Source Code Cross Referenced for JGuardServletRequestWrapperTest.java in  » Authentication-Authorization » jguard » net » sf » jguard » jee » authentication » http » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:        jGuard is a security framework based on top of jaas (java authentication and authorization security).
003:        it is written for web applications, to resolve simply, access control problems.
004:        version $Name$
005:        http://sourceforge.net/projects/jguard/
006:
007:        Copyright (C) 2004  Charles GAY
008:
009:        This library is free software; you can redistribute it and/or
010:        modify it under the terms of the GNU Lesser General Public
011:        License as published by the Free Software Foundation; either
012:        version 2.1 of the License, or (at your option) any later version.
013:
014:        This library is distributed in the hope that it will be useful,
015:        but WITHOUT ANY WARRANTY; without even the implied warranty of
016:        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
017:        Lesser General Public License for more details.
018:
019:        You should have received a copy of the GNU Lesser General Public
020:        License along with this library; if not, write to the Free Software
021:        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
022:
023:
024:        jGuard project home page:
025:        http://sourceforge.net/projects/jguard/
026:
027:         */
028:        package net.sf.jguard.jee.authentication.http;
029:
030:        import java.security.Principal;
031:
032:        import javax.security.auth.Subject;
033:        import javax.servlet.ServletContext;
034:
035:        import junit.framework.TestCase;
036:        import net.sf.jguard.core.CoreConstants;
037:        import net.sf.jguard.core.authentication.credentials.JGuardCredential;
038:        import net.sf.jguard.core.principals.RolePrincipal;
039:
040:        public class JGuardServletRequestWrapperTest extends TestCase {
041:
042:            public void testIsUserInRole() {
043:                HttpServletRequestSimulator request = new HttpServletRequestSimulator();
044:                HttpSessionSimulator session = new HttpSessionSimulator();
045:                request.setSession(session);
046:                ServletContextSimulator context = new ServletContextSimulator();
047:                String applicationName = "Myapp";
048:                context.setAttribute(CoreConstants.APPLICATION_NAME,
049:                        applicationName);
050:                session.setServletContext(context);
051:                // Mock subject and principal creation
052:                Subject subj = new Subject();
053:                Principal p1 = new RolePrincipal("testUser", applicationName);
054:                Principal p2 = new RolePrincipal("testAnotherUser",
055:                        applicationName);
056:                subj.getPrincipals().add(p1);
057:                subj.getPrincipals().add(p2);
058:                HttpAuthenticationUtilsMock httputils = new HttpAuthenticationUtilsMock();
059:                httputils.setSubject(subj);
060:                // Putting into session object
061:                request.getSession().setAttribute(HttpConstants.AUTHN_UTILS,
062:                        httputils);
063:
064:                JGuardServletRequestWrapper wrapper = new JGuardServletRequestWrapper(
065:                        request);
066:
067:                // Testing
068:                assertTrue(wrapper.isUserInRole("testUser"));
069:                assertTrue(wrapper.isUserInRole("testAnotherUser"));
070:                assertFalse(wrapper.isUserInRole("testOneMoreUser"));
071:            }
072:
073:            public void testGetRemoteUser() {
074:                HttpServletRequestSimulator request = new HttpServletRequestSimulator();
075:
076:                // Mock subject and credential
077:                Subject subj = new Subject();
078:                JGuardCredential login = new JGuardCredential();
079:                login.setId("login");
080:                login.setValue("testUser");
081:                HttpAuthenticationUtilsMock httputils = new HttpAuthenticationUtilsMock();
082:                httputils.setSubject(subj);
083:                request.getSession(true).setAttribute(
084:                        HttpConstants.AUTHN_UTILS, httputils);
085:                JGuardServletRequestWrapper wrapper = new JGuardServletRequestWrapper(
086:                        request);
087:
088:                // Testing with public credentials
089:                subj.getPublicCredentials().add(login);
090:                assertEquals(wrapper.getRemoteUser(), "testUser");
091:
092:                // Testing with private credentials
093:                subj.getPublicCredentials().clear();
094:                assertEquals(subj.getPublicCredentials().size(), 0);
095:                subj.getPrivateCredentials().add(login);
096:                assertEquals(wrapper.getRemoteUser(), "testUser");
097:
098:                // Testing with no valid credential
099:                Subject invalidSubj = new Subject();
100:                JGuardCredential invalidCredential = new JGuardCredential();
101:                invalidCredential.setId("bla");
102:                invalidCredential.setValue("bla");
103:                invalidSubj.getPublicCredentials().add(invalidCredential);
104:                subj.getPrivateCredentials().add(invalidCredential);
105:                ((HttpAuthenticationUtilsMock) request.getSession()
106:                        .getAttribute(HttpConstants.AUTHN_UTILS))
107:                        .setSubject(invalidSubj);
108:                assertNull(wrapper.getRemoteUser());
109:            }
110:        }