use of org.apache.tapestry5.services.security.ClientWhitelist in project tapestry-5 by apache.
the class ComponentEventDispatcherTest method request_for_whitelist_only_page_from_client_not_on_whitelist.
@Test
public void request_for_whitelist_only_page_from_client_not_on_whitelist() throws IOException {
String requestPath = "/foo/MyPage:anevent";
String localeName = "foo";
String containerPageName = "foo/MyPage";
ComponentRequestHandler handler = mockComponentRequestHandler();
Request request = mockRequest();
Response response = mockResponse();
ComponentClassResolver resolver = mockComponentClassResolver();
LocalizationSetter localizationSetter = mockLocalizationSetter();
MetaDataLocator metaDataLocator = newMock(MetaDataLocator.class);
ClientWhitelist whitelist = newMock(ClientWhitelist.class);
train_getPath(request, requestPath);
expect(localizationSetter.isSupportedLocaleName("foo")).andReturn(false);
train_isPageName(resolver, containerPageName, true);
train_canonicalizePageName(resolver, containerPageName, containerPageName);
expect(metaDataLocator.findMeta(MetaDataConstants.WHITELIST_ONLY_PAGE, containerPageName, boolean.class)).andReturn(true);
expect(whitelist.isClientRequestOnWhitelist()).andReturn(false);
replay();
Dispatcher dispatcher = new ComponentEventDispatcher(handler, new ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, localizationSetter, response, null, null, null, true, null, "", metaDataLocator, whitelist));
assertFalse(dispatcher.dispatch(request, response));
verify();
}
use of org.apache.tapestry5.services.security.ClientWhitelist in project tapestry-5 by apache.
the class ComponentEventLinkEncoderImplTest method page_requires_whitelist_and_client_on_whitelist.
@Test
public void page_requires_whitelist_and_client_on_whitelist() throws Exception {
ComponentClassResolver resolver = mockComponentClassResolver();
Request request = mockRequest(false);
LocalizationSetter ls = mockLocalizationSetter();
MetaDataLocator metaDataLocator = mockMetaDataLocator();
ClientWhitelist whitelist = newMock(ClientWhitelist.class);
String path = "/foo/Bar";
train_getPath(request, path);
train_setLocaleFromLocaleName(ls, "foo", false);
train_isPageName(resolver, "foo/Bar", true);
train_canonicalizePageName(resolver, "foo/Bar", "foo/bar");
expect(metaDataLocator.findMeta(MetaDataConstants.WHITELIST_ONLY_PAGE, "foo/bar", boolean.class)).andReturn(true);
expect(whitelist.isClientRequestOnWhitelist()).andReturn(true);
replay();
ComponentEventLinkEncoderImpl linkEncoder = new ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, ls, null, null, null, null, true, null, "", metaDataLocator, whitelist);
PageRenderRequestParameters parameters = linkEncoder.decodePageRenderRequest(request);
assertEquals(parameters.getLogicalPageName(), "foo/bar");
assertEquals(parameters.getActivationContext().getCount(), 0);
assertFalse(parameters.isLoopback());
verify();
}
use of org.apache.tapestry5.services.security.ClientWhitelist in project tapestry-5 by apache.
the class ComponentEventLinkEncoderImplTest method page_requires_whitelist_and_client_not_on_whitelist.
@Test
public void page_requires_whitelist_and_client_not_on_whitelist() {
ComponentClassResolver resolver = mockComponentClassResolver();
Request request = mockRequest();
LocalizationSetter ls = mockLocalizationSetter();
MetaDataLocator metaDataLocator = mockMetaDataLocator();
ClientWhitelist whitelist = newMock(ClientWhitelist.class);
String path = "/foo/Bar";
train_getPath(request, path);
train_setLocaleFromLocaleName(ls, "foo", false);
train_isPageName(resolver, "foo/Bar", true);
train_canonicalizePageName(resolver, "foo/Bar", "foo/bar");
expect(metaDataLocator.findMeta(MetaDataConstants.WHITELIST_ONLY_PAGE, "foo/bar", boolean.class)).andReturn(true);
expect(whitelist.isClientRequestOnWhitelist()).andReturn(false);
train_isPageName(resolver, "foo", false);
train_isPageName(resolver, "", false);
replay();
ComponentEventLinkEncoderImpl linkEncoder = new ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, ls, null, null, null, null, true, null, "", metaDataLocator, whitelist);
assertNull(linkEncoder.decodePageRenderRequest(request));
verify();
}
use of org.apache.tapestry5.services.security.ClientWhitelist in project tapestry-5 by apache.
the class ComponentEventDispatcherTest method request_for_whitelist_only_page_from_valid_client.
@Test
public void request_for_whitelist_only_page_from_valid_client() throws IOException {
String containerPageName = "foo/MyPage";
ComponentRequestHandler handler = mockComponentRequestHandler();
Request request = mockRequest();
Response response = mockResponse();
ComponentClassResolver resolver = mockComponentClassResolver();
LocalizationSetter localizationSetter = mockLocalizationSetter();
MetaDataLocator metaDataLocator = newMock(MetaDataLocator.class);
ClientWhitelist whitelist = newMock(ClientWhitelist.class);
ComponentEventRequestParameters expectedParameters = new ComponentEventRequestParameters(containerPageName, containerPageName, "", "anevent", new EmptyEventContext(), new EmptyEventContext());
train_getPath(request, "/foo/MyPage:anevent");
expect(localizationSetter.isSupportedLocaleName("foo")).andReturn(false);
train_isPageName(resolver, containerPageName, true);
train_canonicalizePageName(resolver, containerPageName, containerPageName);
expect(metaDataLocator.findMeta(MetaDataConstants.WHITELIST_ONLY_PAGE, containerPageName, boolean.class)).andReturn(true);
expect(whitelist.isClientRequestOnWhitelist()).andReturn(true);
train_getParameter(request, InternalConstants.PAGE_CONTEXT_NAME, null);
train_getParameter(request, InternalConstants.CONTAINER_PAGE_NAME, null);
expect(request.getAttribute(InternalConstants.REFERENCED_COMPONENT_NOT_FOUND)).andStubReturn(null);
train_for_request_locale(request, localizationSetter);
handler.handleComponentEvent(expectedParameters);
replay();
Dispatcher dispatcher = new ComponentEventDispatcher(handler, new ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, localizationSetter, response, null, null, null, true, null, "", metaDataLocator, whitelist));
assertTrue(dispatcher.dispatch(request, response));
verify();
}
Aggregations