001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.web.security.jacc;
023:
024: import java.security.Policy;
025: import java.security.ProtectionDomain;
026: import java.util.ArrayList;
027: import java.util.List;
028: import javax.security.jacc.PolicyConfiguration;
029: import javax.security.jacc.PolicyContext;
030: import javax.security.jacc.WebResourcePermission;
031:
032: import junit.framework.TestCase;
033: import org.jboss.metadata.WebMetaData;
034: import org.jboss.metadata.WebSecurityMetaData;
035: import org.jboss.security.SimplePrincipal;
036: import org.jboss.security.jacc.DelegatingPolicy;
037: import org.jboss.security.jacc.JBossPolicyConfigurationFactory;
038: import org.jboss.web.WebPermissionMapping;
039:
040: /** Test of the unchecked permission
041:
042: <?xml version="1.0" encoding="UTF-8"?>
043: <web-app version="2.4"
044: xmlns="http://java.sun.com/xml/ns/j2ee"
045: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
046: xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
047: http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
048:
049: <description>Tests of various security-constraints</description>
050:
051: <servlet>
052: <servlet-name>ConstraintsServlet</servlet-name>
053: <servlet-class>org.jboss.test.security.servlets.ConstraintsServlet</servlet-class>
054: </servlet>
055:
056: <servlet-mapping>
057: <servlet-name>ConstraintsServlet</servlet-name>
058: <url-pattern>/*</url-pattern>
059: </servlet-mapping>
060:
061: <security-constraint>
062: <web-resource-collection>
063: <web-resource-name>Excluded</web-resource-name>
064: <url-pattern>/restricted/post-only/excluded/*</url-pattern>
065: <url-pattern>/*</url-pattern>
066: </web-resource-collection>
067: <auth-constraint />
068: <user-data-constraint>
069: <transport-guarantee>NONE</transport-guarantee>
070: </user-data-constraint>
071: </security-constraint>
072:
073: <security-constraint>
074: <web-resource-collection>
075: <web-resource-name>Restricted POST</web-resource-name>
076: <url-pattern>/restricted/post-only/*</url-pattern>
077: <http-method>POST</http-method>
078: </web-resource-collection>
079: <auth-constraint>
080: <role-name>PostRole</role-name>
081: </auth-constraint>
082: <user-data-constraint>
083: <transport-guarantee>NONE</transport-guarantee>
084: </user-data-constraint>
085: </security-constraint>
086: <security-constraint>
087: <web-resource-collection>
088: <web-resource-name>Excluded POST</web-resource-name>
089: <url-pattern>/restricted/post-only/*</url-pattern>
090: <http-method>DELETE</http-method>
091: <http-method>PUT</http-method>
092: <http-method>HEAD</http-method>
093: <http-method>OPTIONS</http-method>
094: <http-method>TRACE</http-method>
095: <http-method>GET</http-method>
096: </web-resource-collection>
097: <auth-constraint />
098: <user-data-constraint>
099: <transport-guarantee>NONE</transport-guarantee>
100: </user-data-constraint>
101: </security-constraint>
102:
103: <security-role>
104: <role-name>PostRole</role-name>
105: </security-role>
106:
107: <login-config>
108: <auth-method>BASIC</auth-method>
109: <realm-name>WebConstraintsUnitTestCase</realm-name>
110: </login-config>
111: </web-app>
112:
113: @author Scott.Stark@jboss.org
114: @version $Revision: 57206 $
115: */
116: public class ExcludedPrefixWebConstraintsUnitTestCase extends TestCase {
117: private PolicyConfiguration pc;
118:
119: public void testUncheckedPrefix() throws Exception {
120: Policy p = Policy.getPolicy();
121: SimplePrincipal[] caller = null;
122: ProtectionDomain pd = new ProtectionDomain(null, null, null,
123: caller);
124: // Test /unchecked
125: WebResourcePermission wrp = new WebResourcePermission(
126: "/unchecked", "GET");
127: assertTrue("/unchecked GET", p.implies(pd, wrp));
128: wrp = new WebResourcePermission("/unchecked/x", "GET");
129: assertTrue("/unchecked/x GET", p.implies(pd, wrp));
130:
131: // Test the Unrestricted security-constraint
132: wrp = new WebResourcePermission("/restricted/not", "GET");
133: assertTrue("/restricted/not GET", p.implies(pd, wrp));
134: wrp = new WebResourcePermission("/restricted/not/x", "GET");
135: assertTrue("/restricted/not/x GET", p.implies(pd, wrp));
136: wrp = new WebResourcePermission("/restricted/not/x", "HEAD");
137: assertTrue("/restricted/not/x HEAD", p.implies(pd, wrp));
138: wrp = new WebResourcePermission("/restricted/not/x", "POST");
139: assertTrue("/restricted/not/x POST", p.implies(pd, wrp));
140:
141: wrp = new WebResourcePermission("/", "GET");
142: assertTrue("/ GET", p.implies(pd, wrp));
143: wrp = new WebResourcePermission("/other", "GET");
144: assertTrue("/other GET", p.implies(pd, wrp));
145: wrp = new WebResourcePermission("/other", "HEAD");
146: assertTrue("/other HEAD", p.implies(pd, wrp));
147: wrp = new WebResourcePermission("/other", "POST");
148: assertTrue("/other POST", p.implies(pd, wrp));
149: }
150:
151: protected void setUp() throws Exception {
152: WebMetaData metaData = new WebMetaData();
153: ArrayList securityContraints = new ArrayList();
154: addSC(securityContraints);
155: metaData.setSecurityConstraints(securityContraints);
156:
157: DelegatingPolicy policy = new DelegatingPolicy();
158: Policy.setPolicy(policy);
159: JBossPolicyConfigurationFactory pcf = new JBossPolicyConfigurationFactory();
160: pc = pcf.getPolicyConfiguration(
161: "UncheckedPrefixWebConstraintsUnitTestCase", true);
162: WebPermissionMapping.createPermissions(metaData, pc);
163: pc.commit();
164: System.out.println(policy.listContextPolicies());
165: PolicyContext
166: .setContextID("UncheckedPrefixWebConstraintsUnitTestCase");
167: }
168:
169: private void addSC(List securityContraints) {
170: // security-constraint/ display-name = excluded
171: WebSecurityMetaData wsmd = new WebSecurityMetaData();
172: securityContraints.add(wsmd);
173: // web-resource-collection/web-resource-name = No Access
174: WebSecurityMetaData.WebResourceCollection wrc = wsmd
175: .addWebResource("No Access");
176: wrc.addPattern("/excluded/*");
177: wrc.addPattern("/restricted/get-only/excluded/*");
178: wrc.addPattern("/restricted/post-only/excluded/*");
179: wrc.addPattern("/restricted/any/excluded/*");
180: wrc.addPattern("/excluded/*");
181:
182: // web-resource-collection/web-resource-name = No Access
183: wrc = wsmd.addWebResource("No Access");
184: wrc.addPattern("/restricted/*");
185: wrc.addHttpMethod("DELETE");
186: wrc.addHttpMethod("PUT");
187: wrc.addHttpMethod("HEAD");
188: wrc.addHttpMethod("OPTIONS");
189: wrc.addHttpMethod("TRACE");
190: wrc.addHttpMethod("GET");
191: wrc.addHttpMethod("POST");
192:
193: wsmd.setExcluded(true);
194: wsmd.setTransportGuarantee("NONE");
195:
196: wsmd = new WebSecurityMetaData();
197: securityContraints.add(wsmd);
198: wrc = wsmd.addWebResource("Unchecked");
199: wrc.addPattern("/unchecked/*");
200: wrc.addPattern("/restricted/not/*");
201: wrc.addHttpMethod("DELETE");
202: wrc.addHttpMethod("PUT");
203: wrc.addHttpMethod("HEAD");
204: wrc.addHttpMethod("OPTIONS");
205: wrc.addHttpMethod("TRACE");
206: wrc.addHttpMethod("GET");
207: wrc.addHttpMethod("POST");
208:
209: // no auth-constraint
210: wsmd.setUnchecked(true);
211: // user-data-constraint/transport-guarantee
212: wsmd.setTransportGuarantee("NONE");
213: }
214:
215: }
|