Java tutorial
/* * JBoss, Home of Professional Open Source. * Copyright 2014, Red Hat, Inc., and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ package org.jboss.as.test.clustering.cluster.web.authentication; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import javax.servlet.http.HttpServletResponse; import org.apache.http.HttpResponse; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.utils.HttpClientUtils; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.HttpClients; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.OperateOnDeployment; import org.jboss.arquillian.container.test.api.RunAsClient; import org.jboss.arquillian.container.test.api.TargetsContainer; import org.jboss.arquillian.junit.Arquillian; import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.as.arquillian.api.ServerSetup; import org.jboss.as.test.clustering.cluster.ClusterAbstractTestCase; import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; /** * Validates that a user remains authenticated following failover when using BASIC authentication. * @author Paul Ferraro */ @RunWith(Arquillian.class) @RunAsClient @ServerSetup(WebSecurityDomainSetup.class) public class BasicAuthenticationWebFailoverTestCase extends ClusterAbstractTestCase { @Deployment(name = DEPLOYMENT_1, managed = false) @TargetsContainer(CONTAINER_1) public static Archive<?> deployment0() { return getDeployment(); } @Deployment(name = DEPLOYMENT_2, managed = false) @TargetsContainer(CONTAINER_2) public static Archive<?> deployment1() { return getDeployment(); } private static Archive<?> getDeployment() { WebArchive war = ShrinkWrap.create(WebArchive.class, "basic-authentication.war"); war.addClass(SecureServlet.class); war.setWebXML(SecureServlet.class.getPackage(), "web-basic.xml"); war.addAsWebInfResource(SecureServlet.class.getPackage(), "jboss-web.xml", "jboss-web.xml"); war.addAsResource(SecureServlet.class.getPackage(), "users.properties", "users.properties"); war.addAsResource(SecureServlet.class.getPackage(), "roles.properties", "roles.properties"); return war; } @Test public void test(@ArquillianResource(SecureServlet.class) @OperateOnDeployment(DEPLOYMENT_1) URL baseURL1, @ArquillianResource(SecureServlet.class) @OperateOnDeployment(DEPLOYMENT_2) URL baseURL2) throws IOException, URISyntaxException { CredentialsProvider provider = new BasicCredentialsProvider(); HttpClient client = HttpClients.custom().setDefaultCredentialsProvider(provider).build(); URI uri1 = SecureServlet.createURI(baseURL1); URI uri2 = SecureServlet.createURI(baseURL2); try { // Valid login, invalid role setCredentials(provider, "forbidden", "password", baseURL1, baseURL2); HttpResponse response = client.execute(new HttpGet(uri1)); try { Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatusLine().getStatusCode()); } finally { HttpClientUtils.closeQuietly(response); } // Invalid login, valid role setCredentials(provider, "allowed", "bad", baseURL1, baseURL2); response = client.execute(new HttpGet(uri1)); try { Assert.assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode()); } finally { HttpClientUtils.closeQuietly(response); } // Valid login, valid role setCredentials(provider, "allowed", "password", baseURL1, baseURL2); String sessionId = null; response = client.execute(new HttpGet(uri1)); try { Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode()); Assert.assertNotNull(response.getFirstHeader(SecureServlet.SESSION_ID_HEADER)); sessionId = response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue(); } finally { HttpClientUtils.closeQuietly(response); } undeploy(DEPLOYMENT_1); response = client.execute(new HttpGet(uri2)); try { Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode()); Assert.assertEquals(sessionId, response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue()); } finally { HttpClientUtils.closeQuietly(response); } deploy(DEPLOYMENT_1); response = client.execute(new HttpGet(uri1)); try { Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode()); Assert.assertEquals(sessionId, response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue()); } finally { HttpClientUtils.closeQuietly(response); } } finally { HttpClientUtils.closeQuietly(client); } } private static void setCredentials(CredentialsProvider provider, String user, String password, URL... urls) { for (URL url : urls) { provider.setCredentials(new AuthScope(url.getHost(), url.getPort()), new UsernamePasswordCredentials(user, password)); } } }