import java.net.URI; import java.util.HashMap; import java.util.Map; import junit.framework.TestCase; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpState; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.methods.GetMethod; import org.junit.Test; import com.zimbra.common.account.Key.AccountBy; import com.zimbra.common.account.ProvisioningConstants; import com.zimbra.common.auth.ZAuthToken; import com.zimbra.common.httpclient.HttpClientUtil; import com.zimbra.common.localconfig.LC; import com.zimbra.common.service.ServiceException; import com.zimbra.common.util.ZimbraHttpConnectionManager; import com.zimbra.common.util.ZimbraLog; import com.zimbra.cs.account.Account; import com.zimbra.cs.account.Provisioning; import com.zimbra.cs.account.accesscontrol.TargetType; import com.zimbra.cs.account.accesscontrol.generated.RightConsts; import com.zimbra.soap.admin.type.GranteeSelector.GranteeBy; import com.zimbra.soap.type.TargetBy; /** * * @author gsolovyev * CollectLDAPConfigServlet should be accessible only by global admins: https://bugzilla.zimbra.com/show_bug.cgi?id=93800 */ public class TestCollectConfigServletsAccess extends TestCase { private static String TEST_ADMIN_NAME = "TestAdmin"; private static String PASSWORD = "test123"; @Override public void setUp() throws Exception { cleanUp(); Map<String, Object> attrs = new HashMap<String, Object>(); attrs.put(Provisioning.A_zimbraIsDelegatedAdminAccount, ProvisioningConstants.TRUE); attrs.put("displayName", "delegated admin for a unit tests"); Provisioning.getInstance().createAccount(TestUtil.getAddress(TEST_ADMIN_NAME), PASSWORD, attrs); Provisioning.getInstance().grantRight(TargetType.domain.getCode(), TargetBy.name, TestUtil.getDomain(), com.zimbra.cs.account.accesscontrol.GranteeType.GT_USER.getCode(), GranteeBy.name, TestUtil.getAddress(TEST_ADMIN_NAME), null, RightConsts.RT_domainAdminConsoleRights, null); } @Override public void tearDown() throws Exception { cleanUp(); } private void cleanUp() throws Exception { Provisioning prov = Provisioning.getInstance(); Account account = prov.get(AccountBy.name, TestUtil.getAddress(TEST_ADMIN_NAME)); if (account != null) { prov.deleteAccount(account.getId()); } } /** * Verify that global admin can access servlet at /service/collectconfig/ * @throws Exception */ /* @Test public void testConfigGlobalAdmin() throws Exception { ZAuthToken at = TestUtil.getAdminSoapTransport().getAuthToken(); URI servletURI = new URI(getConfigServletUrl()); HttpState initialState = HttpClientUtil.newHttpState(at, servletURI.getHost(), true); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.setState(initialState); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); if(statusCode == HttpStatus.SC_INTERNAL_SERVER_ERROR) { fail("collectconfig servlet is failing. Likely Zimbra SSH access is not properly configured. " + get.getResponseHeader("X-Zimbra-Fault-Message").getValue()); } else { assertEquals("This request should succeed. Getting status code " + statusCode, HttpStatus.SC_OK,statusCode); } }*/ /** * Verify that delegated admin canNOT access servlet at /service/collectconfig/ * @throws Exception */ @Test public void testConfigDelegatedAdmin() throws Exception { ZAuthToken at = TestUtil.getAdminSoapTransport(TEST_ADMIN_NAME, PASSWORD).getAuthToken(); URI servletURI = new URI(getConfigServletUrl()); HttpState initialState = HttpClientUtil.newHttpState(at, servletURI.getHost(), true); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.setState(initialState); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); assertEquals("This request should NOT succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode); } /** * Verify that global admin can access servlet at /service/collectldapconfig/ * @throws Exception */ /* @Test public void testLDAPConfigGlobalAdmin() throws Exception { ZAuthToken at = TestUtil.getAdminSoapTransport().getAuthToken(); URI servletURI = new URI(getLDAPConfigServletUrl()); HttpState initialState = HttpClientUtil.newHttpState(at, servletURI.getHost(), true); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.setState(initialState); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); if(statusCode == HttpStatus.SC_INTERNAL_SERVER_ERROR) { fail("collectldapconfig servlet is failing. Likely Zimbra SSH access is not properly configured. " + get.getResponseHeader("X-Zimbra-Fault-Message").getValue()); } else { assertEquals("This request should succeed. Getting status code " + statusCode, HttpStatus.SC_OK,statusCode); } }*/ /** * Verify that delegated admin canNOT access servlet at /service/collectldapconfig/ * @throws Exception */ @Test public void testLDAPConfigDelegatedAdmin() throws Exception { ZAuthToken at = TestUtil.getAdminSoapTransport(TEST_ADMIN_NAME, PASSWORD).getAuthToken(); URI servletURI = new URI(getLDAPConfigServletUrl()); HttpState initialState = HttpClientUtil.newHttpState(at, servletURI.getHost(), true); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.setState(initialState); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); assertEquals("This request should NOT succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode); } /** * Verify that an HTTP client canNOT access servlet at /service/collectldapconfig/ without an auth token * @throws Exception */ @Test public void testLDAPConfigNoToken() throws Exception { URI servletURI = new URI(getLDAPConfigServletUrl()); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); assertEquals("This request should NOT succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode); } /** * Verify that an HTTP client canNOT access servlet at /service/collectconfig/ without an auth token * @throws Exception */ @Test public void testConfigNoToken() throws Exception { URI servletURI = new URI(getConfigServletUrl()); HttpClient restClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(); restClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); GetMethod get = new GetMethod(servletURI.toString()); int statusCode = HttpClientUtil.executeMethod(restClient, get); assertEquals("This request should NOT succeed. Getting status code " + statusCode, HttpStatus.SC_UNAUTHORIZED, statusCode); } private static String getConfigServletUrl() throws ServiceException { int port; try { port = Provisioning.getInstance().getLocalServer().getIntAttr(Provisioning.A_zimbraAdminPort, 0); } catch (ServiceException e) { ZimbraLog.test.error("Unable to get admin SOAP port", e); port = LC.zimbra_admin_service_port.intValue(); } return "https://localhost:" + port + "/service/collectconfig/?host=" + TestUtil.getServerAttr("name"); } private static String getLDAPConfigServletUrl() throws ServiceException { int port; try { port = Provisioning.getInstance().getLocalServer().getIntAttr(Provisioning.A_zimbraAdminPort, 0); } catch (ServiceException e) { ZimbraLog.test.error("Unable to get admin SOAP port", e); port = LC.zimbra_admin_service_port.intValue(); } return "https://localhost:" + port + "/service/collectldapconfig/"; } }