You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/16 17:26:10 UTC
[1/2] cxf-fediz git commit: Minor tweak to test
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes 767b5eacf -> 3164f0405
Minor tweak to test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/94a6178e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/94a6178e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/94a6178e
Branch: refs/heads/1.2.x-fixes
Commit: 94a6178efe786bb87db5eb5082ef5cdd108aa19f
Parents: 767b5ea
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 16 16:27:43 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 16 17:25:58 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/integrationtests/AbstractTests.java | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a6178e/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 1051db5..f1b92c3 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -675,11 +675,11 @@ public abstract class AbstractTests {
|| ex.getMessage().contains("403 Forbidden"));
}
}
-
+
@org.junit.Test
@org.junit.Ignore
public void testCSRFAttack() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
@@ -734,7 +734,10 @@ public abstract class AbstractTests {
webClient.getOptions().setJavaScriptEnabled(false);
try {
- webClient.getPage(request);
+ HtmlPage rpPage2 = webClient.getPage(request);
+ String bodyTextContent = rpPage2.getBody().getTextContent();
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
Assert.fail("Failure expected on a CSRF attack");
} catch (FailingHttpStatusCodeException ex) {
// expected
@@ -754,13 +757,13 @@ public abstract class AbstractTests {
webClient.getOptions().setJavaScriptEnabled(false);
try {
- webClient.getPage(request);
+ HtmlPage rpPage2 = webClient.getPage(request);
+ String bodyTextContent = rpPage2.getBody().getTextContent();
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
Assert.fail("Failure expected on a CSRF attack");
} catch (FailingHttpStatusCodeException ex) {
// expected
- Assert.assertTrue(ex.getMessage().contains("401 Unauthorized")
- || ex.getMessage().contains("401 Authentication Failed")
- || ex.getMessage().contains("403 Forbidden"));
}
// webClient.close();
[2/2] cxf-fediz git commit: Another change to the test
Posted by co...@apache.org.
Another change to the test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3164f040
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3164f040
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3164f040
Branch: refs/heads/1.2.x-fixes
Commit: 3164f0405f644cac5bf1fbcc64da58392e696df1
Parents: 94a6178
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 16 16:56:55 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 16 17:26:06 2016 +0000
----------------------------------------------------------------------
.../fediz/integrationtests/AbstractTests.java | 27 +++-----------------
1 file changed, 3 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3164f040/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index f1b92c3..3481c34 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -732,30 +732,6 @@ public abstract class AbstractTests {
}
}
- webClient.getOptions().setJavaScriptEnabled(false);
- try {
- HtmlPage rpPage2 = webClient.getPage(request);
- String bodyTextContent = rpPage2.getBody().getTextContent();
- Assert.assertTrue("Principal not " + user,
- bodyTextContent.contains("userPrincipal=" + user));
- Assert.fail("Failure expected on a CSRF attack");
- } catch (FailingHttpStatusCodeException ex) {
- // expected
- }
-
- // Send without context...
- request = new WebRequest(new URL(url), HttpMethod.POST);
- request.setRequestParameters(new ArrayList<NameValuePair>());
-
- for (DomElement result : results) {
- if ("wresult".equals(result.getAttributeNS(null, "name"))
- || "wa".equals(result.getAttributeNS(null, "name"))) {
- String value = result.getAttributeNS(null, "value");
- request.getRequestParameters().add(new NameValuePair(result.getAttributeNS(null, "name"), value));
- }
- }
-
- webClient.getOptions().setJavaScriptEnabled(false);
try {
HtmlPage rpPage2 = webClient.getPage(request);
String bodyTextContent = rpPage2.getBody().getTextContent();
@@ -764,6 +740,9 @@ public abstract class AbstractTests {
Assert.fail("Failure expected on a CSRF attack");
} catch (FailingHttpStatusCodeException ex) {
// expected
+ Assert.assertTrue(ex.getMessage().contains("401 Unauthorized")
+ || ex.getMessage().contains("401 Authentication Failed")
+ || ex.getMessage().contains("403 Forbidden"));
}
// webClient.close();