Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 767b5eacf -> 3164f0405
Minor tweak to test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/94a6178e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/94a6178e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/94a6178e Branch: refs/heads/1.2.x-fixes Commit: 94a6178efe786bb87db5eb5082ef5cdd108aa19f Parents: 767b5ea Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Dec 16 16:27:43 2016 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Dec 16 17:25:58 2016 +0000 ---------------------------------------------------------------------- .../cxf/fediz/integrationtests/AbstractTests.java | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94a6178e/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java ---------------------------------------------------------------------- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 1051db5..f1b92c3 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -675,11 +675,11 @@ public abstract class AbstractTests { || ex.getMessage().contains("403 Forbidden")); } } - + @org.junit.Test @org.junit.Ignore public void testCSRFAttack() throws Exception { - String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; + String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila"; @@ -734,7 +734,10 @@ public abstract class AbstractTests { webClient.getOptions().setJavaScriptEnabled(false); try { - webClient.getPage(request); + HtmlPage rpPage2 = webClient.getPage(request); + String bodyTextContent = rpPage2.getBody().getTextContent(); + Assert.assertTrue("Principal not " + user, + bodyTextContent.contains("userPrincipal=" + user)); Assert.fail("Failure expected on a CSRF attack"); } catch (FailingHttpStatusCodeException ex) { // expected @@ -754,13 +757,13 @@ public abstract class AbstractTests { webClient.getOptions().setJavaScriptEnabled(false); try { - webClient.getPage(request); + HtmlPage rpPage2 = webClient.getPage(request); + String bodyTextContent = rpPage2.getBody().getTextContent(); + Assert.assertTrue("Principal not " + user, + bodyTextContent.contains("userPrincipal=" + user)); Assert.fail("Failure expected on a CSRF attack"); } catch (FailingHttpStatusCodeException ex) { // expected - Assert.assertTrue(ex.getMessage().contains("401 Unauthorized") - || ex.getMessage().contains("401 Authentication Failed") - || ex.getMessage().contains("403 Forbidden")); } // webClient.close();
