You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/12/15 15:47:35 UTC
svn commit: r1214794 -
/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
Author: fmeschbe
Date: Thu Dec 15 14:47:35 2011
New Revision: 1214794
URL: http://svn.apache.org/viewvc?rev=1214794&view=rev
Log:
SLING-2329 Fix loop prevention
- add a test simulating a request loop with invalid credentials -> expect 403/FORBIDDEN
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java?rev=1214794&r1=1214793&r2=1214794&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java (original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java Thu Dec 15 14:47:35 2011
@@ -115,6 +115,21 @@ public class AuthenticationResponseCodeT
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, status);
}
+ public void testPreventLoopIncorrectFormCredentials() throws Exception {
+ List<NameValuePair> params = new ArrayList<NameValuePair>();
+ params.add(new NameValuePair("j_username", "garbage"));
+ params.add(new NameValuePair("j_password", "garbage"));
+
+ final String requestUrl = HTTP_BASE_URL + "/j_security_check";
+ List<Header> headers = new ArrayList<Header>();
+ headers.add(new Header("Referer", requestUrl));
+ headers.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
+
+ HttpMethod post = assertPostStatus(requestUrl, HttpServletResponse.SC_FORBIDDEN, params, headers, null);
+ assertNotNull(post.getResponseHeader("X-Reason"));
+ assertEquals("Username and Password do not match", post.getResponseHeader("X-Reason").getValue());
+ }
+
public void testXRequestedWithIncorrectCredentials() throws Exception {
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new NameValuePair("j_username", "garbage"));