import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.archiva.test.utils.ArchivaSpringJUnit4ClassRunner;
import org.apache.archiva.webdav.util.MavenIndexerCleaner;
-import org.apache.catalina.Context;
+import org.apache.catalina.Container;
+import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.easymock.EasyMock;
-import static org.easymock.EasyMock.*;
import org.easymock.IMocksControl;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.web.context.ContextLoaderListener;
import javax.inject.Inject;
+import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.InputStream;
import java.nio.charset.Charset;
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.eq;
+
/**
* RepositoryServletSecurityTest Test the flow of the authentication and authorization checks. This does not necessarily
* perform redback security checking.
protected static int port;
+ StandardContext context;
+
@Inject
ApplicationContext applicationContext;
CacheManager.getInstance().clearAll();
- /*
- sr = new ServletRunner( new File( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
- sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
- sc = sr.newClient();
- */
-
-
tomcat = new Tomcat();
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
tomcat.setPort( 0 );
- Context context = tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) );
+ context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
ApplicationParameter applicationParameter = new ApplicationParameter();
applicationParameter.setName( "contextConfigLocation" );
this.port = tomcat.getConnector().getLocalPort();
-
servletAuthControl = EasyMock.createControl();
servletAuth = servletAuthControl.createMock( ServletAuthenticator.class );
httpAuth = httpAuthControl.createMock( HttpAuthenticator.class );
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
+
+ // FIXME use mock to avoid starting Tomcat
+ //RepositoryServlet repositoryServlet = new RepositoryServlet();
+ //MockServletConfig mockServletConfig = new MockServletConfig();
+
+ //MockServletContext mockServletContext = new MockServletContext( );
+ //mockServletContext
+
+ //repositoryServlet.init( mockServletConfig );
+
+ servlet = RepositoryServlet.class.cast( findServlet( "repository" ) );
}
protected String getSpringConfigLocation()
throws Exception
{
-
if ( repoRootInternal.exists() )
{
FileUtils.deleteDirectory( repoRootInternal );
servlet = null;
- if (this.tomcat != null)
+ if ( this.tomcat != null )
{
this.tomcat.stop();
}
super.tearDown();
}
+ protected Servlet findServlet( String name )
+ throws Exception
+ {
+ Container[] childs = context.findChildren();
+ for ( Container container : childs )
+ {
+ if ( StringUtils.equals( container.getName(), name ) )
+ {
+ Tomcat.ExistingStandardWrapper esw = Tomcat.ExistingStandardWrapper.class.cast( container );
+ Servlet servlet = esw.loadServlet();
+
+ return servlet;
+ }
+ }
+ return null;
+ }
+
// test deploy with invalid user, and guest has no write access to repo
// 401 must be returned
- @Ignore("rewrite")
+ @Test
public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
servletAuth.isAuthenticated( EasyMock.anyObject( HttpServletRequest.class ),
EasyMock.anyObject( AuthenticationResult.class ) );
httpAuthControl.replay();
servletAuthControl.replay();
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- //assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test deploy with invalid user, but guest has write access to repo
- @Ignore("rewrite")
+ @Test
public void testPutWithInvalidUserAndGuestHasWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
- InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
- assertNotNull( "artifact.jar inputstream", is );
-
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
- EasyMock.expect(servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD )).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
+ ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ).andReturn(
+ true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
- EasyMock.expect(servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) )).andThrow( new AuthenticationException( "Authentication error" ) );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andThrow(
+ new AuthenticationException( "Authentication error" ) );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+ assertNotNull( "artifact.jar inputstream", is );
+
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals( HttpServletResponse.SC_CREATED, response.getResponseCode() );
+ assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
}
// test deploy with a valid user with no write access
- @Ignore("rewrite")
+ @Test
public void testPutWithValidUserWithNoWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
- InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
- assertNotNull( "artifact.jar inputstream", is );
-
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- //EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
- //EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( new SimpleUser() );
+ EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession( true ) ) ).andReturn(
+ session );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
- eq( result ) ) ).andReturn( true );
+ EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( new SimpleUser() );
+
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
+ true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andThrow(
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andThrow(
new UnauthorizedException( "User not authorized" ) );
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+ assertNotNull( "artifact.jar inputstream", is );
+
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test deploy with a valid user with write access
- @Ignore("rewrite")
+ @Test
public void testPutWithValidUserWithWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
assertTrue( repoRootInternal.exists() );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class) )).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult(anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- //EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
+ EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession() ) ).andReturn( session );
- //EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( user );
+ EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( user );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andReturn(
- true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals(HttpServletResponse.SC_CREATED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
assertEquals( "admin", listener.getEvents().get( 0 ).getUserId() );
}
// test get with invalid user, and guest has read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithInvalidUserAndGuestHasReadAccess()
throws Exception
{
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) )
- .andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn( true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;// sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
- assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
+ assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
+
+ assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
}
// test get with invalid user, and guest has no read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithInvalidUserAndGuestHasNoReadAccess()
throws Exception
{
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;//sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test get with valid user with read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithAValidUserWithReadAccess()
throws Exception
{
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn(
- true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;// sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
- assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
+ assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
+ assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
}
// test get with valid user with no read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithAValidUserWithNoReadAccess()
throws Exception
{
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class) ) ).andReturn( session );
+ EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
- EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class) ) ).andReturn( new SimpleUser() );
+ EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andThrow(
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andThrow(
new UnauthorizedException( "User not authorized to read repository." ) );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;//sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
}
projects / archiva.git / commitdiff