001: /*
002: * ====================================================================
003: * JAFFA - Java Application Framework For All
004: *
005: * Copyright (C) 2002 JAFFA Development Group
006: *
007: * This library is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU Lesser General Public
009: * License as published by the Free Software Foundation; either
010: * version 2.1 of the License, or (at your option) any later version.
011: *
012: * This library is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this library; if not, write to the Free Software
019: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020: *
021: * Redistribution and use of this software and associated documentation ("Software"),
022: * with or without modification, are permitted provided that the following conditions are met:
023: * 1. Redistributions of source code must retain copyright statements and notices.
024: * Redistributions must also contain a copy of this document.
025: * 2. Redistributions in binary form must reproduce the above copyright notice,
026: * this list of conditions and the following disclaimer in the documentation
027: * and/or other materials provided with the distribution.
028: * 3. The name "JAFFA" must not be used to endorse or promote products derived from
029: * this Software without prior written permission. For written permission,
030: * please contact mail to: jaffagroup@yahoo.com.
031: * 4. Products derived from this Software may not be called "JAFFA" nor may "JAFFA"
032: * appear in their names without prior written permission.
033: * 5. Due credit should be given to the JAFFA Project (http://jaffa.sourceforge.net).
034: *
035: * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
036: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
037: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
038: * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
039: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
040: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
041: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
042: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
043: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
044: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
045: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
046: * SUCH DAMAGE.
047: * ====================================================================
048: */
049:
050: /*
051: * AddTest.java
052: *
053: * Created on April 1, 2002, 5:47 PM
054: */
055:
056: package security;
057:
058: import junit.framework.TestCase;
059: import com.meterware.httpunit.WebConversation;
060: import com.meterware.httpunit.WebRequest;
061: import com.meterware.httpunit.WebResponse;
062: import com.meterware.httpunit.GetMethodWebRequest;
063: import com.meterware.httpunit.WebTable;
064: import com.meterware.httpunit.WebForm;
065:
066: /**
067: *
068: * @author PaulE
069: */
070: public class JSPGuardsTest extends TestCase {
071:
072: private static final String WEB_ROOT = "http://localhost:8080/httpunittest/";
073:
074: /** Creates new QueryTest
075: * @param name The name of the test case.
076: */
077: public JSPGuardsTest(String name) {
078: super (name);
079: }
080:
081: /** Sets up the fixture, by creating the UOW. This method is called before a test is executed.
082: */
083: protected void setUp() {
084: }
085:
086: /** Tears down the fixture, by closing the UOW. This method is called after a test is executed.
087: */
088: protected void tearDown() {
089: }
090:
091: private WebResponse logOn(WebConversation wc, String url,
092: String user, String password) throws Exception {
093: WebRequest req = new GetMethodWebRequest(WEB_ROOT + url);
094: WebResponse resp = wc.getResponse(req);
095: assertEquals("Got To Log On Page", "Log On", resp.getTitle());
096:
097: WebForm form = resp.getForms()[0];
098: WebRequest request = form.getRequest();
099: request.setParameter("j_username", user);
100: request.setParameter("j_password", password);
101:
102: return wc.getResponse(request);
103: }
104:
105: public void testBadLogon() {
106: try {
107: WebConversation wc = new WebConversation();
108:
109: WebResponse resp = logOn(wc,
110: "startComponent.do?component=Test.Security.Test1",
111: "nouser", "nopassword");
112: assertEquals("Got To Error Page", "Error with Log On", resp
113: .getTitle());
114:
115: } catch (Exception e) {
116: e.printStackTrace();
117: fail();
118: }
119: }
120:
121: public void testClerkAccess() {
122: try {
123: WebConversation wc = new WebConversation();
124: WebResponse resp = logOn(wc,
125: "startComponent.do?component=Test.Security.Test1",
126: "GAUTAM", "dummy");
127: assertEquals("Got To Main Page",
128: "Test.Security.Test1.Page1", resp.getTitle());
129:
130: WebTable table = resp.getTableWithID("tagTable");
131: assertNotNull("Found Table For Checks", table);
132: String text = null;
133:
134: // Access Function1 - false
135: text = table.getCellAsText(0, 0);
136: assertTrue("Empty Row 1", text == null
137: || text.length() == 0);
138:
139: // No access Function1 - true
140: text = table.getCellAsText(1, 0);
141: assertTrue("Not empty Row 2", text != null
142: && text.length() > 0);
143:
144: // Access Function2 - false
145: text = table.getCellAsText(2, 0);
146: assertTrue("Empty Row 3", text == null
147: || text.length() == 0);
148:
149: // No access Function2 - true
150: text = table.getCellAsText(3, 0);
151: assertTrue("Not empty Row 4", text != null
152: && text.length() > 0);
153:
154: // Access FunctionX - false
155: text = table.getCellAsText(4, 0);
156: assertTrue("Empty Row 5", text == null
157: || text.length() == 0);
158:
159: // No access FunctionX - true
160: text = table.getCellAsText(5, 0);
161: assertTrue("Not empty Row 6", text != null
162: && text.length() > 0);
163:
164: // Access Component Test.Security.Test2 - false
165: text = table.getCellAsText(6, 0);
166: assertTrue("Empty Row 7", text == null
167: || text.length() == 0);
168:
169: // No access Component Test.Security.Test2 - true
170: text = table.getCellAsText(7, 0);
171: assertTrue("Not empty Row 8", text != null
172: && text.length() > 0);
173:
174: // Access Component Not.Real.Component - false
175: text = table.getCellAsText(8, 0);
176: assertTrue("Not empty Row 9", text != null
177: && text.length() > 0);
178:
179: // No access Component Not.Real.Component - true
180: text = table.getCellAsText(9, 0);
181: assertTrue("Empty Row 10", text == null
182: || text.length() == 0);
183:
184: } catch (Exception e) {
185: e.printStackTrace();
186: fail();
187: }
188: }
189:
190: public void testManagerAccess() {
191: try {
192: WebConversation wc = new WebConversation();
193: WebResponse resp = logOn(wc,
194: "startComponent.do?component=Test.Security.Test1",
195: "PAUL", "dummy");
196: assertEquals("Got To Main Page",
197: "Test.Security.Test1.Page1", resp.getTitle());
198:
199: WebTable table = resp.getTableWithID("tagTable");
200: assertNotNull("Found Table For Checks", table);
201: String text = null;
202:
203: // Access Function1 - true
204: text = table.getCellAsText(0, 0);
205: assertTrue("Empty Row 1", text != null && text.length() > 0);
206:
207: // No Access Function1 - false
208: text = table.getCellAsText(1, 0);
209: assertTrue("Not empty Row 2", text == null
210: || text.length() == 0);
211:
212: // Access Function2 - true
213: text = table.getCellAsText(2, 0);
214: assertTrue("Not empty Row 3", text != null
215: && text.length() > 0);
216:
217: // No Access Function2 - false
218: text = table.getCellAsText(3, 0);
219: assertTrue("Empty Row 4", text == null
220: || text.length() == 0);
221:
222: // Access FunctionX - false
223: text = table.getCellAsText(4, 0);
224: assertTrue("Empty Row 5", text == null
225: || text.length() == 0);
226:
227: // No access FunctionX - true
228: text = table.getCellAsText(5, 0);
229: assertTrue("Not empty Row 6", text != null
230: && text.length() > 0);
231:
232: // Access Component Test.Security.Test2 - true
233: text = table.getCellAsText(6, 0);
234: assertTrue("Empty Row 7", text != null && text.length() > 0);
235:
236: // No Access Component Test.Security.Test2 - false
237: text = table.getCellAsText(7, 0);
238: assertTrue("Not Empty Row 8", text == null
239: || text.length() == 0);
240:
241: // Access Component Not.Real.Component - false
242: text = table.getCellAsText(8, 0);
243: assertTrue("Not empty Row 9", text != null
244: && text.length() > 0);
245:
246: // No access Component Not.Real.Component - true
247: text = table.getCellAsText(9, 0);
248: assertTrue("Empty Row 10", text == null
249: || text.length() == 0);
250:
251: } catch (Exception e) {
252: e.printStackTrace();
253: fail();
254: }
255: }
256:
257: /** Make sure the component manager restricts access to a guarded component
258: */
259: public void testClerkRunComponent() {
260: try {
261: // See if they can press button 3 and access the Test.Security.Test2 component
262: // via the component manager
263: WebConversation wc = new WebConversation();
264: WebResponse resp = logOn(wc,
265: "startComponent.do?component=Test.Security.Test1",
266: "GAUTAM", "dummy");
267: assertEquals("Got To Main Page",
268: "Test.Security.Test1.Page1", resp.getTitle());
269:
270: /* @todo Bug Fix this
271:
272: // press button 3
273: WebForm form = resp.getForms()[0];
274: form.setParameter("eventId", "Button3;Clicked");
275: WebRequest request = form.getRequest();
276:
277: resp = wc.getResponse(request);
278: WebTable t = resp.getTableWithID("message");
279: String text = t.getCellAsText(0,0);
280: assertNotNull("Message should be given", text);
281: assertEquals("Expect 'No Access' Message", "No Access To Component", text);
282: */
283:
284: } catch (Exception e) {
285: e.printStackTrace();
286: fail();
287: }
288: }
289:
290: /** Make sure the component manager gives access to a guarded component
291: */
292: public void testManagerClerkRunComponent() {
293: try {
294: // See if they can press button 3 and access the Test.Security.Test2 component
295: // via the component manager
296: WebConversation wc = new WebConversation();
297: WebResponse resp = logOn(wc,
298: "startComponent.do?component=Test.Security.Test1",
299: "PAUL", "dummy");
300: assertEquals("Got To Main Page",
301: "Test.Security.Test1.Page1", resp.getTitle());
302:
303: /* @todo Bug Fix this
304:
305: // press button 3
306: WebForm form = resp.getForms()[0];
307: WebRequest request = form.getRequest();
308: request.setParameter("eventId", "Button3;Clicked");
309:
310: resp = wc.getResponse(request);
311: WebTable t = resp.getTableWithID("message");
312: String text = t.getCellAsText(0,0);
313: assertNotNull("Message should be given", text);
314: assertTrue("Expect 'No Access' Message", text.startsWith("Running Component :") );
315: */
316:
317: } catch (Exception e) {
318: e.printStackTrace();
319: fail();
320: }
321: }
322:
323: }
|