001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.intercept.web;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.ConfigAttributeDefinition;
021: import org.acegisecurity.MockFilterChain;
022: import org.acegisecurity.SecurityConfig;
023:
024: import org.springframework.mock.web.MockHttpServletRequest;
025: import org.springframework.mock.web.MockHttpServletResponse;
026:
027: /**
028: * Tests parts of {@link PathBasedFilterInvocationDefinitionMap} not tested by {@link
029: * FilterInvocationDefinitionSourceEditorWithPathsTests}.
030: *
031: * @author Ben Alex
032: * @version $Id: PathBasedFilterDefinitionMapTests.java 1636 2006-09-03 22:12:13Z luke_t $
033: */
034: public class PathBasedFilterDefinitionMapTests extends TestCase {
035: //~ Constructors ===================================================================================================
036:
037: public PathBasedFilterDefinitionMapTests() {
038: super ();
039: }
040:
041: public PathBasedFilterDefinitionMapTests(String arg0) {
042: super (arg0);
043: }
044:
045: //~ Methods ========================================================================================================
046:
047: public void testConvertUrlToLowercaseIsFalseByDefault() {
048: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
049: assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
050: }
051:
052: public void testConvertUrlToLowercaseSetterRespected() {
053: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
054: map.setConvertUrlToLowercaseBeforeComparison(true);
055: assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
056: }
057:
058: public void testLookupNotRequiringExactMatchSuccessIfNotMatching() {
059: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
060: map.setConvertUrlToLowercaseBeforeComparison(true);
061: assertTrue(map.isConvertUrlToLowercaseBeforeComparison());
062:
063: ConfigAttributeDefinition def = new ConfigAttributeDefinition();
064: def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
065: map.addSecureUrl("/secure/super/**", def);
066:
067: FilterInvocation fi = createFilterinvocation("/SeCuRE/super/somefile.html");
068:
069: ConfigAttributeDefinition response = map.lookupAttributes(fi
070: .getRequestUrl());
071: assertEquals(def, response);
072: }
073:
074: public void testLookupRequiringExactMatchFailsIfNotMatching() {
075: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
076: assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
077:
078: ConfigAttributeDefinition def = new ConfigAttributeDefinition();
079: def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
080: map.addSecureUrl("/secure/super/**", def);
081:
082: FilterInvocation fi = createFilterinvocation("/SeCuRE/super/somefile.html");
083:
084: ConfigAttributeDefinition response = map.lookupAttributes(fi
085: .getRequestUrl());
086: assertEquals(null, response);
087: }
088:
089: public void testLookupRequiringExactMatchIsSuccessful() {
090: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
091: assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
092:
093: ConfigAttributeDefinition def = new ConfigAttributeDefinition();
094: def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
095: map.addSecureUrl("/secure/super/**", def);
096:
097: FilterInvocation fi = createFilterinvocation("/secure/super/somefile.html");
098:
099: ConfigAttributeDefinition response = map.lookupAttributes(fi
100: .getRequestUrl());
101: assertEquals(def, response);
102: }
103:
104: public void testLookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
105: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
106: assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
107:
108: ConfigAttributeDefinition def = new ConfigAttributeDefinition();
109: def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
110: map.addSecureUrl("/someAdminPage.html**", def);
111:
112: FilterInvocation fi = createFilterinvocation("/someAdminPage.html?a=/test");
113:
114: ConfigAttributeDefinition response = map.lookupAttributes(fi
115: .getRequestUrl());
116: assertEquals(def, response); // see SEC-161 (it should truncate after ? sign)
117: }
118:
119: /** Check fixes for SEC-321 */
120: public void testExtraQuestionMarkStillMatches() {
121: PathBasedFilterInvocationDefinitionMap map = new PathBasedFilterInvocationDefinitionMap();
122: assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
123:
124: ConfigAttributeDefinition def = new ConfigAttributeDefinition();
125: def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
126: map.addSecureUrl("/someAdminPage.html*", def);
127:
128: FilterInvocation fi = createFilterinvocation("/someAdminPage.html?x=2/aa?y=3");
129:
130: ConfigAttributeDefinition response = map.lookupAttributes(fi
131: .getRequestUrl());
132: assertEquals(def, response);
133:
134: fi = createFilterinvocation("/someAdminPage.html??");
135:
136: response = map.lookupAttributes(fi.getRequestUrl());
137: assertEquals(def, response);
138: }
139:
140: private FilterInvocation createFilterinvocation(String path) {
141: MockHttpServletRequest request = new MockHttpServletRequest();
142: request.setRequestURI(null);
143:
144: request.setServletPath(path);
145:
146: return new FilterInvocation(request,
147: new MockHttpServletResponse(), new MockFilterChain());
148: }
149: }
|