You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/10/11 15:43:54 UTC

svn commit: r1021345 - /sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java

Author: fmeschbe
Date: Mon Oct 11 13:43:54 2010
New Revision: 1021345

URL: http://svn.apache.org/viewvc?rev=1021345&view=rev
Log:
SLING-1831 introduce utility method for comparing the X-Reason header with the response content and add test to validate a login loop is replied to with 403 in case of unsuccessful authentication

Modified:
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java?rev=1021345&r1=1021344&r2=1021345&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java (original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java Mon Oct 11 13:43:54 2010
@@ -29,6 +29,7 @@ import org.apache.commons.httpclient.Htt
 import org.apache.commons.httpclient.NameValuePair;
 import org.apache.commons.httpclient.UsernamePasswordCredentials;
 import org.apache.commons.httpclient.auth.AuthScope;
+import org.apache.commons.httpclient.methods.GetMethod;
 import org.apache.commons.httpclient.methods.PostMethod;
 import org.apache.sling.commons.testing.integration.HttpTestBase;
 
@@ -80,13 +81,7 @@ public class AuthenticationResponseCodeT
         headers.add(new Header("Cookie", "sling.formauth=garbage"));
 
         HttpMethod post = assertPostStatus(HTTP_BASE_URL + "/j_security_check", HttpServletResponse.SC_FORBIDDEN, params, headers, null);
-
-        // expected the X-Reason header
-        final Header reason = post.getResponseHeader("X-Reason");
-        assertNotNull(reason);
-
-        // expect the response to be the same as the reason (SLING-1831)
-        assertEquals(reason.getValue(), post.getResponseBodyAsString().trim());
+        assertXReason(post);
     }
 
     public void testValidatingIncorrectHttpBasicCredentials() throws Exception {
@@ -99,22 +94,26 @@ public class AuthenticationResponseCodeT
         List<NameValuePair> params = new ArrayList<NameValuePair>();
         params.add(new NameValuePair("j_validate", "true"));
         HttpMethod post = assertPostStatus(HTTP_BASE_URL + "/j_security_check", HttpServletResponse.SC_FORBIDDEN, params, null);
-
-        // expected the X-Reason header
-        Header reason = post.getResponseHeader("X-Reason");
-        assertNotNull(reason);
-
-        // expect the response to be the same as the reason (SLING-1831)
-        assertEquals(reason.getValue(), post.getResponseBodyAsString().trim());
+        assertXReason(post);
 
         HttpMethod get = assertHttpStatus(HTTP_BASE_URL + "?j_validate=true", HttpServletResponse.SC_FORBIDDEN);
+        assertXReason(get);
+    }
 
-        // expected the X-Reason header
-        reason = post.getResponseHeader("X-Reason");
-        assertNotNull(reason);
+    public void testPreventLoopIncorrectHttpBasicCredentials() throws Exception {
 
-        // expect the response to be the same as the reason (SLING-1831)
-        assertEquals(reason.getValue(), post.getResponseBodyAsString().trim());
+        // assume http and webdav are on the same host + port
+        URL url = new URL(HTTP_BASE_URL);
+        Credentials defaultcreds = new UsernamePasswordCredentials("garbage", "garbage");
+        httpClient.getState().setCredentials(new AuthScope(url.getHost(), url.getPort(), AuthScope.ANY_REALM), defaultcreds);
+
+        final String requestUrl = HTTP_BASE_URL + "/junk?param1=1";
+        HttpMethod get = new GetMethod(requestUrl);
+        get.setRequestHeader("Referer", requestUrl);
+        get.setRequestHeader("Accept", "text/*"); // simulate a browser request
+        int status = httpClient.executeMethod(get);
+        assertEquals(HttpServletResponse.SC_FORBIDDEN, status);
+        assertXReason(get);
     }
 
     public void testXRequestedWithIncorrectCredentials() throws Exception {
@@ -196,4 +195,12 @@ public class AuthenticationResponseCodeT
         return post;
     }
 
+    private void assertXReason(final HttpMethod method) throws IOException {
+        // expected the X-Reason header
+        final Header reason = method.getResponseHeader("X-Reason");
+        assertNotNull(reason);
+
+        // expect the response to be the same as the reason (SLING-1831)
+        assertEquals(reason.getValue(), method.getResponseBodyAsString().trim());
+    }
 }