From: Maria Odea B. Ching Date: Mon, 6 Oct 2008 01:11:37 +0000 (+0000) Subject: -updated RepositoryServletSecurityTest X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3d7ddc045a23ac8dff693650d511ac3780eaed86;p=archiva.git -updated RepositoryServletSecurityTest -added test class for ArchivaServletAuthenticator git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-security-fix@701910 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java b/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java new file mode 100644 index 000000000..f0ec649d1 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java @@ -0,0 +1,50 @@ +package org.apache.maven.archiva.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.codehaus.plexus.spring.PlexusInSpringTestCase; + +/** + * ArchivaServletAuthenticatorTest + * + * @author Maria Odea Ching + * @version + */ +public class ArchivaServletAuthenticatorTest + extends PlexusInSpringTestCase +{ + public void setUp() + throws Exception + { + super.setUp(); + } + + public void testIsAuthenticated() + throws Exception + { + //TODO + } + + public void testIsAuthorized() + throws Exception + { + //TODO + } +} diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java index f1301aabc..e029ca583 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java @@ -91,11 +91,7 @@ public class RepositoryServletSecurityTest private ArchivaXworkUser archivaXworkUser; private RepositoryServlet servlet; - - private MockControl davResourceFactoryControl; - - private DavResourceFactory davResourceFactory; - + public void setUp() throws Exception { @@ -135,11 +131,7 @@ public class RepositoryServletSecurityTest archivaXworkUser = new ArchivaXworkUser(); archivaXworkUser.setGuest( "guest" ); - davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser ); - - davResourceFactoryControl = MockControl.createControl( DavResourceFactory.class ); - davResourceFactoryControl.setDefaultMatcher( new AlwaysMatcher() ); - davResourceFactory = (DavResourceFactory) davResourceFactoryControl.getMock(); + davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser ); } protected ManagedRepositoryConfiguration createManagedRepository( String id, String name, File location ) @@ -230,8 +222,7 @@ public class RepositoryServletSecurityTest httpAuthControl.replay(); servletAuthControl.replay(); - - //WebResponse response = sc.getResponse( request ); + servlet.service( ic.getRequest(), ic.getResponse() ); httpAuthControl.verify(); @@ -270,8 +261,7 @@ public class RepositoryServletSecurityTest servletAuth.isAuthorized( "guest", "internal", true ); servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER ); servletAuthControl.setReturnValue( true ); - //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true ); - + // ArchivaDavResourceFactory#isAuthorized() SecuritySession session = new DefaultSecuritySession(); httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); @@ -283,12 +273,10 @@ public class RepositoryServletSecurityTest servletAuth.isAuthorized( "guest", "internal", true ); servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER ); servletAuthControl.setReturnValue( true ); - //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", true ), true ); httpAuthControl.replay(); servletAuthControl.replay(); - //WebResponse response = sc.getResponse( request ); servlet.service( ic.getRequest(), ic.getResponse() ); httpAuthControl.verify(); @@ -333,7 +321,6 @@ public class RepositoryServletSecurityTest httpAuthControl.replay(); servletAuthControl.replay(); - //WebResponse response = sc.getResponse( request ); servlet.service( ic.getRequest(), ic.getResponse() ); httpAuthControl.verify(); @@ -379,9 +366,6 @@ public class RepositoryServletSecurityTest httpAuthControl.replay(); servletAuthControl.replay(); - // WebResponse response = sc.getResponse( request ); - // WebResponse response = ic.getServletResponse(); - servlet.service( ic.getRequest(), ic.getResponse() ); httpAuthControl.verify(); @@ -534,26 +518,33 @@ public class RepositoryServletSecurityTest InvocationContext ic = sc.newInvocation( request ); servlet = (RepositoryServlet) ic.getServlet(); servlet.setDavSessionProvider( davSessionProvider ); - servlet.setResourceFactory( davResourceFactory ); + ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory(); + archivaDavResourceFactory.setHttpAuth( httpAuth ); + archivaDavResourceFactory.setServletAuth( servletAuth ); + + servlet.setResourceFactory( archivaDavResourceFactory ); + AuthenticationResult result = new AuthenticationResult(); httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true ); - //TODO remove davResourceFactoryControl! - davResourceFactoryControl.expectAndThrow( davResourceFactory.createResource( null, null, null ), - new UnauthorizedDavException( "internal", "User not authorized" ) ); - + // ArchivaDavResourceFactory#isAuthorized() + SecuritySession session = new DefaultSecuritySession(); + httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); + httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session ); + servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true ); + servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal", true ), + new UnauthorizedException( "User not authorized to read repository." ) ); + httpAuthControl.replay(); servletAuthControl.replay(); - davResourceFactoryControl.replay(); - + WebResponse response = sc.getResponse( request ); httpAuthControl.verify(); servletAuthControl.verify(); - davResourceFactoryControl.verify(); - + assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() ); } }