craigmcc 01/05/10 16:57:06
Modified: tester/src/bin tester.xml
tester/web/WEB-INF web.xml
Added: tester/src/tester/org/apache/tester Authentication05.java
Log:
Update tests to check for "all users allowed" (i.e. a "*" in the
<role-name> element of an <auth-constraint>) and "no users allowed (i.e.
no <role-name> elements inside an <auth-constraint>).
Revision Changes Path
1.44 +16 -0 jakarta-tomcat-4.0/tester/src/bin/tester.xml
Index: tester.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/tester/src/bin/tester.xml,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- tester.xml 2001/05/10 22:52:23 1.43
+++ tester.xml 2001/05/10 23:57:05 1.44
@@ -60,6 +60,8 @@
tested by invoking a protected URI followed by a non-protected URI
-->
+ <!-- ========== Basic Access to Authenticated Resources =============== -->
+
<tester host="${host}" port="${port}" protocol="${protocol}"
debug="${debug}"
request="${context.path}/protected/Authentication01"
@@ -85,6 +87,20 @@
request="${context.path}/protected/Authentication04"
inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
outContent="Authentication04 PASSED"/>
+
+ <!-- ========== "All Allowed" and "All Disallowed" Access ============= -->
+
+ <tester host="${host}" port="${port}" protocol="HTTP/1.0"
+ debug="${debug}"
+ request="${context.path}/allowed/Authentication05"
+ inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
+ outContent="Authentication05 PASSED"/>
+
+ <tester host="${host}" port="${port}" protocol="HTTP/1.0"
+ debug="${debug}"
+ request="${context.path}/disallowed/Authentication05"
+ inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
+ status="403"/>
</target>
1.1
jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Authentication05.java
Index: Authentication05.java
===================================================================
/* ========================================================================= *
* *
* The Apache Software License, Version 1.1 *
* *
* Copyright (c) 1999, 2000, 2001 The Apache Software Foundation. *
* All rights reserved. *
* *
* ========================================================================= *
* *
* Redistribution and use in source and binary forms, with or without modi- *
* fication, are permitted provided that the following conditions are met: *
* *
* 1. Redistributions of source code must retain the above copyright notice *
* notice, this list of conditions and the following disclaimer. *
* *
* 2. Redistributions in binary form must reproduce the above copyright *
* notice, this list of conditions and the following disclaimer in the *
* documentation and/or other materials provided with the distribution. *
* *
* 3. The end-user documentation included with the redistribution, if any, *
* must include the following acknowlegement: *
* *
* "This product includes software developed by the Apache Software *
* Foundation <http://www.apache.org/>." *
* *
* Alternately, this acknowlegement may appear in the software itself, if *
* and wherever such third-party acknowlegements normally appear. *
* *
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software *
* Foundation" must not be used to endorse or promote products derived *
* from this software without prior written permission. For written *
* permission, please contact <[EMAIL PROTECTED]>. *
* *
* 5. Products derived from this software may not be called "Apache" nor may *
* "Apache" appear in their names without prior written permission of the *
* Apache Software Foundation. *
* *
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES *
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY *
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL *
* THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY *
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, *
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN *
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE *
* POSSIBILITY OF SUCH DAMAGE. *
* *
* ========================================================================= *
* *
* This software consists of voluntary contributions made by many indivi- *
* duals on behalf of the Apache Software Foundation. For more information *
* on the Apache Software Foundation, please see <http://www.apache.org/>. *
* *
* ========================================================================= */
package org.apache.tester;
import java.io.*;
import java.security.Principal;
import javax.servlet.*;
import javax.servlet.http.*;
/**
* Ensure that a resource protected a a security constratint that allows all
* roles will permit access to an authenticated user.
*
* @author Craig R. McClanahan
* @version $Revision: 1.1 $ $Date: 2001/05/10 23:57:05 $
*/
public class Authentication05 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/plain");
PrintWriter writer = response.getWriter();
StringBuffer sb = new StringBuffer();
String remoteUser = request.getRemoteUser();
if (remoteUser == null)
sb.append(" No remote user returned/");
else if (!"tomcat".equals(remoteUser)) {
sb.append(" Remote user is '");
sb.append(remoteUser);
sb.append("'/");
}
Principal userPrincipal = request.getUserPrincipal();
if (userPrincipal == null)
sb.append(" No user principal returned/");
else if (!"tomcat".equals(userPrincipal.getName())) {
sb.append(" User principal is '");
sb.append(userPrincipal);
sb.append("'/");
}
if (!request.isUserInRole("tomcat"))
sb.append(" Not in role 'tomcat'/");
if (sb.length() < 1)
writer.println("Authentication05 PASSED");
else {
writer.print("Authentication05 FAILED -");
writer.println(sb.toString());
}
while (true) {
String message = StaticLogger.read();
if (message == null)
break;
writer.println(message);
}
StaticLogger.reset();
}
}
1.33 +35 -1 jakarta-tomcat-4.0/tester/web/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/tester/web/WEB-INF/web.xml,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- web.xml 2001/05/10 22:52:27 1.32
+++ web.xml 2001/05/10 23:57:05 1.33
@@ -336,6 +336,11 @@
</servlet>
<servlet>
+ <servlet-name>Authentication05</servlet-name>
+ <servlet-class>org.apache.tester.Authentication05</servlet-class>
+ </servlet>
+
+ <servlet>
<servlet-name>Decoding01</servlet-name>
<servlet-class>org.apache.tester.Decoding01</servlet-class>
</servlet>
@@ -656,6 +661,16 @@
</servlet-mapping>
<servlet-mapping>
+ <servlet-name>Authentication05</servlet-name>
+ <url-pattern>/allowed/Authentication05</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>Authentication05</servlet-name>
+ <url-pattern>/disallowed/Authentication05</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
<servlet-name>Decoding01</servlet-name>
<url-pattern>/Decoding01/*</url-pattern>
</servlet-mapping>
@@ -1173,11 +1188,30 @@
<security-constraint>
<web-resource-collection>
- <web-resource-name>Authentication Servlet</web-resource-name>
+ <web-resource-name>General Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>All Users Allowed Area</web-resource-name>
+ <url-pattern>/allowed/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>*</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>No Users Allowed Area</web-resource-name>
+ <url-pattern>/disallowed/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
</auth-constraint>
</security-constraint>
