Java tutorial
/* * JBoss, Home of Professional Open Source. * Copyright 2014 Red Hat, Inc., and individual contributors * as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package io.undertow.servlet.test.security.form; import static org.junit.Assert.assertEquals; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; import javax.servlet.ServletException; import javax.servlet.SessionTrackingMode; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.ProtocolException; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.DefaultRedirectStrategy; import org.apache.http.message.BasicNameValuePair; import org.apache.http.protocol.HttpContext; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import io.undertow.security.api.AuthenticationMode; import io.undertow.server.handlers.PathHandler; import io.undertow.servlet.api.DeploymentInfo; import io.undertow.servlet.api.DeploymentManager; import io.undertow.servlet.api.LoginConfig; import io.undertow.servlet.api.ServletContainer; import io.undertow.servlet.api.ServletInfo; import io.undertow.servlet.api.ServletSecurityInfo; import io.undertow.servlet.api.ServletSessionConfig; import io.undertow.servlet.test.SimpleServletTestCase; import io.undertow.servlet.test.security.SendUsernameServlet; import io.undertow.servlet.test.security.constraint.ServletIdentityManager; import io.undertow.servlet.test.util.TestClassIntrospector; import io.undertow.testutils.DefaultServer; import io.undertow.testutils.HttpClientUtils; import io.undertow.testutils.TestHttpClient; import io.undertow.util.StatusCodes; /** * @author Stuart Douglas */ @RunWith(DefaultServer.class) public class ServletFormAuthURLRewriteTestCase { public static final String HELLO_WORLD = "Hello World"; @BeforeClass public static void setup() throws ServletException { final PathHandler path = new PathHandler(); final ServletContainer container = ServletContainer.Factory.newInstance(); ServletInfo s = new ServletInfo("servlet", SendUsernameServlet.class) .setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/secured/*"); ServletInfo echo = new ServletInfo("echo", EchoServlet.class) .setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")) .addMapping("/secured/echo"); ServletInfo echoParam = new ServletInfo("echoParam", RequestParamEchoServlet.class) .setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")) .addMapping("/secured/echoParam"); ServletInfo s1 = new ServletInfo("loginPage", FormLoginServlet.class) .setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("group1")) .addMapping("/FormLoginServlet"); ServletIdentityManager identityManager = new ServletIdentityManager(); identityManager.addUser("user1", "password1", "role1"); DeploymentInfo builder = new DeploymentInfo() .setServletSessionConfig(new ServletSessionConfig() .setSessionTrackingModes(Collections.singleton(SessionTrackingMode.URL))) .setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext") .setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war") .setAuthenticationMode(AuthenticationMode.CONSTRAINT_DRIVEN).setIdentityManager(identityManager) .setLoginConfig(new LoginConfig("FORM", "Test Realm", "/FormLoginServlet", "/error.html")) .addServlets(s, s1, echo, echoParam); DeploymentManager manager = container.addDeployment(builder); manager.deploy(); path.addPrefixPath(builder.getContextPath(), manager.start()); DefaultServer.setRootHandler(path); } @Test public void testServletFormAuth() throws IOException { TestHttpClient client = new TestHttpClient(); client.setRedirectStrategy(new DefaultRedirectStrategy() { @Override public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException { if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) { return true; } return super.isRedirected(request, response, context); } }); try { final String uri = DefaultServer.getDefaultServerURL() + "/servletContext/secured/test"; HttpGet get = new HttpGet(uri); HttpResponse result = client.execute(get); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); String response = HttpClientUtils.readResponse(result); Assert.assertTrue(response.startsWith("j_security_check")); BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") }; final List<NameValuePair> data = new ArrayList<>(); data.addAll(Arrays.asList(pairs)); HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/" + response); post.setEntity(new UrlEncodedFormEntity(data)); result = client.execute(post); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); response = HttpClientUtils.readResponse(result); Assert.assertEquals("user1", response); } finally { client.getConnectionManager().shutdown(); } } @Test public void testServletFormAuthWithSavedPostBody() throws IOException { TestHttpClient client = new TestHttpClient(); client.setRedirectStrategy(new DefaultRedirectStrategy() { @Override public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException { if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) { return true; } return super.isRedirected(request, response, context); } }); try { final String uri = DefaultServer.getDefaultServerURL() + "/servletContext/secured/echo"; HttpPost post = new HttpPost(uri); post.setEntity(new StringEntity("String Entity")); HttpResponse result = client.execute(post); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); String response = HttpClientUtils.readResponse(result); Assert.assertTrue(response.startsWith("j_security_check")); BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") }; final List<NameValuePair> data = new ArrayList<>(); data.addAll(Arrays.asList(pairs)); post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/" + response); post.setEntity(new UrlEncodedFormEntity(data)); result = client.execute(post); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); response = HttpClientUtils.readResponse(result); Assert.assertEquals("String Entity", response); } finally { client.getConnectionManager().shutdown(); } } @Test public void testServletFormAuthWithOriginalRequestParams() throws IOException { TestHttpClient client = new TestHttpClient(); client.setRedirectStrategy(new DefaultRedirectStrategy() { @Override public boolean isRedirected(final HttpRequest request, final HttpResponse response, final HttpContext context) throws ProtocolException { if (response.getStatusLine().getStatusCode() == StatusCodes.FOUND) { return true; } return super.isRedirected(request, response, context); } }); try { final String uri = DefaultServer.getDefaultServerURL() + "/servletContext/secured/echoParam?param=developer"; HttpPost post = new HttpPost(uri); post.setEntity(new StringEntity("String Entity")); HttpResponse result = client.execute(post); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); String response = HttpClientUtils.readResponse(result); Assert.assertTrue(response.startsWith("j_security_check")); BasicNameValuePair[] pairs = new BasicNameValuePair[] { new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1") }; final List<NameValuePair> data = new ArrayList<>(); data.addAll(Arrays.asList(pairs)); post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/" + response); post.setEntity(new UrlEncodedFormEntity(data)); result = client.execute(post); assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode()); response = HttpClientUtils.readResponse(result); assertEquals("developer", response); } finally { client.getConnectionManager().shutdown(); } } }