001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.web.test;
023:
024: import java.net.HttpURLConnection;
025: import java.net.URL;
026: import javax.management.ObjectName;
027:
028: import junit.framework.Test;
029: import junit.framework.TestSuite;
030:
031: import org.jboss.test.JBossTestCase;
032: import org.jboss.test.JBossTestSetup;
033: import org.jboss.test.util.web.HttpUtils;
034: import org.apache.commons.httpclient.HttpMethodBase;
035: import org.apache.commons.httpclient.Header;
036:
037: /** Tests of servlet container integration into the JBoss server. This test
038: requires than a web container be integrated into the JBoss server. The tests
039: currently do NOT use the java.net.HttpURLConnection and associated http client
040: and these do not return valid HTTP error codes so if a failure occurs it
041: is best to connect the webserver using a browser to look for additional error
042: info.
043:
044: The secure access tests require a user named 'jduke' with a password of 'theduke'
045: with a role of 'AuthorizedUser' in the servlet container.
046:
047: @author Scott.Stark@jboss.org
048: @version $Revision: 62620 $
049: */
050: public class WebIntegrationUnitTestCase extends JBossTestCase {
051: private static String REALM = "JBossTest Servlets";
052: private String baseURL = HttpUtils.getBaseURL();
053: private String baseURLNoAuth = HttpUtils.getBaseURLNoAuth();
054:
055: public WebIntegrationUnitTestCase(String name) {
056: super (name);
057: }
058:
059: /** Access the http://{host}/jbosstest/APIServlet to test the
060: * getRealPath method
061: */
062: public void testRealPath() throws Exception {
063: URL url = new URL(baseURL
064: + "jbosstest/APIServlet?op=testGetRealPath");
065: HttpUtils.accessURL(url);
066: }
067:
068: /** Access the http://{host}/jbosstest/APIServlet to test the
069: * HttpSessionListener events
070: */
071: public void testHttpSessionListener() throws Exception {
072: URL url = new URL(baseURL
073: + "jbosstest/APIServlet?op=testSessionListener");
074: HttpUtils.accessURL(url);
075: }
076:
077: /** Access the http://{host}/jbosstest/EJBOnStartupServlet
078: */
079: public void testEJBOnStartupServlet() throws Exception {
080: URL url = new URL(baseURL + "jbosstest/EJBOnStartupServlet");
081: HttpUtils.accessURL(url);
082: }
083:
084: /** Access the http://{host}/jbosstest/ENCServlet
085: */
086: public void testENCServlet() throws Exception {
087: URL url = new URL(baseURL + "jbosstest/ENCServlet");
088: HttpUtils.accessURL(url);
089: }
090:
091: /** Access the http://{host}/jbosstest/SimpleServlet to test that servlets
092: * in the WEB-INF/lib jar.
093: *
094: */
095: public void testServletInJar() throws Exception {
096: URL url = new URL(baseURL + "jbosstest/SimpleServlet");
097: HttpUtils.accessURL(url);
098: }
099:
100: /** Access the http://{host}/jbosstest/EJBServlet
101: */
102: public void testEJBServlet() throws Exception {
103: URL url = new URL(baseURL + "jbosstest/EJBServlet");
104: HttpUtils.accessURL(url);
105: }
106:
107: /** Access the http://{host}/jbosstest/EntityServlet
108: */
109: public void testEntityServlet() throws Exception {
110: URL url = new URL(baseURL + "jbosstest/EntityServlet");
111: HttpUtils.accessURL(url);
112: }
113:
114: /** Access the http://{host}/jbosstest/StatefulSessionServlet
115: */
116: public void testStatefulSessionServlet() throws Exception {
117: URL url = new URL(baseURL + "jbosstest/StatefulSessionServlet");
118: HttpUtils.accessURL(url);
119: // Need a mechanism to force passivation...
120: HttpUtils.accessURL(url);
121: }
122:
123: /** Access the http://{host}/jbosstest/UserTransactionServlet
124: */
125: public void testUserTransactionServlet() throws Exception {
126: URL url = new URL(baseURL + "jbosstest/UserTransactionServlet");
127: HttpUtils.accessURL(url);
128: }
129:
130: /** Access the http://{host}/jbosstest/SpeedServlet
131: */
132: public void testSpeedServlet() throws Exception {
133: URL url = new URL(baseURL + "jbosstest/SpeedServlet");
134: HttpUtils.accessURL(url);
135: }
136:
137: /** Access the http://{host}/jbosstest/snoop.jsp
138: */
139: public void testSnoopJSP() throws Exception {
140: URL url = new URL(baseURL + "jbosstest/snoop.jsp");
141: HttpUtils.accessURL(url);
142: }
143:
144: /** Access the http://{host}/jbosstest/snoop.jsp
145: */
146: public void testSnoopJSPByPattern() throws Exception {
147: URL url = new URL(baseURL + "jbosstest/test-snoop.snp");
148: HttpUtils.accessURL(url);
149: }
150:
151: /** Access the http://{host}/jbosstest/test-jsp-mapping
152: */
153: public void testSnoopJSPByMapping() throws Exception {
154: URL url = new URL(baseURL + "jbosstest/test-jsp-mapping");
155: HttpUtils.accessURL(url);
156: }
157:
158: /** Access the http://{host}/jbosstest/classpath.jsp
159: */
160: public void testJSPClasspath() throws Exception {
161: URL url = new URL(baseURL + "jbosstest/classpath.jsp");
162: HttpUtils.accessURL(url);
163: }
164:
165: /** Access the http://{host}/jbosstest/ClientLoginServlet
166: */
167: public void testClientLoginServlet() throws Exception {
168: URL url = new URL(baseURL + "jbosstest/ClientLoginServlet");
169: HttpUtils.accessURL(url);
170: }
171:
172: /** Access the http://{host}/jbosstest/restricted/UserInRoleServlet to
173: * test isUserInRole.
174: */
175: public void testUserInRoleServlet() throws Exception {
176: URL url = new URL(baseURL
177: + "jbosstest/restricted/UserInRoleServlet");
178: HttpMethodBase request = HttpUtils.accessURL(url);
179: Header errors = request
180: .getResponseHeader("X-ExpectedUserRoles-Errors");
181: log.info("X-ExpectedUserRoles-Errors: " + errors);
182: assertTrue(
183: "X-ExpectedUserRoles-Errors(" + errors + ") is null",
184: errors == null);
185: errors = request
186: .getResponseHeader("X-UnexpectedUserRoles-Errors");
187: log.info("X-UnexpectedUserRoles-Errors: " + errors);
188: assertTrue("X-UnexpectedUserRoles-Errors(" + errors
189: + ") is null", errors == null);
190: }
191:
192: /** Access the http://{host}/jbosstest/restricted/SecureServlet
193: */
194: public void testSecureServlet() throws Exception {
195: URL url = new URL(baseURL
196: + "jbosstest/restricted/SecureServlet");
197: HttpUtils.accessURL(url);
198: }
199:
200: /** Access the http://{host}/jbosstest/restricted2/SecureServlet
201: */
202: public void testSecureServlet2() throws Exception {
203: URL url = new URL(baseURL
204: + "jbosstest/restricted2/SecureServlet");
205: HttpUtils.accessURL(url);
206: }
207:
208: /** Access the http://{host}/jbosstest/restricted/SubjectServlet
209: */
210: public void testSubjectServlet() throws Exception {
211: URL url = new URL(baseURL
212: + "jbosstest/restricted/SubjectServlet");
213: HttpMethodBase request = HttpUtils.accessURL(url);
214: Header hdr = request.getResponseHeader("X-SubjectServlet");
215: log.info("X-SubjectServlet: " + hdr);
216: assertTrue("X-SubjectServlet(" + hdr + ") is NOT null",
217: hdr != null);
218: hdr = request.getResponseHeader("X-SubjectFilter-ENC");
219: log.info("X-SubjectFilter-ENC: " + hdr);
220: assertTrue("X-SubjectFilter-ENC(" + hdr + ") is NOT null",
221: hdr != null);
222: hdr = request
223: .getResponseHeader("X-SubjectFilter-SubjectSecurityManager");
224: log.info("X-SubjectFilter-SubjectSecurityManager: " + hdr);
225: assertTrue("X-SubjectFilter-SubjectSecurityManager(" + hdr
226: + ") is NOT null", hdr != null);
227: }
228:
229: /** Access the http://{host}/jbosstest/restricted/SecureServlet
230: */
231: public void testSecureServletAndUnsecureAccess() throws Exception {
232: getLog().info("+++ testSecureServletAndUnsecureAccess");
233: URL url = new URL(baseURL
234: + "jbosstest/restricted/SecureServlet");
235: getLog().info("Accessing SecureServlet with valid login");
236: HttpUtils.accessURL(url);
237: String baseURL2 = "http://" + getServerHost() + ":"
238: + Integer.getInteger("web.port", 8080) + '/';
239: URL url2 = new URL(baseURL2
240: + "jbosstest/restricted/UnsecureEJBServlet");
241: getLog().info("Accessing SecureServlet with no login");
242: HttpUtils.accessURL(url2, REALM,
243: HttpURLConnection.HTTP_UNAUTHORIZED);
244: }
245:
246: /** Access the http://{host}/jbosstest/restricted/SecureServlet
247: */
248: public void testSecureServletWithBadPass() throws Exception {
249: String baseURL = "http://jduke:badpass@" + getServerHost()
250: + ":" + Integer.getInteger("web.port", 8080) + '/';
251: URL url = new URL(baseURL
252: + "jbosstest/restricted/SecureServlet");
253: HttpUtils.accessURL(url, REALM,
254: HttpURLConnection.HTTP_UNAUTHORIZED);
255: }
256:
257: /** Access the http://{host}/jbosstest/restricted/SecureServlet
258: */
259: public void testSecureServletWithNoLogin() throws Exception {
260: String baseURL = "http://" + getServerHost() + ":"
261: + Integer.getInteger("web.port", 8080) + '/';
262: URL url = new URL(baseURL
263: + "jbosstest/restricted/SecureServlet");
264: HttpUtils.accessURL(url, REALM,
265: HttpURLConnection.HTTP_UNAUTHORIZED);
266: }
267:
268: /** Access the http://{host}/jbosstest-not/unrestricted/SecureServlet
269: */
270: public void testNotJbosstest() throws Exception {
271: String baseURL = "http://" + getServerHost() + ":"
272: + Integer.getInteger("web.port", 8080) + '/';
273: URL url = new URL(baseURL
274: + "jbosstest-not/unrestricted/SecureServlet");
275: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
276: }
277:
278: /** Access the http://{host}/jbosstest/restricted/SecuredEntityFacadeServlet
279: */
280: public void testSecuredEntityFacadeServlet() throws Exception {
281: URL url = new URL(baseURL
282: + "jbosstest/restricted/SecuredEntityFacadeServlet");
283: HttpUtils.accessURL(url);
284: }
285:
286: /** Access the http://{host}/jbosstest/restricted/SecureEJBAccess
287: */
288: public void testSecureEJBAccess() throws Exception {
289: URL url = new URL(baseURL
290: + "jbosstest/restricted/SecureEJBAccess");
291: HttpUtils.accessURL(url);
292: }
293:
294: /** Access the http://{host}/jbosstest/restricted/include_ejb.jsp
295: */
296: public void testIncludeEJB() throws Exception {
297: URL url = new URL(baseURL
298: + "jbosstest/restricted/include_ejb.jsp");
299: HttpUtils.accessURL(url);
300: }
301:
302: /** Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
303: * to test that an unsecured servlet cannot access a secured EJB method
304: * that requires a valid permission. This should fail.
305: */
306: public void testUnsecureEJBAccess() throws Exception {
307: URL url = new URL(baseURLNoAuth
308: + "jbosstest/UnsecureEJBAccess?method=echo");
309: HttpUtils.accessURL(url, REALM,
310: HttpURLConnection.HTTP_INTERNAL_ERROR);
311: }
312:
313: /** Access the http://{host}/jbosstest/UnsecureEJBAccess with method=unchecked
314: * to test that an unsecured servlet can access a secured EJB method that
315: * only requires an authenticated user. This requires unauthenticated
316: * identity support by the web security domain.
317: */
318: public void testUnsecureAnonEJBAccess() throws Exception {
319: URL url = new URL(baseURLNoAuth
320: + "jbosstest/UnsecureEJBAccess?method=unchecked");
321: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
322: }
323:
324: public void testUnsecureRunAsServlet() throws Exception {
325: URL url = new URL(baseURLNoAuth
326: + "jbosstest/UnsecureRunAsServlet?method=checkRunAs");
327: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
328: }
329:
330: /** Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalName
331: * to test that an unsecured servlet can access a secured EJB method by using
332: * a run-as role. This should also have a custom run-as principal name.
333: *
334: * @throws Exception
335: */
336: public void testUnsecureRunAsServletWithPrincipalName()
337: throws Exception {
338: URL url = new URL(
339: baseURLNoAuth
340: + "jbosstest/UnsecureRunAsServletWithPrincipalName?ejbName=ejb/UnsecureRunAsServletWithPrincipalNameTarget");
341: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
342: }
343:
344: /** Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles
345: * to test that an unsecured servlet can access a secured EJB method by using
346: * a run-as role. This should also have a custom run-as principal name and
347: * additional roles.
348: *
349: * @throws Exception
350: */
351: public void testUnsecureRunAsServletWithPrincipalNameAndRoles()
352: throws Exception {
353: URL url = new URL(
354: baseURLNoAuth
355: + "jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles?ejbName=ejb/UnsecureRunAsServletWithPrincipalNameAndRolesTarget");
356: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
357: }
358:
359: /** Deploy a second ear that include a notjbosstest-web.war to test ears
360: with the same war names conflicting.
361: Access the http://{host}/jbosstest-not2/unrestricted/SecureServlet
362: */
363: public void testNotJbosstest2() throws Exception {
364: try {
365: deploy("jbosstest-web2.ear");
366: String baseURL = "http://" + getServerHost() + ":"
367: + Integer.getInteger("web.port", 8080) + '/';
368: URL url = new URL(baseURL
369: + "jbosstest-not2/unrestricted/SecureServlet");
370: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
371: } finally {
372: undeploy("jbosstest-web2.ear");
373: } // end of try-finally
374: }
375:
376: /** Deploy a bad war and then redploy with a fixed war to test failed war
377: * cleanup.
378: * Access the http://{host}/redeploy/index.html
379: */
380: public void testBadWarRedeploy() throws Exception {
381: getLog().info("+++ Begin testBadWarRedeploy");
382: try {
383: deploy("bad-web.war");
384: fail("The bad-web.war deployment did not fail");
385: } catch (Exception e) {
386: getLog().debug("bad-web.war failed as expected", e);
387: } finally {
388: undeploy("bad-web.war");
389: } // end of try-finally
390: try {
391: deploy("good-web.war");
392: String baseURL = "http://" + getServerHost() + ":"
393: + Integer.getInteger("web.port", 8080) + '/';
394: URL url = new URL(baseURL + "redeploy/index.html");
395: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
396: getLog().debug(baseURL + "redeploy/index.html OK");
397: } finally {
398: undeploy("good-web.war");
399: getLog().info("+++ End testBadWarRedeploy");
400: } // end of try-finally
401: }
402:
403: /** Test of a war that accesses classes referred to via the war manifest
404: * classpath. Access the http://{host}/manifest/classpath.jsp
405: */
406: public void testWarManifest() throws Exception {
407: deploy("manifest-web.ear");
408: try {
409: String baseURL = "http://" + getServerHost() + ":"
410: + Integer.getInteger("web.port", 8080) + '/';
411: URL url = new URL(baseURL + "manifest/classpath.jsp");
412: HttpMethodBase request = HttpUtils.accessURL(url);
413: Header errors = request.getResponseHeader("X-Exception");
414: log.info("X-Exception: " + errors);
415: assertTrue("X-Exception(" + errors + ") is null",
416: errors == null);
417: } finally {
418: undeploy("manifest-web.ear");
419: }
420: }
421:
422: public void testBadEarRedeploy() throws Exception {
423: getLog().info("+++ Begin testBadEarRedeploy");
424: try {
425: deploy("jbosstest-bad.ear");
426: fail("The jbosstest-bad.ear deployment did not fail");
427: } catch (Exception e) {
428: getLog().debug("jbosstest-bad.ear failed as expected", e);
429: } finally {
430: undeploy("jbosstest-bad.ear");
431: } // end of finally
432: try {
433: deploy("jbosstest-good.ear");
434: String baseURL = "http://" + getServerHost() + ":"
435: + Integer.getInteger("web.port", 8080) + '/';
436: URL url = new URL(baseURL + "redeploy/index.html");
437: HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_OK);
438: getLog().debug(baseURL + "redeploy/index.html OK");
439: } finally {
440: undeploy("jbosstest-good.ear");
441: getLog().info("+++ End testBadEarRedeploy");
442: } // end of try-finally
443:
444: }
445:
446: /**
447: * Validate a war level override of the
448: * java2ClassLoadingComplianceOverride flag to true with a
449: * useJBossWebLoader = false
450: *
451: * @throws Exception
452: */
453: public void testJava2ClassLoadingComplianceOverride()
454: throws Exception {
455: getLog().info(
456: "+++ Begin testJava2ClassLoadingComplianceOverride");
457: deploy("class-loading.war");
458: try {
459: String baseURL = "http://" + getServerHost() + ":"
460: + Integer.getInteger("web.port", 8080) + '/';
461: // Load a log4j class
462: URL url = new URL(
463: baseURL
464: + "class-loading/ClasspathServlet2?class=org.apache.log4j.net.SocketAppender");
465: HttpMethodBase request = HttpUtils.accessURL(url, REALM,
466: HttpURLConnection.HTTP_OK);
467: Header cs = request.getResponseHeader("X-CodeSource");
468: log.info(cs);
469: // Validate it has not come from the war
470: assertTrue("X-CodeSource(" + cs + ") does not contain war",
471: cs.getValue().indexOf(".war") < 0);
472: getLog().debug(url + " OK");
473: } finally {
474: undeploy("class-loading.war");
475: getLog().info(
476: "+++ End testJava2ClassLoadingComplianceOverride");
477: }
478: }
479:
480: /**
481: * Validate a war level override of the
482: * java2ClassLoadingComplianceOverride flag to true with a
483: * useJBossWebLoader = true
484: *
485: * @throws Exception
486: */
487: public void testJava2ClassLoadingComplianceOverrideULR()
488: throws Exception {
489: getLog().info(
490: "+++ Begin testJava2ClassLoadingComplianceOverrideULR");
491: deploy("class-loading-ulr.war");
492: try {
493: String baseURL = "http://" + getServerHost() + ":"
494: + Integer.getInteger("web.port", 8080) + '/';
495: // Load a log4j class
496: URL url = new URL(
497: baseURL
498: + "class-loading-ulr/ClasspathServlet2?class=org.apache.log4j.net.SocketAppender");
499: HttpMethodBase request = HttpUtils.accessURL(url, REALM,
500: HttpURLConnection.HTTP_OK);
501: Header cs = request.getResponseHeader("X-CodeSource");
502: log.info(cs);
503: // Validate it has not come from the war
504: assertTrue("X-CodeSource(" + cs + ") does not contain war",
505: cs.getValue().indexOf(".war") < 0);
506: getLog().debug(url + " OK");
507: } finally {
508: undeploy("class-loading-ulr.war");
509: getLog()
510: .info(
511: "+++ End testJava2ClassLoadingComplianceOverrideULR");
512: }
513: }
514:
515: /**
516: * JBAS-3279: Authenticated user can bypass declarative role checks for servlets
517: */
518: public void testUnauthorizedAccess() throws Exception {
519: URL url = new URL(baseURL
520: + "jbosstest//restricted3//SecureServlet");
521: HttpUtils.accessURL(url, REALM,
522: HttpURLConnection.HTTP_FORBIDDEN);
523: url = new URL(baseURL
524: + "jbosstest/%2frestricted3//SecureServlet");
525: // BES 2007/02/21 -- %xx encoded '/' is verboten so we now expect 400
526: //HttpUtils.accessURL(url,REALM, HttpURLConnection.HTTP_FORBIDDEN);
527: HttpUtils.accessURL(url, REALM,
528: HttpURLConnection.HTTP_BAD_REQUEST);
529: }
530:
531: /**
532: * Setup the test suite.
533: */
534: public static Test suite() throws Exception {
535: TestSuite suite = new TestSuite();
536: suite.addTest(new TestSuite(WebIntegrationUnitTestCase.class));
537:
538: // Create an initializer for the test suite
539: Test wrapper = new JBossTestSetup(suite) {
540: protected void setUp() throws Exception {
541: super .setUp();
542: redeploy("jbosstest-web.ear");
543: flushAuthCache("jbosstest-web");
544: }
545:
546: protected void tearDown() throws Exception {
547: undeploy("jbosstest-web.ear");
548: super .tearDown();
549:
550: // Remove all the messages created during this test
551: getServer()
552: .invoke(
553: new ObjectName(
554: "jboss.mq.destination:service=Queue,name=testQueue"),
555: "removeAllMessages", new Object[0],
556: new String[0]);
557:
558: }
559: };
560: return wrapper;
561: }
562:
563: }
|