Example 11 with TesterResponse
use of org.apache.tomcat.unittest.TesterResponse in project tomcat by apache.
the class TestResponseUtil method testAddValidWithValidSingleHeaderAlreadyPresent.
@Test
public void testAddValidWithValidSingleHeaderAlreadyPresent() {
TesterResponse response = new TesterResponse();
response.getCoyoteResponse();
response.addHeader("vary", "foo, bar");
List<String> expected = new ArrayList<>();
expected.add("foo");
expected.add("bar");
doTestAddVaryFieldName(response, "foo", expected);
}
Also used :
ArrayList(java.util.ArrayList)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
Test(org.junit.Test)
Example 12 with TesterResponse
use of org.apache.tomcat.unittest.TesterResponse in project tomcat by apache.
the class TestRemoteIpFilter method testRemoteIpFilter.
private MockFilterChain testRemoteIpFilter(FilterDef filterDef, Request request) throws LifecycleException, IOException, ServletException {
Tomcat tomcat = getTomcatInstance();
Context root = tomcat.addContext("", TEMP_DIR);
RemoteIpFilter remoteIpFilter = new RemoteIpFilter();
filterDef.setFilterClass(RemoteIpFilter.class.getName());
filterDef.setFilter(remoteIpFilter);
filterDef.setFilterName(RemoteIpFilter.class.getName());
root.addFilterDef(filterDef);
FilterMap filterMap = new FilterMap();
filterMap.setFilterName(RemoteIpFilter.class.getName());
filterMap.addURLPatternDecoded("*");
root.addFilterMap(filterMap);
getTomcatInstance().start();
MockFilterChain filterChain = new MockFilterChain();
// TEST
TesterResponse response = new TesterResponse();
response.setRequest(request);
remoteIpFilter.doFilter(request, response, filterChain);
return filterChain;
}
Also used :
Context(org.apache.catalina.Context)
TesterContext(org.apache.tomcat.unittest.TesterContext)
Tomcat(org.apache.catalina.startup.Tomcat)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)
Example 13 with TesterResponse
use of org.apache.tomcat.unittest.TesterResponse in project tomcat70 by apache.
the class TestRealmBase method testHttpConstraint.
/**
* This test case covers the special case in section 13.4.1 of the Servlet
* 3.1 specification for {@link javax.servlet.annotation.HttpConstraint}.
*/
@Test
public void testHttpConstraint() throws IOException {
// Get the annotation from the test case
Class<TesterServletSecurity01> clazz = TesterServletSecurity01.class;
ServletSecurity servletSecurity = clazz.getAnnotation(ServletSecurity.class);
// Convert the annotation into constraints
ServletSecurityElement servletSecurityElement = new ServletSecurityElement(servletSecurity);
SecurityConstraint[] constraints = SecurityConstraint.createConstraints(servletSecurityElement, "/*");
// Create a separate constraint that covers DELETE
SecurityConstraint deleteConstraint = new SecurityConstraint();
deleteConstraint.addAuthRole(ROLE1);
SecurityCollection deleteCollection = new SecurityCollection();
deleteCollection.addMethod("DELETE");
deleteCollection.addPattern("/*");
deleteConstraint.addCollection(deleteCollection);
TesterMapRealm mapRealm = new TesterMapRealm();
// Set up the mock request and response
TesterRequest request = new TesterRequest();
Response response = new TesterResponse();
Context context = request.getContext();
context.addSecurityRole(ROLE1);
context.addSecurityRole(ROLE2);
request.setContext(context);
// Create the principals
List<String> userRoles1 = new ArrayList<String>();
userRoles1.add(ROLE1);
GenericPrincipal gp1 = new GenericPrincipal(USER1, PWD, userRoles1);
List<String> userRoles2 = new ArrayList<String>();
userRoles2.add(ROLE2);
GenericPrincipal gp2 = new GenericPrincipal(USER2, PWD, userRoles2);
List<String> userRoles99 = new ArrayList<String>();
GenericPrincipal gp99 = new GenericPrincipal(USER99, PWD, userRoles99);
// Add the constraints to the context
for (SecurityConstraint constraint : constraints) {
context.addConstraint(constraint);
}
context.addConstraint(deleteConstraint);
// All users should be able to perform a GET
request.setMethod("GET");
SecurityConstraint[] constraintsGet = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp2);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
request.setUserPrincipal(gp99);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsGet, null));
// Only user1 should be able to perform a POST as only that user has
// role1.
request.setMethod("POST");
SecurityConstraint[] constraintsPost = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp2);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPost, null));
// Only users with application roles (role1 or role2 so user1 or user2)
// should be able to perform a PUT.
request.setMethod("PUT");
SecurityConstraint[] constraintsPut = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp2);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsPut, null));
// Only user1 should be able to perform a DELETE as only that user has
// role1.
request.setMethod("DELETE");
SecurityConstraint[] constraintsDelete = mapRealm.findSecurityConstraints(request, context);
request.setUserPrincipal(null);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp1);
Assert.assertTrue(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp2);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
request.setUserPrincipal(gp99);
Assert.assertFalse(mapRealm.hasResourcePermission(request, response, constraintsDelete, null));
}
Also used :
Context(org.apache.catalina.Context)
TesterContext(org.apache.tomcat.unittest.TesterContext)
ServletSecurity(javax.servlet.annotation.ServletSecurity)
ArrayList(java.util.ArrayList)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
ServletSecurityElement(javax.servlet.ServletSecurityElement)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
Response(org.apache.catalina.connector.Response)
TesterMapRealm(org.apache.catalina.startup.TesterMapRealm)
TesterRequest(org.apache.tomcat.unittest.TesterRequest)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Test(org.junit.Test)
Example 14 with TesterResponse
use of org.apache.tomcat.unittest.TesterResponse in project tomcat by apache.
the class TestResponseUtil method testAddAllWithAll.
@Test
public void testAddAllWithAll() {
TesterResponse response = new TesterResponse();
response.getCoyoteResponse();
response.addHeader("vary", "*");
List<String> expected = new ArrayList<>();
expected.add("*");
doTestAddVaryFieldName(response, "*", expected);
}
Also used :
ArrayList(java.util.ArrayList)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
Test(org.junit.Test)
Example 15 with TesterResponse
use of org.apache.tomcat.unittest.TesterResponse in project tomcat by apache.
the class TestResponseUtil method testAddValidWithPartiallyValidSingleHeader.
@Test
public void testAddValidWithPartiallyValidSingleHeader() {
TesterResponse response = new TesterResponse();
response.getCoyoteResponse();
response.addHeader("vary", "{{{, bar");
List<String> expected = new ArrayList<>();
expected.add("bar");
expected.add("too");
doTestAddVaryFieldName(response, "too", expected);
}
Also used :
ArrayList(java.util.ArrayList)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
Test(org.junit.Test)
Aggregations
TesterResponse (org.apache.tomcat.unittest.TesterResponse)18
ArrayList (java.util.ArrayList)14
Test (org.junit.Test)14
Context (org.apache.catalina.Context)6
TesterContext (org.apache.tomcat.unittest.TesterContext)6
Response (org.apache.catalina.connector.Response)4
TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)4
TesterRequest (org.apache.tomcat.unittest.TesterRequest)4
Request (org.apache.catalina.connector.Request)2
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)2
Tomcat (org.apache.catalina.startup.Tomcat)2
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)2
ServletSecurityElement (jakarta.servlet.ServletSecurityElement)1
ServletSecurity (jakarta.servlet.annotation.ServletSecurity)1
ServletSecurityElement (javax.servlet.ServletSecurityElement)1
ServletSecurity (javax.servlet.annotation.ServletSecurity)1
FilterMap (org.apache.catalina.deploy.FilterMap)1
SecurityCollection (org.apache.catalina.deploy.SecurityCollection)1
FilterMap (org.apache.tomcat.util.descriptor.web.FilterMap)1
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)1
