io.undertow.servlet.test.security.basic.ServletCertAndDigestAuthTestCase.java Source code

Java tutorial

Introduction

Here is the source code for io.undertow.servlet.test.security.basic.ServletCertAndDigestAuthTestCase.java

Source

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package io.undertow.servlet.test.security.basic;

import static io.undertow.util.Headers.AUTHORIZATION;
import static io.undertow.util.Headers.BASIC;
import static org.junit.Assert.assertEquals;
import static org.xnio.Options.SSL_CLIENT_AUTH_MODE;
import static org.xnio.SslClientAuthMode.NOT_REQUESTED;

import java.nio.charset.StandardCharsets;
import javax.net.ssl.SSLContext;
import javax.servlet.MultipartConfigElement;

import io.undertow.server.handlers.PathHandler;
import io.undertow.servlet.api.AuthMethodConfig;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.ServletContainer;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.servlet.test.SimpleServletTestCase;
import io.undertow.servlet.test.security.MultipartAcceptingServlet;
import io.undertow.servlet.test.security.constraint.ServletIdentityManager;
import io.undertow.servlet.test.util.TestClassIntrospector;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.TestHttpClient;
import io.undertow.util.FlexBase64;
import io.undertow.util.StatusCodes;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.entity.mime.content.ByteArrayBody;
import org.apache.http.entity.mime.content.StringBody;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.xnio.OptionMap;

/**
 * @author Tomas Hofman
 */
@RunWith(DefaultServer.class)
public class ServletCertAndDigestAuthTestCase {

    private static final String REALM_NAME = "Servlet_Realm";
    private static final String BASE_PATH = "/servletContext/secured/";

    private static SSLContext clientSSLContext;

    @BeforeClass
    public static void startSSL() throws Exception {
        DefaultServer.startSSLServer(OptionMap.create(SSL_CLIENT_AUTH_MODE, NOT_REQUESTED));
        clientSSLContext = DefaultServer.getClientSSLContext();

        final PathHandler path = new PathHandler();

        final ServletContainer container = ServletContainer.Factory.newInstance();
        ServletInfo multipartServlet = new ServletInfo("Multipart Accepting Servlet",
                MultipartAcceptingServlet.class).addMapping("/secured/multipart")
                        .setMultipartConfig(new MultipartConfigElement(""));

        ServletIdentityManager identityManager = new ServletIdentityManager();
        identityManager.addUser("user1", "password1", "role1");
        identityManager.addUser("charsetUser", "password-", "role1");

        LoginConfig loginConfig = new LoginConfig(REALM_NAME);
        loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC"));
        loginConfig.addFirstAuthMethod(new AuthMethodConfig("CLIENT_CERT"));
        DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader())
                .setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE)
                .setDeploymentName("servletContext.war").setIdentityManager(identityManager)
                .setLoginConfig(loginConfig).addServlets(multipartServlet);

        builder.addSecurityConstraint(new SecurityConstraint()
                .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*"))
                .addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));

        DeploymentManager manager = container.addDeployment(builder);
        manager.deploy();
        path.addPrefixPath(builder.getContextPath(), manager.start());

        DefaultServer.setRootHandler(path);
    }

    @AfterClass
    public static void stopSSL() throws Exception {
        clientSSLContext = null;
        DefaultServer.stopSSLServer();
    }

    @Test
    public void testMultipartRequest() throws Exception {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 2000; i++) {
            sb.append("0123456789");
        }

        try (TestHttpClient client = new TestHttpClient()) {
            // create POST request
            MultipartEntityBuilder builder = MultipartEntityBuilder.create();
            builder.addPart("part1", new ByteArrayBody(sb.toString().getBytes(), "file.txt"));
            builder.addPart("part2", new StringBody("0123456789", ContentType.TEXT_HTML));
            HttpEntity entity = builder.build();

            client.setSSLContext(clientSSLContext);
            String url = DefaultServer.getDefaultServerSSLAddress() + BASE_PATH + "multipart";
            HttpPost post = new HttpPost(url);
            post.setEntity(entity);
            post.addHeader(AUTHORIZATION.toString(), BASIC + " " + FlexBase64
                    .encodeString(("user1" + ":" + "password1").getBytes(StandardCharsets.UTF_8), false));

            HttpResponse result = client.execute(post);
            assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
        }
    }
}