Author: markt
Date: Thu Mar 3 12:56:07 2011
New Revision: 1076606
URL: http://svn.apache.org/viewvc?rev=1076606&view=rev
Log:
@ServletSecurity
Refactor to reduce duplication in test code
Add tests for method constraints
Modified:
tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java
tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
Modified: tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java?rev=1076606&r1=1076605&r2=1076606&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java Thu Mar
3 12:56:07 2011
@@ -21,6 +21,7 @@ import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic;
import javax.servlet.http.HttpServlet;
@@ -36,41 +37,28 @@ import org.apache.tomcat.util.buf.ByteCh
public class TestStandardWrapper extends TomcatBaseTest {
public void testSecurityAnnotationsSimple() throws Exception {
- doDenyTest(DenyServlet.class.getName());
+ doTest(DenyAllServlet.class.getName(), false, false);
}
public void testSecurityAnnotationsSubclass1() throws Exception {
- doDenyTest(SubclassDenyServlet.class.getName());
+ doTest(SubclassDenyAllServlet.class.getName(), false, false);
}
public void testSecurityAnnotationsSubclass2() throws Exception {
- doAllowTest(SubclassAllowServlet.class.getName());
+ doTest(SubclassAllowAllServlet.class.getName(), false, true);
}
- private void doDenyTest(String servletClassName) throws Exception {
- // Setup Tomcat instance
- Tomcat tomcat = getTomcatInstance();
-
- // Must have a real docBase - just use temp
- Context ctx =
- tomcat.addContext("", System.getProperty("java.io.tmpdir"));
-
- Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName);
- wrapper.setAsyncSupported(true);
- ctx.addServletMapping("/", "servlet");
-
- tomcat.start();
-
- // Call the servlet once
- ByteChunk bc = new ByteChunk();
- int rc = getUrl("http://localhost:"; + getPort() + "/", bc, null);
-
- assertNull(bc.toString());
- assertEquals(403, rc);
-
+ public void testSecurityAnnotationsMethods1() throws Exception {
+ doTest(MethodConstraintServlet.class.getName(), false, false);
+ }
+
+ public void testSecurityAnnotationsMethods2() throws Exception {
+ doTest(MethodConstraintServlet.class.getName(), true, true);
}
- private void doAllowTest(String servletClassName) throws Exception {
+ private void doTest(String servletClassName, boolean usePost,
+ boolean expect200) throws Exception {
+
// Setup Tomcat instance
Tomcat tomcat = getTomcatInstance();
@@ -86,15 +74,23 @@ public class TestStandardWrapper extends
// Call the servlet once
ByteChunk bc = new ByteChunk();
- int rc = getUrl("http://localhost:"; + getPort() + "/", bc, null);
-
- assertEquals("OK", bc.toString());
- assertEquals(200, rc);
+ int rc;
+ if (usePost) {
+ rc = postUrl(null, "http://localhost:"; + getPort() + "/", bc,
null);
+ } else {
+ rc = getUrl("http://localhost:"; + getPort() + "/", bc, null);
+ }
+ if (expect200) {
+ assertEquals("OK", bc.toString());
+ assertEquals(200, rc);
+ } else {
+ assertNull(bc.toString());
+ assertEquals(403, rc);
+ }
}
- @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY))
- public static class DenyServlet extends HttpServlet {
+ public static class TestServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
@@ -104,14 +100,35 @@ public class TestStandardWrapper extends
resp.setContentType("text/plain");
resp.getWriter().print("OK");
}
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+ }
+
+ @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY))
+ public static class DenyAllServlet extends TestServlet {
+ private static final long serialVersionUID = 1L;
}
- public static class SubclassDenyServlet extends DenyServlet {
+ public static class SubclassDenyAllServlet extends DenyAllServlet {
private static final long serialVersionUID = 1L;
}
@ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT))
- public static class SubclassAllowServlet extends DenyServlet {
+ public static class SubclassAllowAllServlet extends DenyAllServlet {
+ private static final long serialVersionUID = 1L;
+ }
+
+ @ServletSecurity(value= @HttpConstraint(EmptyRoleSemantic.PERMIT),
+ httpMethodConstraints = {
+ @HttpMethodConstraint(value="GET",
+ emptyRoleSemantic = EmptyRoleSemantic.DENY)
+ }
+ )
+ public static class MethodConstraintServlet extends TestServlet {
private static final long serialVersionUID = 1L;
}
}
Modified: tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java?rev=1076606&r1=1076605&r2=1076606&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java Thu Mar
3 12:56:07 2011
@@ -238,7 +238,9 @@ public abstract class TomcatBaseTest ext
OutputStream os = null;
try {
os = connection.getOutputStream();
- os.write(body, 0, body.length);
+ if (body != null) {
+ os.write(body, 0, body.length);
+ }
} finally {
if (os != null) {
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
