This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a commit to branch TOMEE-4065_LoginToContinue
in repository https://gitbox.apache.org/repos/asf/tomee.git
The following commit(s) were added to refs/heads/TOMEE-4065_LoginToContinue by
this push:
new a06dc9e600 add integration test case for @LoginToContinue with form
auth
new 0bfc1dfad0 Merge pull request #960 from
stklcode/TOMEE-4065_LoginToContinue
a06dc9e600 is described below
commit a06dc9e600b522195874fcb515da360cd77a48bf
Author: Stefan Kalscheuer <[email protected]>
AuthorDate: Wed Nov 9 10:09:20 2022 +0100
add integration test case for @LoginToContinue with form auth
---
.../tomee/security/itest/FormAuthConfig.java | 54 ++++++++++
.../tomee/security/itest/LoginToContinueTest.java | 111 +++++++++++++++++----
2 files changed, 147 insertions(+), 18 deletions(-)
diff --git
a/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/FormAuthConfig.java
b/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/FormAuthConfig.java
new file mode 100644
index 0000000000..0e006a75a9
--- /dev/null
+++
b/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/FormAuthConfig.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.tomee.security.itest;
+
+import jakarta.enterprise.context.ApplicationScoped;
+import
jakarta.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
+import
jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue;
+import jakarta.security.enterprise.credential.Credential;
+import jakarta.security.enterprise.credential.UsernamePasswordCredential;
+import jakarta.security.enterprise.identitystore.CredentialValidationResult;
+import jakarta.security.enterprise.identitystore.IdentityStore;
+
+import static
jakarta.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static
jakarta.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+import static java.util.Collections.singleton;
+
+@ApplicationScoped
+@FormAuthenticationMechanismDefinition(
+ loginToContinue = @LoginToContinue(
+ loginPage = "/login-form-app",
+ errorPage = "/login-error-app"
+ )
+)
+public class FormAuthConfig implements IdentityStore {
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ if (credential instanceof UsernamePasswordCredential) {
+ if ("testuser".equalsIgnoreCase(((UsernamePasswordCredential)
credential).getCaller())
+ &&
"1234ABCD".equalsIgnoreCase(((UsernamePasswordCredential)
credential).getPasswordAsString())) {
+ return new CredentialValidationResult("testuser",
singleton("tomcat"));
+ } else {
+ return INVALID_RESULT;
+ }
+ } else {
+ return NOT_VALIDATED_RESULT;
+ }
+ }
+}
diff --git
a/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/LoginToContinueTest.java
b/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/LoginToContinueTest.java
index 56417b8ac4..60425abad9 100644
---
a/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/LoginToContinueTest.java
+++
b/itests/tomee-security-itests/src/test/java/org/apache/tomee/security/itest/LoginToContinueTest.java
@@ -60,31 +60,32 @@ public class LoginToContinueTest {
@Test
public void testAnnotation() throws Exception {
final File appJar = Archive.archive()
- .add(this.getClass())
- .add(ColorService.class)
- .add(Api.class)
- .add(LoginServlet.class)
- .add(ErrorServlet.class)
- .add(TestServlet.class)
- .add(AuthMechanism.class)
- .asJar();
+ .add(this.getClass())
+ .add(ColorService.class)
+ .add(Api.class)
+ .add(LoginServlet.class)
+ .add(FormLoginServlet.class)
+ .add(ErrorServlet.class)
+ .add(TestServlet.class)
+ .add(AuthMechanism.class)
+ .asJar();
final ArrayList<String> output = new ArrayList<>();
final TomEE tomee = TomEE.microprofile()
- //.debug(5005, true)
- .add("webapps/test/WEB-INF/beans.xml", "")
- .add("webapps/test/WEB-INF/lib/app.jar", appJar)
- .watch("org.apache.tomee.", "\n", output::add)
- .update()
- .build();
+ //.debug(5005, true)
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar",
appJar)
+ .watch("org.apache.tomee.", "\n", output::add)
+ .update()
+ .build();
{ // do something
final WebClient webClient =
createWebClient(tomee.toURI().resolve("/test").toURL());
final Response response = webClient.reset()
- .path("/colors")
- .header("Content-Type", "application/json")
- .get();
+ .path("/colors")
+ .header("Content-Type",
"application/json")
+ .get();
assertEquals(200, response.getStatus());
}
@@ -112,6 +113,7 @@ public class LoginToContinueTest {
.add(ColorService.class)
.add(Api.class)
.add(LoginServlet.class)
+ .add(FormLoginServlet.class)
.add(ErrorServlet.class)
.add(TestServlet.class)
.add(AnotherAuthMechanism.class)
@@ -154,6 +156,56 @@ public class LoginToContinueTest {
}
}
+ @Test
+ public void testFormDefinition() throws Exception {
+ final File appJar = Archive.archive()
+ .add(this.getClass())
+ .add(ColorService.class)
+ .add(Api.class)
+ .add(LoginServlet.class)
+ .add(FormLoginServlet.class)
+ .add(ErrorServlet.class)
+ .add(TestServlet.class)
+ .add(FormAuthConfig.class)
+ .asJar();
+
+ final ArrayList<String> output = new ArrayList<>();
+ final TomEE tomee = TomEE.microprofile()
+ //.debug(5005, true)
+ .add("webapps/test/WEB-INF/beans.xml", "")
+ .add("webapps/test/WEB-INF/lib/app.jar",
appJar)
+ .watch("org.apache.tomee.", "\n", output::add)
+ .update()
+ .build();
+
+
+ { // do something
+ final WebClient webClient =
createWebClient(tomee.toURI().resolve("/test").toURL());
+ final Response response = webClient.reset()
+ .path("/colors")
+ .header("Content-Type",
"application/json")
+ .get();
+ assertEquals(200, response.getStatus());
+ }
+
+ // assert logs
+ assertNotPresent(output, "\tat org."); // no stack traces
+
+ {
+ final com.gargoylesoftware.htmlunit.WebClient webClient = new
com.gargoylesoftware.htmlunit.WebClient();
+ final HtmlPage page =
webClient.getPage(tomee.toURI().resolve("/test/auth-app").toURL());
+ assertEquals(200, page.getWebResponse().getStatusCode());
+
+ final HtmlForm login = page.getFormByName("login");
+ login.getInputByName("j_username").setValueAttribute("testuser");
+ login.getInputByName("j_password").setValueAttribute("1234ABCD");
+
+ final Page result = login.getInputByName("submit").click();
+ assertEquals(200, result.getWebResponse().getStatusCode());
+ assertEquals("ok!", result.getWebResponse().getContentAsString());
+ }
+ }
+
public void assertPresent(final ArrayList<String> output, final String s) {
final Optional<String> actual = output.stream()
.filter(line -> line.contains(s))
@@ -212,6 +264,29 @@ public class LoginToContinueTest {
}
}
+ @TomcatUserIdentityStoreDefinition
+ @WebServlet(urlPatterns = "/login-form-app")
+ public static class FormLoginServlet extends HttpServlet {
+ @Override
+ protected void doGet(final HttpServletRequest req, final
HttpServletResponse resp)
+ throws ServletException, IOException {
+ final String loginPage =
+ "<html>" +
+ "<body>" +
+ " <h1>Login Page</h1>" +
+ " <form name=\"login\" method=post
action=\"j_security_check\">\n" +
+ " <p>Credentials:</p>" +
+ " <input type=\"text\" name=\"j_username\">\n" +
+ " <input type=\"password\" name=\"j_password\">\n" +
+ " <input type=\"submit\" name=\"submit\"
value=\"Submit\">\n" +
+ " <input type=\"reset\" value=\"Reset\">" +
+ " </form>" +
+ "</body>" +
+ "</html>";
+ resp.getWriter().write(loginPage);
+ }
+ }
+
@WebServlet(urlPatterns = "/login-error-app")
public static class ErrorServlet extends HttpServlet {
@Override
@@ -232,4 +307,4 @@ public class LoginToContinueTest {
}
}
-}
\ No newline at end of file
+}
