Skip to content

Commit c715338

Browse files
arjantijmsarjantijms
committed
Cleaned up jaxrs decl security test and updated to html unit
1 parent f964125 commit c715338

4 files changed

Lines changed: 69 additions & 86 deletions

File tree

jaxrs/jaxrs-security-declarative/pom.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,10 @@
66
<groupId>org.javaee7</groupId>
77
<artifactId>jaxrs</artifactId>
88
<version>1.0-SNAPSHOT</version>
9-
<relativePath>../pom.xml</relativePath>
109
</parent>
10+
1111
<artifactId>jaxrs-jaxrs-security-declarative</artifactId>
1212
<packaging>war</packaging>
13+
1314
<name>Java EE 7 Sample: jaxrs - jaxrs-security-declarative</name>
1415
</project>

jaxrs/jaxrs-security-declarative/src/main/java/org/javaee7/jaxrs/security/declarative/MyApplication.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,9 @@
3939
*/
4040
package org.javaee7.jaxrs.security.declarative;
4141

42+
import java.util.HashSet;
4243
import java.util.Set;
44+
4345
import javax.ws.rs.ApplicationPath;
4446
import javax.ws.rs.core.Application;
4547

@@ -51,7 +53,7 @@ public class MyApplication extends Application {
5153

5254
@Override
5355
public Set<Class<?>> getClasses() {
54-
Set<Class<?>> resources = new java.util.HashSet<>();
56+
Set<Class<?>> resources = new HashSet<>();
5557
resources.add(MyResource.class);
5658
return resources;
5759
}

jaxrs/jaxrs-security-declarative/src/main/java/org/javaee7/jaxrs/security/declarative/MyResource.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package org.javaee7.jaxrs.security.declarative;
22

33
import static javax.ws.rs.core.MediaType.APPLICATION_FORM_URLENCODED;
4+
import static javax.ws.rs.core.MediaType.TEXT_PLAIN;
45

56
import javax.enterprise.context.RequestScoped;
67
import javax.ws.rs.Consumes;
@@ -11,12 +12,14 @@
1112
import javax.ws.rs.PUT;
1213
import javax.ws.rs.Path;
1314
import javax.ws.rs.PathParam;
15+
import javax.ws.rs.Produces;
1416

1517
/**
1618
* @author Arun Gupta
1719
*/
18-
@Path("myresource")
1920
@RequestScoped
21+
@Path("myresource")
22+
@Produces(TEXT_PLAIN)
2023
public class MyResource {
2124

2225
@GET

jaxrs/jaxrs-security-declarative/src/test/java/org/javaee7/jaxrs/security/declarative/MyResourceTest.java

Lines changed: 60 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,33 @@
11
package org.javaee7.jaxrs.security.declarative;
22

3+
import static com.gargoylesoftware.htmlunit.HttpMethod.POST;
4+
import static com.gargoylesoftware.htmlunit.HttpMethod.PUT;
5+
import static com.gargoylesoftware.htmlunit.util.UrlUtils.toUrlUnsafe;
6+
import static org.javaee7.ServerOperations.addUsersToContainerIdentityStore;
37
import static org.junit.Assert.assertEquals;
4-
import static org.junit.Assert.assertNotNull;
58
import static org.junit.Assert.assertTrue;
69
import static org.junit.Assert.fail;
710

8-
import java.io.ByteArrayInputStream;
911
import java.io.File;
1012
import java.io.IOException;
1113
import java.net.URL;
12-
import java.nio.file.Paths;
13-
import java.util.ArrayList;
14-
import java.util.List;
1514

16-
import org.javaee7.CliCommands;
1715
import org.jboss.arquillian.container.test.api.Deployment;
1816
import org.jboss.arquillian.junit.Arquillian;
1917
import org.jboss.arquillian.test.api.ArquillianResource;
2018
import org.jboss.shrinkwrap.api.ShrinkWrap;
2119
import org.jboss.shrinkwrap.api.spec.WebArchive;
20+
import org.junit.After;
21+
import org.junit.Before;
2222
import org.junit.Test;
2323
import org.junit.runner.RunWith;
2424
import org.xml.sax.SAXException;
2525

26-
import com.meterware.httpunit.AuthorizationRequiredException;
27-
import com.meterware.httpunit.GetMethodWebRequest;
28-
import com.meterware.httpunit.HttpException;
29-
import com.meterware.httpunit.PostMethodWebRequest;
30-
import com.meterware.httpunit.PutMethodWebRequest;
31-
import com.meterware.httpunit.WebConversation;
32-
import com.meterware.httpunit.WebResponse;
26+
import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
27+
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
28+
import com.gargoylesoftware.htmlunit.TextPage;
29+
import com.gargoylesoftware.htmlunit.WebClient;
30+
import com.gargoylesoftware.htmlunit.WebRequest;
3331

3432
/**
3533
* @author Arun Gupta
@@ -41,115 +39,94 @@ public class MyResourceTest {
4139
private URL base;
4240

4341
private static final String WEBAPP_SRC = "src/main/webapp";
42+
43+
private WebClient webClient;
44+
private DefaultCredentialsProvider correctCreds = new DefaultCredentialsProvider();
45+
private DefaultCredentialsProvider incorrectCreds = new DefaultCredentialsProvider();
46+
47+
@Before
48+
public void setup() {
49+
webClient = new WebClient();
50+
correctCreds.addCredentials("u1", "p1");
51+
incorrectCreds.addCredentials("random", "random");
52+
}
53+
54+
@After
55+
public void tearDown() {
56+
webClient.closeAllWindows();
57+
}
4458

4559
@Deployment(testable = false)
4660
public static WebArchive createDeployment() {
4761

4862
addUsersToContainerIdentityStore();
4963

5064
return ShrinkWrap.create(WebArchive.class)
51-
.addAsWebInfResource((new File(WEBAPP_SRC + "/WEB-INF", "web.xml")))
52-
.addClasses(MyApplication.class, MyResource.class);
65+
.addAsWebInfResource((new File(WEBAPP_SRC + "/WEB-INF", "web.xml")))
66+
.addClasses(MyApplication.class, MyResource.class);
5367
}
5468

5569
@Test
5670
public void testGetWithCorrectCredentials() throws IOException, SAXException {
57-
WebConversation conv = new WebConversation();
58-
conv.setAuthentication("file", "u1", "p1");
59-
GetMethodWebRequest getRequest = new GetMethodWebRequest(base + "/webresources/myresource");
60-
WebResponse response = null;
61-
try {
62-
response = conv.getResponse(getRequest);
63-
} catch (AuthorizationRequiredException e) {
64-
fail(e.getMessage());
65-
}
66-
assertNotNull(response);
67-
assertTrue(response.getText().contains("get"));
71+
webClient.setCredentialsProvider(correctCreds);
72+
TextPage page = webClient.getPage(base + "webresources/myresource");
73+
74+
assertTrue(page.getContent() .contains("get"));
6875
}
6976

7077
@Test
7178
public void testGetSubResourceWithCorrectCredentials() throws IOException, SAXException {
72-
WebConversation conv = new WebConversation();
73-
conv.setAuthentication("file", "u1", "p1");
74-
GetMethodWebRequest getRequest = new GetMethodWebRequest(base + "/webresources/myresource/1");
75-
WebResponse response = null;
76-
try {
77-
response = conv.getResponse(getRequest);
78-
} catch (AuthorizationRequiredException e) {
79-
fail(e.getMessage());
80-
}
81-
assertNotNull(response);
79+
webClient.setCredentialsProvider(correctCreds);
80+
TextPage page = webClient.getPage(base + "webresources/myresource/1");
8281

83-
assertTrue(response.getText().contains("get1"));
82+
assertTrue(page.getContent() .contains("get1"));
8483
}
8584

8685
@Test
8786
public void testGetWithIncorrectCredentials() throws IOException, SAXException {
88-
WebConversation conv = new WebConversation();
89-
conv.setAuthentication("file", "random", "random");
90-
GetMethodWebRequest getRequest = new GetMethodWebRequest(base + "/webresources/myresource");
87+
webClient.setCredentialsProvider(incorrectCreds);
88+
9189
try {
92-
WebResponse response = conv.getResponse(getRequest);
93-
} catch (AuthorizationRequiredException e) {
94-
assertNotNull(e);
90+
webClient.getPage(base + "webresources/myresource");
91+
} catch (FailingHttpStatusCodeException e) {
92+
assertEquals(401, e.getStatusCode());
9593
return;
9694
}
95+
9796
fail("GET can be called with incorrect credentials");
9897
}
9998

10099
@Test
101100
public void testPost() throws IOException, SAXException {
102-
WebConversation conv = new WebConversation();
103-
conv.setAuthentication("file", "u1", "p1");
104-
PostMethodWebRequest postRequest = new PostMethodWebRequest(base + "/webresources/myresource");
101+
webClient.setCredentialsProvider(correctCreds);
102+
105103
try {
106-
WebResponse response = conv.getResponse(postRequest);
107-
} catch (HttpException e) {
108-
assertNotNull(e);
109-
assertEquals(403, e.getResponseCode());
104+
WebRequest postRequest = new WebRequest(toUrlUnsafe(base + "webresources/myresource"), POST);
105+
postRequest.setRequestBody("name=myname");
106+
webClient.getPage(postRequest);
107+
} catch (FailingHttpStatusCodeException e) {
108+
assertEquals(403, e.getStatusCode());
110109
return;
111110
}
111+
112+
// All methods are excluded except for GET
112113
fail("POST is not authorized and can still be called");
113114
}
114115

115116
@Test
116117
public void testPut() throws IOException, SAXException {
117-
WebConversation conv = new WebConversation();
118-
conv.setAuthentication("file", "u1", "p1");
119-
byte[] bytes = new byte[8];
120-
ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
121-
PutMethodWebRequest putRequest = new PutMethodWebRequest(base + "/webresources/myresource", bais, "text/plain");
118+
webClient.setCredentialsProvider(correctCreds);
119+
122120
try {
123-
WebResponse response = conv.getResponse(putRequest);
124-
} catch (HttpException e) {
125-
assertNotNull(e);
126-
assertEquals(403, e.getResponseCode());
121+
WebRequest postRequest = new WebRequest(toUrlUnsafe(base + "webresources/myresource"), PUT);
122+
postRequest.setRequestBody("name=myname");
123+
webClient.getPage(postRequest);
124+
} catch (FailingHttpStatusCodeException e) {
125+
assertEquals(403, e.getStatusCode());
127126
return;
128127
}
129-
fail("PUT is not authorized and can still be called");
130-
}
131-
132-
private static void addUsersToContainerIdentityStore() {
133-
134-
// TODO: abstract adding container managed users to utility class
135-
// TODO: consider PR for sending CLI commands to Arquillian
136-
137-
String javaEEServer = System.getProperty("javaEEServer");
138128

139-
if ("glassfish-remote".equals(javaEEServer)) {
140-
List<String> cmd = new ArrayList<>();
141-
142-
cmd.add("create-file-user");
143-
cmd.add("--groups");
144-
cmd.add("g1");
145-
cmd.add("--passwordfile");
146-
cmd.add(Paths.get("").toAbsolutePath() + "/src/test/resources/password.txt");
147-
148-
cmd.add("u1");
149-
150-
CliCommands.payaraGlassFish(cmd);
151-
}
152-
153-
// TODO: support other servers than Payara and GlassFish
129+
// All methods are excluded except for GET
130+
fail("PUT is not authorized and can still be called");
154131
}
155132
}

0 commit comments

Comments
 (0)