You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by fm...@apache.org on 2011/12/15 15:47:35 UTC

svn commit: r1214794 - /sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java

Author: fmeschbe
Date: Thu Dec 15 14:47:35 2011
New Revision: 1214794

URL: http://svn.apache.org/viewvc?rev=1214794&view=rev
Log:
SLING-2329 Fix loop prevention
  - add a test simulating a request loop with invalid credentials -> expect 403/FORBIDDEN

Modified:
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java?rev=1214794&r1=1214793&r2=1214794&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java (original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java Thu Dec 15 14:47:35 2011
@@ -115,6 +115,21 @@ public class AuthenticationResponseCodeT
         assertEquals(HttpServletResponse.SC_UNAUTHORIZED, status);
     }
 
+    public void testPreventLoopIncorrectFormCredentials() throws Exception {
+        List<NameValuePair> params = new ArrayList<NameValuePair>();
+        params.add(new NameValuePair("j_username", "garbage"));
+        params.add(new NameValuePair("j_password", "garbage"));
+
+        final String requestUrl = HTTP_BASE_URL + "/j_security_check";
+        List<Header> headers = new ArrayList<Header>();
+        headers.add(new Header("Referer", requestUrl));
+        headers.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
+
+        HttpMethod post = assertPostStatus(requestUrl, HttpServletResponse.SC_FORBIDDEN, params, headers, null);
+        assertNotNull(post.getResponseHeader("X-Reason"));
+        assertEquals("Username and Password do not match", post.getResponseHeader("X-Reason").getValue());
+    }
+
     public void testXRequestedWithIncorrectCredentials() throws Exception {
         List<NameValuePair> params = new ArrayList<NameValuePair>();
         params.add(new NameValuePair("j_username", "garbage"));