-updated RepositoryServletSecurityTest

-added test class for ArchivaServletAuthenticator

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-security-fix@701910 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java b/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
new file mode 100644 (file)
index 0000000..f0ec649
--- /dev/null
+++ b/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
@@ -0,0 +1,50 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.spring.PlexusInSpringTestCase;
+
+/**
+ * ArchivaServletAuthenticatorTest
+ * 
+ * @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>
+ * @version
+ */
+public class ArchivaServletAuthenticatorTest
+    extends PlexusInSpringTestCase
+{
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+    }
+    
+    public void testIsAuthenticated()
+        throws Exception
+    {
+        //TODO
+    }
+    
+    public void testIsAuthorized()
+        throws Exception
+    {
+        //TODO
+    }
+}

diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
index f1301aabcf28b932366d3c72d2d2500388f1b737..e029ca583e2031fc5302fd1abe88aa8b2964e604 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
+++ b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
@@ -91,11 +91,7 @@ public class RepositoryServletSecurityTest
     private ArchivaXworkUser archivaXworkUser;
 
     private RepositoryServlet servlet;
-
-    private MockControl davResourceFactoryControl;
-
-    private DavResourceFactory davResourceFactory;
-
+    
     public void setUp()
         throws Exception
     {
@@ -135,11 +131,7 @@ public class RepositoryServletSecurityTest
         archivaXworkUser = new ArchivaXworkUser();
         archivaXworkUser.setGuest( "guest" );
 
-        davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );
-
-        davResourceFactoryControl = MockControl.createControl( DavResourceFactory.class );
-        davResourceFactoryControl.setDefaultMatcher( new AlwaysMatcher() );
-        davResourceFactory = (DavResourceFactory) davResourceFactoryControl.getMock();
+        davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );      
     }
 
     protected ManagedRepositoryConfiguration createManagedRepository( String id, String name, File location )
@@ -230,8 +222,7 @@ public class RepositoryServletSecurityTest
 
         httpAuthControl.replay();
         servletAuthControl.replay();
-
-        //WebResponse response = sc.getResponse( request );
+        
         servlet.service( ic.getRequest(), ic.getResponse() );
         
         httpAuthControl.verify();
@@ -270,8 +261,7 @@ public class RepositoryServletSecurityTest
         servletAuth.isAuthorized( "guest", "internal", true );
         servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
         servletAuthControl.setReturnValue( true );
-        //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true );
-        
+                
      // ArchivaDavResourceFactory#isAuthorized()
         SecuritySession session = new DefaultSecuritySession();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
@@ -283,12 +273,10 @@ public class RepositoryServletSecurityTest
         servletAuth.isAuthorized( "guest", "internal", true );
         servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
         servletAuthControl.setReturnValue( true );
-        //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true );
         
         httpAuthControl.replay();
         servletAuthControl.replay();
 
-        //WebResponse response = sc.getResponse( request );
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -333,7 +321,6 @@ public class RepositoryServletSecurityTest
         httpAuthControl.replay();
         servletAuthControl.replay();
         
-        //WebResponse response = sc.getResponse( request );
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -379,9 +366,6 @@ public class RepositoryServletSecurityTest
         httpAuthControl.replay();
         servletAuthControl.replay();
 
-        // WebResponse response = sc.getResponse( request );
-        // WebResponse response = ic.getServletResponse();
-
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -534,26 +518,33 @@ public class RepositoryServletSecurityTest
         InvocationContext ic = sc.newInvocation( request );
         servlet = (RepositoryServlet) ic.getServlet();
         servlet.setDavSessionProvider( davSessionProvider );
-        servlet.setResourceFactory( davResourceFactory );
 
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+        
         AuthenticationResult result = new AuthenticationResult();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
         servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
 
-        //TODO remove davResourceFactoryControl!
-        davResourceFactoryControl.expectAndThrow( davResourceFactory.createResource( null, null, null ),
-                                                  new UnauthorizedDavException( "internal", "User not authorized" ) );
-
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal", true ),
+                                           new UnauthorizedException( "User not authorized to read repository." ) );
+        
         httpAuthControl.replay();
         servletAuthControl.replay();
-        davResourceFactoryControl.replay();
-
+        
         WebResponse response = sc.getResponse( request );
 
         httpAuthControl.verify();
         servletAuthControl.verify();
-        davResourceFactoryControl.verify();
-
+        
         assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
     }
 }