You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2014/01/06 06:31:27 UTC
svn commit: r1555670 - in
/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav:
AbstractRepositoryServletTestCase.java RepositoryServletSecurityTest.java
Author: olamy
Date: Mon Jan 6 05:31:26 2014
New Revision: 1555670
URL: http://svn.apache.org/r1555670
Log:
fix unit test
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java
archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java?rev=1555670&r1=1555669&r2=1555670&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/AbstractRepositoryServletTestCase.java Mon Jan 6 05:31:26 2014
@@ -95,6 +95,9 @@ public abstract class AbstractRepository
protected static int port;
+
+ StandardContext context;
+
@Before
public void setUp()
throws Exception
@@ -140,9 +143,6 @@ public abstract class AbstractRepository
}
- StandardContext context;
-
- UnauthenticatedRepositoryServlet servlet;
protected void startRepository()
throws Exception
@@ -151,7 +151,7 @@ public abstract class AbstractRepository
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
tomcat.setPort( 0 );
- context = (StandardContext) tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) );
+ context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
ApplicationParameter applicationParameter = new ApplicationParameter();
applicationParameter.setName( "contextConfigLocation" );
@@ -162,9 +162,7 @@ public abstract class AbstractRepository
context.addApplicationListener( MavenIndexerCleaner.class.getName() );
- servlet = new UnauthenticatedRepositoryServlet();
-
- Tomcat.addServlet( context, "repository", servlet );
+ Tomcat.addServlet( context, "repository", new UnauthenticatedRepositoryServlet() );
context.addServletMapping( "/repository/*", "repository" );
Tomcat.addServlet( context, "reinitservlet", new ReinitServlet() );
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java?rev=1555670&r1=1555669&r2=1555670&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/archiva/webdav/RepositoryServletSecurityTest.java Mon Jan 6 05:31:26 2014
@@ -40,13 +40,15 @@ import org.apache.archiva.security.Servl
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.archiva.test.utils.ArchivaSpringJUnit4ClassRunner;
import org.apache.archiva.webdav.util.MavenIndexerCleaner;
-import org.apache.catalina.Context;
+import org.apache.catalina.Container;
+import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.easymock.EasyMock;
-import static org.easymock.EasyMock.*;
import org.easymock.IMocksControl;
import org.junit.After;
import org.junit.Before;
@@ -54,10 +56,13 @@ import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.web.context.ContextLoaderListener;
import javax.inject.Inject;
+import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -66,6 +71,9 @@ import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.eq;
+
/**
* RepositoryServletSecurityTest Test the flow of the authentication and authorization checks. This does not necessarily
* perform redback security checking.
@@ -98,6 +106,8 @@ public class RepositoryServletSecurityTe
protected static int port;
+ StandardContext context;
+
@Inject
ApplicationContext applicationContext;
@@ -128,18 +138,11 @@ public class RepositoryServletSecurityTe
CacheManager.getInstance().clearAll();
- /*
- sr = new ServletRunner( new File( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
- sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
- sc = sr.newClient();
- */
-
-
tomcat = new Tomcat();
tomcat.setBaseDir( System.getProperty( "java.io.tmpdir" ) );
tomcat.setPort( 0 );
- Context context = tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) );
+ context = StandardContext.class.cast( tomcat.addContext( "", System.getProperty( "java.io.tmpdir" ) ) );
ApplicationParameter applicationParameter = new ApplicationParameter();
applicationParameter.setName( "contextConfigLocation" );
@@ -157,7 +160,6 @@ public class RepositoryServletSecurityTe
this.port = tomcat.getConnector().getLocalPort();
-
servletAuthControl = EasyMock.createControl();
servletAuth = servletAuthControl.createMock( ServletAuthenticator.class );
@@ -167,6 +169,17 @@ public class RepositoryServletSecurityTe
httpAuth = httpAuthControl.createMock( HttpAuthenticator.class );
davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
+
+ // FIXME use mock to avoid starting Tomcat
+ //RepositoryServlet repositoryServlet = new RepositoryServlet();
+ //MockServletConfig mockServletConfig = new MockServletConfig();
+
+ //MockServletContext mockServletContext = new MockServletContext( );
+ //mockServletContext
+
+ //repositoryServlet.init( mockServletConfig );
+
+ servlet = RepositoryServlet.class.cast( findServlet( "repository" ) );
}
protected String getSpringConfigLocation()
@@ -211,7 +224,6 @@ public class RepositoryServletSecurityTe
throws Exception
{
-
if ( repoRootInternal.exists() )
{
FileUtils.deleteDirectory( repoRootInternal );
@@ -219,7 +231,7 @@ public class RepositoryServletSecurityTe
servlet = null;
- if (this.tomcat != null)
+ if ( this.tomcat != null )
{
this.tomcat.stop();
}
@@ -227,27 +239,41 @@ public class RepositoryServletSecurityTe
super.tearDown();
}
+ protected Servlet findServlet( String name )
+ throws Exception
+ {
+ Container[] childs = context.findChildren();
+ for ( Container container : childs )
+ {
+ if ( StringUtils.equals( container.getName(), name ) )
+ {
+ Tomcat.ExistingStandardWrapper esw = Tomcat.ExistingStandardWrapper.class.cast( container );
+ Servlet servlet = esw.loadServlet();
+
+ return servlet;
+ }
+ }
+ return null;
+ }
+
// test deploy with invalid user, and guest has no write access to repo
// 401 must be returned
- @Ignore("rewrite")
+ @Test
public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
servletAuth.isAuthenticated( EasyMock.anyObject( HttpServletRequest.class ),
EasyMock.anyObject( AuthenticationResult.class ) );
@@ -259,30 +285,30 @@ public class RepositoryServletSecurityTe
httpAuthControl.replay();
servletAuthControl.replay();
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- //assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test deploy with invalid user, but guest has write access to repo
- @Ignore("rewrite")
+ @Test
public void testPutWithInvalidUserAndGuestHasWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
- InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
- assertNotNull( "artifact.jar inputstream", is );
-
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -294,23 +320,28 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
- EasyMock.expect(servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD )).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
+ ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ).andReturn(
+ true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
- EasyMock.expect(servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) )).andThrow( new AuthenticationException( "Authentication error" ) );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andThrow(
+ new AuthenticationException( "Authentication error" ) );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
@@ -322,29 +353,33 @@ public class RepositoryServletSecurityTe
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+ assertNotNull( "artifact.jar inputstream", is );
+
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals( HttpServletResponse.SC_CREATED, response.getResponseCode() );
+ assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
}
// test deploy with a valid user with no write access
- @Ignore("rewrite")
+ @Test
public void testPutWithValidUserWithNoWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
- String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
- InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
- assertNotNull( "artifact.jar inputstream", is );
-
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -355,7 +390,8 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
@@ -364,45 +400,58 @@ public class RepositoryServletSecurityTe
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- //EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
- //EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( new SimpleUser() );
+ EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession( true ) ) ).andReturn(
+ session );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
- eq( result ) ) ).andReturn( true );
+ EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( new SimpleUser() );
+
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
+ true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andThrow(
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andThrow(
new UnauthorizedException( "User not authorized" ) );
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+ assertNotNull( "artifact.jar inputstream", is );
+
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test deploy with a valid user with write access
- @Ignore("rewrite")
+ @Test
public void testPutWithValidUserWithWriteAccess()
throws Exception
{
setupCleanRepo( repoRootInternal );
assertTrue( repoRootInternal.exists() );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
assertNotNull( "artifact.jar inputstream", is );
- WebRequest request = new AbstractRepositoryServletTestCase.PutMethodWebRequest( putUrl, is, "application/octet-stream" );
-
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -416,7 +465,8 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class) )).andReturn( result );
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
anyObject( AuthenticationResult.class ) ) ).andReturn( true );
@@ -427,35 +477,44 @@ public class RepositoryServletSecurityTe
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult(anyObject( HttpServletRequest.class ),
- anyObject( HttpServletResponse.class) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- //EasyMock.expect( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ) ).andReturn( session );
+ EasyMock.expect( httpAuth.getSecuritySession( mockHttpServletRequest.getSession() ) ).andReturn( session );
- //EasyMock.expect( httpAuth.getSessionUser( ic.getRequest().getSession() ) ).andReturn( user );
+ EasyMock.expect( httpAuth.getSessionUser( mockHttpServletRequest.getSession() ) ).andReturn( user );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD) ) ).andReturn(
- true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- //servlet.service( ic.getRequest(), ic.getResponse() );
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "PUT" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/path/to/artifact.jar" );
+ mockHttpServletRequest.setContent( IOUtils.toByteArray( is ) );
+ mockHttpServletRequest.setContentType( "application/octet-stream" );
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- // assertEquals(HttpServletResponse.SC_CREATED, response.getResponseCode());
+ assertEquals( HttpServletResponse.SC_CREATED, mockHttpServletResponse.getStatus() );
assertEquals( "admin", listener.getEvents().get( 0 ).getUserId() );
}
// test get with invalid user, and guest has read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithInvalidUserAndGuestHasReadAccess()
throws Exception
{
@@ -467,9 +526,6 @@ public class RepositoryServletSecurityTe
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -480,10 +536,12 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) )
- .andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
@@ -493,31 +551,43 @@ public class RepositoryServletSecurityTe
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( null );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn( true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;// sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
- assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
+ assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
+
+ assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
}
// test get with invalid user, and guest has no read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithInvalidUserAndGuestHasNoReadAccess()
throws Exception
{
@@ -529,16 +599,16 @@ public class RepositoryServletSecurityTe
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andThrow(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andThrow(
new AuthenticationException( "Authentication error" ) );
EasyMock.expect( servletAuth.isAuthorized( "guest", "internal",
@@ -547,16 +617,24 @@ public class RepositoryServletSecurityTe
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;//sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
// test get with valid user with read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithAValidUserWithReadAccess()
throws Exception
{
@@ -568,9 +646,6 @@ public class RepositoryServletSecurityTe
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -581,39 +656,52 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andReturn(
- true );
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andReturn( true );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;// sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_OK, response.getStatusCode() );
- assertEquals( "Expected file contents", expectedArtifactContents, response.getContentAsString() );
+ assertEquals( HttpServletResponse.SC_OK, mockHttpServletResponse.getStatus() );
+ assertEquals( "Expected file contents", expectedArtifactContents, mockHttpServletResponse.getContentAsString() );
}
// test get with valid user with no read access to repo
- @Ignore("rewrite")
+ @Test
public void testGetWithAValidUserWithNoReadAccess()
throws Exception
{
@@ -625,9 +713,6 @@ public class RepositoryServletSecurityTe
FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, Charset.defaultCharset() );
- WebRequest request = new AbstractRepositoryServletTestCase.GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
- //InvocationContext ic = sc.newInvocation( request );
- //servlet = (RepositoryServlet) ic.getServlet();
servlet.setDavSessionProvider( davSessionProvider );
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
@@ -638,33 +723,47 @@ public class RepositoryServletSecurityTe
AuthenticationResult result = new AuthenticationResult();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), anyObject( AuthenticationResult.class ) ) ).andReturn( true );
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ),
+ anyObject( AuthenticationResult.class ) ) ).andReturn( true );
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
- EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ), anyObject( HttpServletResponse.class ) ) ).andReturn( result );
+ EasyMock.expect( httpAuth.getAuthenticationResult( anyObject( HttpServletRequest.class ),
+ anyObject( HttpServletResponse.class ) ) ).andReturn(
+ result );
- EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class) ) ).andReturn( session );
+ EasyMock.expect( httpAuth.getSecuritySession( anyObject( HttpSession.class ) ) ).andReturn( session );
- EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class) ) ).andReturn( new SimpleUser() );
+ EasyMock.expect( httpAuth.getSessionUser( anyObject( HttpSession.class ) ) ).andReturn( new SimpleUser() );
- EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq(result) ) ).andReturn(
+ EasyMock.expect( servletAuth.isAuthenticated( anyObject( HttpServletRequest.class ), eq( result ) ) ).andReturn(
true );
- EasyMock.expect( servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq(session), eq("internal"),
- eq(ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS) ) ).andThrow(
+ EasyMock.expect(
+ servletAuth.isAuthorized( anyObject( HttpServletRequest.class ), eq( session ), eq( "internal" ),
+ eq( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) ).andThrow(
new UnauthorizedException( "User not authorized to read repository." ) );
httpAuthControl.replay();
servletAuthControl.replay();
- WebResponse response = null;//sc.getResponse( request );
+ MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
+ mockHttpServletRequest.addHeader( "User-Agent", "foo" );
+ mockHttpServletRequest.setMethod( "GET" );
+ mockHttpServletRequest.setRequestURI( "/repository/internal/" + commonsLangJar );
+
+
+ MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
+
+ servlet.service( mockHttpServletRequest, mockHttpServletResponse );
httpAuthControl.verify();
servletAuthControl.verify();
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getStatusCode() );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus() );
}
}