Search in sources :

Example 46 with TesterRequest

use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.

the class TestResponse method testBug53062n.

@Test
public void testBug53062n() throws Exception {
    Request req = new TesterRequest();
    Response resp = new Response();
    resp.setRequest(req);
    String result = resp.toAbsolute("./.#/../../");
    Assert.assertEquals("http://localhost:8080/level1/level2/#/../../", result);
}
Also used : HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TesterRequest(org.apache.tomcat.unittest.TesterRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TesterRequest(org.apache.tomcat.unittest.TesterRequest) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 47 with TesterRequest

use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.

the class TestResponse method testBug53062j.

@Test
public void testBug53062j() throws Exception {
    Request req = new TesterRequest();
    Response resp = new Response();
    resp.setRequest(req);
    String result = resp.toAbsolute("./..?x=/../../");
    Assert.assertEquals("http://localhost:8080/level1/?x=/../../", result);
}
Also used : HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TesterRequest(org.apache.tomcat.unittest.TesterRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TesterRequest(org.apache.tomcat.unittest.TesterRequest) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 48 with TesterRequest

use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.

the class TestResponse method testBug53062a.

@Test
public void testBug53062a() throws Exception {
    Request req = new TesterRequest();
    Response resp = new Response();
    resp.setRequest(req);
    String result = resp.toAbsolute("./bar.html");
    Assert.assertEquals("http://localhost:8080/level1/level2/bar.html", result);
}
Also used : HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TesterRequest(org.apache.tomcat.unittest.TesterRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TesterRequest(org.apache.tomcat.unittest.TesterRequest) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 49 with TesterRequest

use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.

the class TestResponsePerformance method testToAbsolutePerformance.

@Test
public void testToAbsolutePerformance() throws Exception {
    Request req = new TesterRequest();
    Response resp = new Response();
    resp.setRequest(req);
    // Warm up
    doHomebrew(resp);
    doUri();
    // Note: With Java 11 the 'homebrew' approach is consistently 3 to 4
    // times faster on both MacOS and Linux
    // To allow for timing differences between runs, a "best of n" approach
    // is taken for this test
    final int bestOf = 5;
    final int winTarget = (bestOf + 1) / 2;
    int homebrewWin = 0;
    int count = 0;
    while (count < bestOf && homebrewWin < winTarget) {
        long homebrew = doHomebrew(resp);
        long uri = doUri();
        log.info("Current 'home-brew': " + homebrew + "ms, Using URI: " + uri + "ms");
        if (homebrew < uri) {
            homebrewWin++;
        }
        count++;
    }
    Assert.assertTrue(homebrewWin == winTarget);
}
Also used : TesterRequest(org.apache.tomcat.unittest.TesterRequest) TesterRequest(org.apache.tomcat.unittest.TesterRequest) Test(org.junit.Test) LoggingBaseTest(org.apache.catalina.startup.LoggingBaseTest)

Example 50 with TesterRequest

use of org.apache.tomcat.unittest.TesterRequest in project tomcat by apache.

the class TestRealmBase method testHttpConstraint.

/*
     * This test case covers the special case in section 13.4.1 of the Servlet
     * 3.1 specification for {@link jakarta.servlet.annotation.HttpConstraint}.
     */
@Test
public void testHttpConstraint() throws IOException {
    // Get the annotation from the test case
    Class<TesterServletSecurity01> clazz = TesterServletSecurity01.class;
    ServletSecurity servletSecurity = clazz.getAnnotation(ServletSecurity.class);
    // Convert the annotation into constraints
    ServletSecurityElement servletSecurityElement = new ServletSecurityElement(servletSecurity);
    SecurityConstraint[] constraints = SecurityConstraint.createConstraints(servletSecurityElement, "/*");
    // Create a separate constraint that covers DELETE
    SecurityConstraint deleteConstraint = new SecurityConstraint();
    deleteConstraint.addAuthRole(ROLE1);
    SecurityCollection deleteCollection = new SecurityCollection();
    deleteCollection.addMethod("DELETE");
    deleteCollection.addPatternDecoded("/*");
    deleteConstraint.addCollection(deleteCollection);
    TesterMapRealm mapRealm = new TesterMapRealm();
    // Set up the mock request and response
    TesterRequest request = new TesterRequest();
    Response response = new TesterResponse();
    Context context = request.getContext();
    context.addSecurityRole(ROLE1);
    context.addSecurityRole(ROLE2);
    request.getMappingData().context = context;
    // Create the principals
    List<String> userRoles1 = new ArrayList<>();
    userRoles1.add(ROLE1);
    GenericPrincipal gp1 = new GenericPrincipal(USER1, userRoles1);
    List<String> userRoles2 = new ArrayList<>();
    userRoles2.add(ROLE2);
    GenericPrincipal gp2 = new GenericPrincipal(USER2, userRoles2);
    List<String> userRoles99 = new ArrayList<>();
    GenericPrincipal gp99 = new GenericPrincipal(USER99, userRoles99);
    // Add the constraints to the context
    for (SecurityConstraint constraint : constraints) {
        context.addConstraint(constraint);
    }
    context.addConstraint(deleteConstraint);
    // All users should be able to perform a GET
    request.setMethod("GET");
    SecurityConstraint[] constraintsGet = mapRealm.findSecurityConstraints(request, context);
    request.setUserPrincipal(null);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
    request.setUserPrincipal(gp1);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
    request.setUserPrincipal(gp2);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
    request.setUserPrincipal(gp99);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
    // Only user1 should be able to perform a POST as only that user has
    // role1.
    request.setMethod("POST");
    SecurityConstraint[] constraintsPost = mapRealm.findSecurityConstraints(request, context);
    request.setUserPrincipal(null);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
    request.setUserPrincipal(gp1);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
    request.setUserPrincipal(gp2);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
    request.setUserPrincipal(gp99);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
    // Only users with application roles (role1 or role2 so user1 or user2)
    // should be able to perform a PUT.
    request.setMethod("PUT");
    SecurityConstraint[] constraintsPut = mapRealm.findSecurityConstraints(request, context);
    request.setUserPrincipal(null);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
    request.setUserPrincipal(gp1);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
    request.setUserPrincipal(gp2);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
    request.setUserPrincipal(gp99);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
    // Any authenticated user should be able to perform a TRACE.
    request.setMethod("TRACE");
    SecurityConstraint[] constraintsTrace = mapRealm.findSecurityConstraints(request, context);
    request.setUserPrincipal(null);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
    request.setUserPrincipal(gp1);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
    request.setUserPrincipal(gp2);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
    request.setUserPrincipal(gp99);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsTrace, null));
    // Only user1 should be able to perform a DELETE as only that user has
    // role1.
    request.setMethod("DELETE");
    SecurityConstraint[] constraintsDelete = mapRealm.findSecurityConstraints(request, context);
    request.setUserPrincipal(null);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
    request.setUserPrincipal(gp1);
    Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
    request.setUserPrincipal(gp2);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
    request.setUserPrincipal(gp99);
    Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
}
Also used : Context(org.apache.catalina.Context) TesterContext(org.apache.tomcat.unittest.TesterContext) ServletSecurity(jakarta.servlet.annotation.ServletSecurity) ArrayList(java.util.ArrayList) TesterResponse(org.apache.tomcat.unittest.TesterResponse) ServletSecurityElement(jakarta.servlet.ServletSecurityElement) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) TesterResponse(org.apache.tomcat.unittest.TesterResponse) Response(org.apache.catalina.connector.Response) TesterMapRealm(org.apache.catalina.startup.TesterMapRealm) TesterRequest(org.apache.tomcat.unittest.TesterRequest) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection) Test(org.junit.Test)

Aggregations

TesterRequest (org.apache.tomcat.unittest.TesterRequest)50 Test (org.junit.Test)46 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)42 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)20 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)20 HttpServletRequest (javax.servlet.http.HttpServletRequest)20 HttpServletResponse (javax.servlet.http.HttpServletResponse)20 Locale (java.util.Locale)4 TesterContext (org.apache.tomcat.unittest.TesterContext)3 ArrayList (java.util.ArrayList)2 Context (org.apache.catalina.Context)2 Response (org.apache.catalina.connector.Response)2 LoggingBaseTest (org.apache.catalina.startup.LoggingBaseTest)2 TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)2 TesterResponse (org.apache.tomcat.unittest.TesterResponse)2 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)2 ServletSecurityElement (jakarta.servlet.ServletSecurityElement)1 ServletSecurity (jakarta.servlet.annotation.ServletSecurity)1 URI (java.net.URI)1 HashSet (java.util.HashSet)1