You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/10/12 17:08:07 UTC
[5/6] incubator-geode git commit: GEODE-1966: Unauthorized users
cannot access pulseVersion details
GEODE-1966: Unauthorized users cannot access pulseVersion details
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6054e004
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6054e004
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6054e004
Branch: refs/heads/develop
Commit: 6054e00431b1e3a0826b1e6937c867da3fb6e6ce
Parents: dfb87a5
Author: Jared Stewart <js...@pivotal.io>
Authored: Mon Oct 10 16:59:07 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Oct 12 09:47:10 2016 -0700
----------------------------------------------------------------------
.../src/main/webapp/WEB-INF/spring-security.xml | 1 -
.../tools/pulse/tests/ui/PulseAbstractTest.java | 11 +-
.../pulse/tests/ui/PulseAnonymousUserTest.java | 149 +++++++++++++++++++
3 files changed, 158 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
index 7efc356..b4fccf0 100644
--- a/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
+++ b/geode-pulse/src/main/webapp/WEB-INF/spring-security.xml
@@ -28,7 +28,6 @@
<csrf disabled="true"/>
<!-- Can be invoked w/o auth -->
<intercept-url pattern="/Login.html" access="permitAll" />
- <intercept-url pattern="/pulse/pulseVersion" access="permitAll" />
<intercept-url pattern="/pulse/authenticateUser" access="permitAll" />
<intercept-url pattern="/pulse/pulseProductSupport" access="permitAll" />
<!-- Can be invoked w/o auth -->
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java
index 709a831..ad8f67b 100644
--- a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java
+++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAbstractTest.java
@@ -198,7 +198,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
passwordElement.sendKeys(password);
passwordElement.submit();
- Thread.sleep(3000);
+ driver.get(pulseURL + "/clusterDetail.html");
WebElement userNameOnPulsePage = (new WebDriverWait(driver, 10)).until(new ExpectedCondition<WebElement>() {
@Override
public WebElement apply(WebDriver d) {
@@ -207,7 +207,6 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
});
assertNotNull(userNameOnPulsePage);
driver.navigate().refresh();
- Thread.sleep(7000);
}
private static void setUpWebDriver() {
@@ -229,6 +228,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
@Before
public void setup() throws Exception {
+ driver.get(pulseURL + "/clusterDetail.html");
// Make sure we go to the home page first
searchByXPathAndClick(PulseTestLocators.TopNavigation.clusterViewLinkXpath);
}
@@ -975,4 +975,11 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
// Assert data regions are displayed
assertTrue(driver.findElement(By.id("treeDemo_1")).isDisplayed());
}
+
+ @Test
+ public void userCannotGetToPulseDetails() {
+ driver.get(pulseURL + "/pulse/pulseVersion");
+
+ assertTrue(driver.getPageSource().contains("sourceRevision"));
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6054e004/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java
new file mode 100644
index 0000000..1cf4ad4
--- /dev/null
+++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/ui/PulseAnonymousUserTest.java
@@ -0,0 +1,149 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.geode.tools.pulse.tests.ui;
+
+import static org.assertj.core.api.Assertions.*;
+
+
+import java.io.InputStream;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import com.jayway.awaitility.Awaitility;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runners.MethodSorters;
+import org.openqa.selenium.By;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.phantomjs.PhantomJSDriver;
+import org.openqa.selenium.remote.DesiredCapabilities;
+import org.openqa.selenium.support.ui.ExpectedCondition;
+import org.openqa.selenium.support.ui.WebDriverWait;
+
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.management.internal.JettyHelper;
+import org.apache.geode.test.junit.categories.UITest;
+import org.apache.geode.tools.pulse.tests.PulseTestLocators;
+import org.apache.geode.tools.pulse.tests.Server;
+
+@Category(UITest.class)
+@FixMethodOrder(MethodSorters.JVM)
+public class PulseAnonymousUserTest {
+
+ private static String path;
+
+ private static org.eclipse.jetty.server.Server jetty = null;
+ private static Server server = null;
+ private static String pulseURL = null;
+ public static WebDriver driver;
+
+ @BeforeClass
+ public static void beforeClassSetup() throws Exception {
+ setUpServer("pulseUser", "12345", "pulse-auth.json");
+ }
+
+ @Before
+ public void setup(){
+ driver.get(pulseURL + "/clusterDetail.html");
+ }
+
+ @Test
+ public void userCanGetToPulseLoginPage() {
+ driver.get(pulseURL + "/Login.html");
+ System.err.println("Pulse url: " + pulseURL);
+ System.err.println(driver.getPageSource().toString());
+
+ WebElement userNameElement = driver.findElement(By.id("user_name"));
+ WebElement passwordElement = driver.findElement(By.id("user_password"));
+
+ assertThat(userNameElement).isNotNull();
+ assertThat(passwordElement).isNotNull();
+ }
+
+ @Test
+ public void userCannotGetToPulseDetails() {
+ driver.get(pulseURL + "/pulse/pulseVersion");
+
+ assertThat(driver.getPageSource()).doesNotContain("sourceRevision");
+ }
+
+ @AfterClass
+ public static void tearDownAfterClass() throws Exception {
+ driver.close();
+ jetty.stop();
+ }
+
+
+ public static void setUpServer(String username, String password, String jsonAuthFile) throws Exception {
+ ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+
+ final String jmxPropertiesFile = classLoader.getResource("test.properties").getPath();
+ path = getPulseWarPath();
+ server = Server.createServer(9999, jmxPropertiesFile, jsonAuthFile);
+
+ String host = "localhost";
+ int port = 8080;
+ String context = "/pulse";
+
+ jetty = JettyHelper.initJetty(host, port, new SSLConfig());
+ JettyHelper.addWebApplication(jetty, context, getPulseWarPath());
+ jetty.start();
+
+ pulseURL = "http://" + host + ":" + port + context;
+
+ Awaitility.await().until(() -> jetty.isStarted());
+
+ setUpWebDriver();
+ }
+
+ private static void setUpWebDriver() {
+ DesiredCapabilities capabilities = new DesiredCapabilities();
+ capabilities.setJavascriptEnabled(true);
+ capabilities.setCapability("takesScreenshot", true);
+ capabilities.setCapability("phantomjs.page.settings.userAgent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:16.0) Gecko/20121026 Firefox/16.0");
+
+ driver = new PhantomJSDriver(capabilities);
+ driver.manage().window().maximize();
+ driver.manage().timeouts().implicitlyWait(5, TimeUnit.SECONDS);
+ }
+
+ public static String getPulseWarPath() throws Exception {
+ String warPath = null;
+ ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+ InputStream inputStream = classLoader.getResourceAsStream("GemFireVersion.properties");
+ Properties properties = new Properties();
+ properties.load(inputStream);
+ String version = properties.getProperty("Product-Version");
+ warPath = "geode-pulse-" + version + ".war";
+ String propFilePath = classLoader.getResource("GemFireVersion.properties").getPath();
+ warPath = propFilePath.substring(0, propFilePath.indexOf("generated-resources")) + "libs/" + warPath;
+ return warPath;
+ }
+
+ protected void searchByXPathAndClick(String xpath) {
+ WebElement element = driver.findElement(By.xpath(xpath));
+ assertThat(element).isNotNull();
+ element.click();
+ }
+}