use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.
the class TestResponse method testBug53062n.
@Test
public void testBug53062n() throws Exception {
Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
String result = resp.toAbsolute("./.#/../../");
Assert.assertEquals("http://localhost:8080/level1/level2/#/../../", result);
}
use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.
the class TestResponse method testBug53062j.
@Test
public void testBug53062j() throws Exception {
Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
String result = resp.toAbsolute("./..?x=/../../");
Assert.assertEquals("http://localhost:8080/level1/?x=/../../", result);
}
use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.
the class TestResponse method testBug53062a.
@Test
public void testBug53062a() throws Exception {
Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
String result = resp.toAbsolute("./bar.html");
Assert.assertEquals("http://localhost:8080/level1/level2/bar.html", result);
}
use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.
the class TestResponsePerformance method testToAbsolutePerformance.
@Test
public void testToAbsolutePerformance() throws Exception {
Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
// Warm up
doHomebrew(resp);
doUri();
// Note: With Java 11 the 'homebrew' approach is consistently 3 to 4
// times faster on both MacOS and Linux
// To allow for timing differences between runs, a "best of n" approach
// is taken for this test
final int bestOf = 5;
final int winTarget = (bestOf + 1) / 2;
int homebrewWin = 0;
int count = 0;
while (count < bestOf && homebrewWin < winTarget) {
long homebrew = doHomebrew(resp);
long uri = doUri();
log.info("Current 'home-brew': " + homebrew + "ms, Using URI: " + uri + "ms");
if (homebrew < uri) {
homebrewWin++;
}
count++;
}
Assert.assertTrue(homebrewWin == winTarget);
}
use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.
the class TestRealmBase method testHttpConstraint.
/*
* This test case covers the special case in section 13.4.1 of the Servlet
* 3.1 specification for {@link jakarta.servlet.annotation.HttpConstraint}.
*/
@Test
public void testHttpConstraint() throws IOException {
// Get the annotation from the test case
Class<TesterServletSecurity01> clazz = TesterServletSecurity01.class;
ServletSecurity servletSecurity = clazz.getAnnotation(ServletSecurity.class);
// Convert the annotation into constraints
ServletSecurityElement servletSecurityElement = new ServletSecurityElement(servletSecurity);
SecurityConstraint[] constraints = SecurityConstraint.createConstraints(servletSecurityElement, "/*");
// Create a separate constraint that covers DELETE
SecurityConstraint deleteConstraint = new SecurityConstraint();
deleteConstraint.addAuthRole(ROLE1);
SecurityCollection deleteCollection = new SecurityCollection();
deleteCollection.addMethod("DELETE");
deleteCollection.addPatternDecoded("/*");
deleteConstraint.addCollection(deleteCollection);
TesterMapRealm mapRealm = new TesterMapRealm();
// Set up the mock request and response
TesterRequest request = new TesterRequest();
Response response = new TesterResponse();
Context context = request.getContext();
context.addSecurityRole(ROLE1);
context.addSecurityRole(ROLE2);
request.getMappingData().context = context;
// Create the principals
List<String> userRoles1 = new ArrayList<>();
userRoles1.add(ROLE1);
GenericPrincipal gp1 = new GenericPrincipal(USER1, userRoles1);
List<String> userRoles2 = new ArrayList<>();
userRoles2.add(ROLE2);
GenericPrincipal gp2 = new GenericPrincipal(USER2, userRoles2);
List<String> userRoles99 = new ArrayList<>();
GenericPrincipal gp99 = new GenericPrincipal(USER99, userRoles99);
// Add the constraints to the context
for (SecurityConstraint constraint : constraints) {
context.addConstraint(constraint);
}
context.addConstraint(deleteConstraint);
// All users should be able to perform a GET
request.setMethod("GET");
SecurityConstraint[] constraintsGet = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp2);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp99);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
// Only user1 should be able to perform a POST as only that user has
// role1.
request.setMethod("POST");
SecurityConstraint[] constraintsPost = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp2);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
// Only users with application roles (role1 or role2 so user1 or user2)
// should be able to perform a PUT.
request.setMethod("PUT");
SecurityConstraint[] constraintsPut = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp2);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
// Any authenticated user should be able to perform a TRACE.
request.setMethod("TRACE");
SecurityConstraint[] constraintsTrace = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
request.setUserPrincipal(gp2);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
request.setUserPrincipal(gp99);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
// Only user1 should be able to perform a DELETE as only that user has
// role1.
request.setMethod("DELETE");
SecurityConstraint[] constraintsDelete = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp2);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
}
Aggregations