Example 11 with UnauthorizedException
use of org.apache.archiva.redback.authorization.UnauthorizedException in project archiva by apache.
the class RepositoryServletSecurityTest method testPutWithValidUserWithNoWriteAccess.
// test deploy with a valid user with no write access
@Test
public void testPutWithValidUserWithNoWriteAccess() throws Exception {
servlet.setDavSessionProvider(davSessionProvider);
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
archivaDavResourceFactory.setHttpAuth(httpAuth);
archivaDavResourceFactory.setServletAuth(servletAuth);
servlet.setResourceFactory(archivaDavResourceFactory);
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), anyObject(AuthenticationResult.class))).andReturn(true);
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
EasyMock.expect(httpAuth.getSecuritySession(mockHttpServletRequest.getSession(true))).andReturn(session);
EasyMock.expect(httpAuth.getSessionUser(mockHttpServletRequest.getSession())).andReturn(new SimpleUser());
EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), eq(result))).andReturn(true);
EasyMock.expect(servletAuth.isAuthorized(anyObject(HttpServletRequest.class), eq(session), eq("internal"), eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD))).andThrow(new UnauthorizedException("User not authorized"));
httpAuthControl.replay();
servletAuthControl.replay();
InputStream is = getClass().getResourceAsStream("/artifact.jar");
assertNotNull("artifact.jar inputstream", is);
mockHttpServletRequest.addHeader("User-Agent", "foo");
mockHttpServletRequest.setMethod("PUT");
mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
mockHttpServletRequest.setContentType("application/octet-stream");
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service(mockHttpServletRequest, mockHttpServletResponse);
httpAuthControl.verify();
servletAuthControl.verify();
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SimpleUser(org.apache.archiva.redback.users.memory.SimpleUser)
SecuritySession(org.apache.archiva.redback.system.SecuritySession)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
InputStream(java.io.InputStream)
UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Test(org.junit.Test)
Example 12 with UnauthorizedException
use of org.apache.archiva.redback.authorization.UnauthorizedException in project archiva by apache.
the class RepositoryServletSecurityTest method testPutWithInvalidUserAndGuestHasNoWriteAccess.
// test deploy with invalid user, and guest has no write access to repo
// 401 must be returned
@Test
public void testPutWithInvalidUserAndGuestHasNoWriteAccess() throws Exception {
InputStream is = getClass().getResourceAsStream("/artifact.jar");
assertNotNull("artifact.jar inputstream", is);
servlet.setDavSessionProvider(davSessionProvider);
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
servletAuth.isAuthenticated(EasyMock.anyObject(HttpServletRequest.class), EasyMock.anyObject(AuthenticationResult.class));
EasyMock.expectLastCall().andThrow(new AuthenticationException("Authentication error"));
servletAuth.isAuthorized("guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
EasyMock.expectLastCall().andThrow(new UnauthorizedException("'guest' has no write access to repository"));
httpAuthControl.replay();
servletAuthControl.replay();
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.addHeader("User-Agent", "foo");
mockHttpServletRequest.setMethod("PUT");
mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
mockHttpServletRequest.setContentType("application/octet-stream");
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service(mockHttpServletRequest, mockHttpServletResponse);
httpAuthControl.verify();
servletAuthControl.verify();
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException)
InputStream(java.io.InputStream)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Test(org.junit.Test)
Aggregations
UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)12
AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)9
SecuritySession (org.apache.archiva.redback.system.SecuritySession)7
DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)5
Test (org.junit.Test)5
AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)4
Path (java.nio.file.Path)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)3
AccountLockedException (org.apache.archiva.redback.policy.AccountLockedException)3
MustChangePasswordException (org.apache.archiva.redback.policy.MustChangePasswordException)3
User (org.apache.archiva.redback.users.User)3
DavException (org.apache.jackrabbit.webdav.DavException)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
