use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_7.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-7
* @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"),
* httpMethodConstraints = @HttpMethodConstraint(value="TRACE",
* emptyRoleSemantic = EmptyRoleSemantic.DENY))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_7() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("TRACE", new HttpConstraintElement(EmptyRoleSemantic.DENY)));
ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
Assert.assertEquals("TRACE", mappings.get(0).getMethodOmissions()[0]);
Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertEquals("TRACE", mappings.get(1).getMethod());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertTrue(mappings.get(1).getConstraint().isForbidden());
}
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_6.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-6
* @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"), httpMethodConstraints = @HttpMethodConstraint("GET"))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_6() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("GET"));
ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
Assert.assertEquals("GET", mappings.get(0).getMethodOmissions()[0]);
Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertEquals("GET", mappings.get(1).getMethod());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertFalse(mappings.get(1).getConstraint().getAuthenticate());
}
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_5.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-5
* @ServletSecurity((httpMethodConstraints = {
* @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"),
* @HttpMethodConstraint(value = "POST", rolesAllowed = "R1",
* transportGuarantee = TransportGuarantee.CONFIDENTIAL)})
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_5() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("GET", new HttpConstraintElement(TransportGuarantee.NONE, "R1")));
methodElements.add(new HttpMethodConstraintElement("POST", new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL, "R1")));
ServletSecurityElement element = new ServletSecurityElement(methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertEquals("GET", mappings.get(0).getMethod());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertTrue(mappings.get(0).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(0).getConstraint().getDataConstraint());
Assert.assertEquals("POST", mappings.get(1).getMethod());
Assert.assertEquals("R1", mappings.get(1).getConstraint().getRoles()[0]);
Assert.assertEquals(2, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
}
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_3.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-3
* @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_3() throws Exception {
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(EmptyRoleSemantic.DENY);
ServletSecurityElement element = new ServletSecurityElement(httpConstraintElement);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(1, mappings.size());
ConstraintMapping mapping = mappings.get(0);
Assert.assertTrue(mapping.getConstraint().isForbidden());
}
use of javax.servlet.HttpConstraintElement in project tomcat70 by apache.
the class TestSecurityConstraint method testCreateConstraints.
/**
* Uses the examples in SRV.13.4 as the basis for these tests
*/
@Test
public void testCreateConstraints() {
ServletSecurityElement element;
SecurityConstraint[] result;
Set<HttpMethodConstraintElement> hmces = new HashSet<HttpMethodConstraintElement>();
// Example 13-1
// @ServletSecurity
element = new ServletSecurityElement();
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(0, result.length);
// Example 13-2
// @ServletSecurity(
// @HttpConstraint(
// transportGuarantee = TransportGuarantee.CONFIDENTIAL))
element = new ServletSecurityElement(new HttpConstraintElement(ServletSecurity.TransportGuarantee.CONFIDENTIAL));
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(1, result.length);
Assert.assertFalse(result[0].getAuthConstraint());
Assert.assertTrue(result[0].findCollections()[0].findPattern(URL_PATTERN));
Assert.assertEquals(0, result[0].findCollections()[0].findMethods().length);
Assert.assertEquals(ServletSecurity.TransportGuarantee.CONFIDENTIAL.name(), result[0].getUserConstraint());
// Example 13-3
// @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY))
element = new ServletSecurityElement(new HttpConstraintElement(EmptyRoleSemantic.DENY));
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(1, result.length);
Assert.assertTrue(result[0].getAuthConstraint());
Assert.assertTrue(result[0].findCollections()[0].findPattern(URL_PATTERN));
Assert.assertEquals(0, result[0].findCollections()[0].findMethods().length);
Assert.assertEquals(ServletSecurity.TransportGuarantee.NONE.name(), result[0].getUserConstraint());
// Example 13-4
// @ServletSecurity(@HttpConstraint(rolesAllowed = "R1"))
element = new ServletSecurityElement(new HttpConstraintElement(ServletSecurity.TransportGuarantee.NONE, ROLE1));
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(1, result.length);
Assert.assertTrue(result[0].getAuthConstraint());
Assert.assertEquals(1, result[0].findAuthRoles().length);
Assert.assertTrue(result[0].findAuthRole(ROLE1));
Assert.assertTrue(result[0].findCollections()[0].findPattern(URL_PATTERN));
Assert.assertEquals(0, result[0].findCollections()[0].findMethods().length);
Assert.assertEquals(ServletSecurity.TransportGuarantee.NONE.name(), result[0].getUserConstraint());
// Example 13-5
// @ServletSecurity((httpMethodConstraints = {
// @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"),
// @HttpMethodConstraint(value = "POST", rolesAllowed = "R1",
// transportGuarantee = TransportGuarantee.CONFIDENTIAL)
// })
hmces.clear();
hmces.add(new HttpMethodConstraintElement("GET", new HttpConstraintElement(ServletSecurity.TransportGuarantee.NONE, ROLE1)));
hmces.add(new HttpMethodConstraintElement("POST", new HttpConstraintElement(ServletSecurity.TransportGuarantee.CONFIDENTIAL, ROLE1)));
element = new ServletSecurityElement(hmces);
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(2, result.length);
for (int i = 0; i < 2; i++) {
Assert.assertTrue(result[i].getAuthConstraint());
Assert.assertEquals(1, result[i].findAuthRoles().length);
Assert.assertTrue(result[i].findAuthRole(ROLE1));
Assert.assertTrue(result[i].findCollections()[0].findPattern(URL_PATTERN));
Assert.assertEquals(1, result[i].findCollections()[0].findMethods().length);
String method = result[i].findCollections()[0].findMethods()[0];
if ("GET".equals(method)) {
Assert.assertEquals(ServletSecurity.TransportGuarantee.NONE.name(), result[i].getUserConstraint());
} else if ("POST".equals(method)) {
Assert.assertEquals(ServletSecurity.TransportGuarantee.CONFIDENTIAL.name(), result[i].getUserConstraint());
} else {
Assert.fail("Unexpected method :[" + method + "]");
}
}
// Example 13-6
// @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"),
// httpMethodConstraints = @HttpMethodConstraint("GET"))
hmces.clear();
hmces.add(new HttpMethodConstraintElement("GET"));
element = new ServletSecurityElement(new HttpConstraintElement(ServletSecurity.TransportGuarantee.NONE, ROLE1), hmces);
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(2, result.length);
for (int i = 0; i < 2; i++) {
Assert.assertTrue(result[i].findCollections()[0].findPattern(URL_PATTERN));
if (result[i].findCollections()[0].findMethods().length == 1) {
Assert.assertEquals("GET", result[i].findCollections()[0].findMethods()[0]);
Assert.assertFalse(result[i].getAuthConstraint());
} else if (result[i].findCollections()[0].findOmittedMethods().length == 1) {
Assert.assertEquals("GET", result[i].findCollections()[0].findOmittedMethods()[0]);
Assert.assertTrue(result[i].getAuthConstraint());
Assert.assertEquals(1, result[i].findAuthRoles().length);
Assert.assertEquals(ROLE1, result[i].findAuthRoles()[0]);
} else {
Assert.fail("Unexpected number of methods defined");
}
Assert.assertEquals(ServletSecurity.TransportGuarantee.NONE.name(), result[i].getUserConstraint());
}
// Example 13-7
// @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"),
// httpMethodConstraints = @HttpMethodConstraint(value="TRACE",
// emptyRoleSemantic = EmptyRoleSemantic.DENY))
hmces.clear();
hmces.add(new HttpMethodConstraintElement("TRACE", new HttpConstraintElement(EmptyRoleSemantic.DENY)));
element = new ServletSecurityElement(new HttpConstraintElement(ServletSecurity.TransportGuarantee.NONE, ROLE1), hmces);
result = SecurityConstraint.createConstraints(element, URL_PATTERN);
Assert.assertEquals(2, result.length);
for (int i = 0; i < 2; i++) {
Assert.assertTrue(result[i].findCollections()[0].findPattern(URL_PATTERN));
if (result[i].findCollections()[0].findMethods().length == 1) {
Assert.assertEquals("TRACE", result[i].findCollections()[0].findMethods()[0]);
Assert.assertTrue(result[i].getAuthConstraint());
Assert.assertEquals(0, result[i].findAuthRoles().length);
} else if (result[i].findCollections()[0].findOmittedMethods().length == 1) {
Assert.assertEquals("TRACE", result[i].findCollections()[0].findOmittedMethods()[0]);
Assert.assertTrue(result[i].getAuthConstraint());
Assert.assertEquals(1, result[i].findAuthRoles().length);
Assert.assertEquals(ROLE1, result[i].findAuthRoles()[0]);
} else {
Assert.fail("Unexpected number of methods defined");
}
Assert.assertEquals(ServletSecurity.TransportGuarantee.NONE.name(), result[i].getUserConstraint());
}
// Example 13-8 is the same as 13-4
// Example 13-9 is the same as 13-7
}
Aggregations