/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/TestBase.java,v 1.3 2003/06/10 11:29:33 maxcooper Exp $
- * $Revision: 1.3 $
- * $Date: 2003/06/10 11:29:33 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/TestBase.java,v 1.4 2003/06/10 12:11:26 maxcooper Exp $
+ * $Revision: 1.4 $
+ * $Date: 2003/06/10 12:11:26 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* TestBase
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.3 $ $Date: 2003/06/10 11:29:33 $
+ * @version $Revision: 1.4 $ $Date: 2003/06/10 12:11:26 $
*/
public class TestBase extends TestCase {
HttpUnitOptions.setMatchesIgnoreCase(true);
}
+ /**
+ * Assert that the baseUrl has been set
+ */
protected void assertBaseUrlIsSet() {
assertNotNull("base.url is null", baseUrl);
}
/**
- * Performs a just-in-time login for the contextRelativeUri passed in.
+ * Performs a just-in-time login for the (context-relative) uri passed in.
* This method will assert that the login page is received, and then login with a valid
* username and password. The response from the login form submit is what gets returned.
*
- * @param contextRelativeUri
+ * @param uri
* @return response after valid login form submittal
* @throws Exception
*/
- protected WebResponse performJustInTimeLogin(String contextRelativeUri) throws Exception {
+ protected WebResponse performJustInTimeLogin(String uri) throws Exception {
// make sure the baseUrl was set
assertBaseUrlIsSet();
// request the secure page
WebConversation session = new WebConversation();
- WebRequest request = new GetMethodWebRequest(baseUrl + contextRelativeUri);
+ WebRequest request = new GetMethodWebRequest(baseUrl + uri);
WebResponse response = session.getResponse(request);
// make sure the response leads us to login page
- String title = response.getTitle();
- assertEquals(
- "On request for " + contextRelativeUri + ", expected login page, got:" + title,
- Constants.LOGIN_TITLE,
- title
- );
+ assertPageTitle(response, Constants.LOGIN_TITLE);
// submit valid login credentials
WebForm loginForm = response.getFormWithID(Constants.LOGIN_FORM_ID);
loginForm.setParameter(Constants.LOGIN_PASSWORD_FIELD, Constants.VALID_PASSWORD);
return session.getResponse(loginForm.getRequest());
}
+
+ /**
+ * Assert that the correct page title is received, including authentication along the way.
+ *
+ * @param uri the context-relative uri to request
+ * @param pageTitle the expected page title
+ * @throws Exception
+ */
+ protected void assertPageTitleAfterLogin(String uri, String pageTitle) throws Exception {
+ WebResponse response = performJustInTimeLogin(uri);
+ assertPageTitle(response, pageTitle);
+ }
+
+ /**
+ * Assert that the response has the expected page title.
+ *
+ * @param response the WebResponse to check
+ * @param pageTitle the expected page title
+ * @throws Exception
+ */
+ protected void assertPageTitle(WebResponse response, String pageTitle) throws Exception {
+ String title = response.getTitle();
+ assertEquals(
+ "Expected page title \"" + pageTitle + "\", got: \"" + title + "\"",
+ pageTitle,
+ title
+ );
+ }
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/DefaultPageTest.java,v 1.1 2003/06/09 12:07:06 maxcooper Exp $
- * $Revision: 1.1 $
- * $Date: 2003/06/09 12:07:06 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/DefaultPageTest.java,v 1.2 2003/06/10 12:11:26 maxcooper Exp $
+ * $Revision: 1.2 $
+ * $Date: 2003/06/10 12:11:26 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* DefaultPageTest
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.1 $ $Date: 2003/06/09 12:07:06 $
+ * @version $Revision: 1.2 $ $Date: 2003/06/10 12:11:26 $
*/
public class DefaultPageTest extends TestBase {
WebResponse response = session.getResponse(request);
// make sure the response leads us to login page
- String title = response.getTitle();
- assertEquals(
- "Expected login page, got:" + title,
- Constants.LOGIN_TITLE,
- title
- );
+ assertPageTitle(response, Constants.LOGIN_TITLE);
// submit valid login credentials
WebForm loginForm = response.getFormWithID(Constants.LOGIN_FORM_ID);
response = session.getResponse(loginForm.getRequest());
// make sure the response leads to the default page (Home page -- index.jsp)
- title = response.getTitle();
- assertEquals(
- "Expected home page, got:" + title,
- Constants.HOME_TITLE,
- title
- );
+ assertPageTitle(response, Constants.HOME_TITLE);
}
/**
WebResponse response = session.getResponse(request);
// make sure the response leads to the default page (Home page -- index.jsp)
- String title = response.getTitle();
- assertEquals(
- "Expected home page, got:" + title,
- Constants.HOME_TITLE,
- title
- );
+ assertPageTitle(response, Constants.HOME_TITLE);
}
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/JustInTimeTest.java,v 1.4 2003/06/10 11:36:21 maxcooper Exp $
- * $Revision: 1.4 $
- * $Date: 2003/06/10 11:36:21 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/JustInTimeTest.java,v 1.5 2003/06/10 12:11:26 maxcooper Exp $
+ * $Revision: 1.5 $
+ * $Date: 2003/06/10 12:11:26 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
* JustInTimeTest - This tests basic just-in-time login behavior.
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.4 $ $Date: 2003/06/10 11:36:21 $
+ * @version $Revision: 1.5 $ $Date: 2003/06/10 12:11:26 $
*/
public class JustInTimeTest extends TestBase {
-
/**
* Constructor
*
* @throws Exception
*/
public void testJustInTime() throws Exception {
- // request the secure page and login
- WebResponse response = performJustInTimeLogin("/securePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ // ensure that we get the secure page, loggin in on the way
+ assertPageTitleAfterLogin("/securePage.jsp", Constants.SECURE_TITLE);
}
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/PathTricksTest.java,v 1.2 2003/06/10 11:40:41 maxcooper Exp $
- * $Revision: 1.2 $
- * $Date: 2003/06/10 11:40:41 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/PathTricksTest.java,v 1.3 2003/06/10 12:11:26 maxcooper Exp $
+ * $Revision: 1.3 $
+ * $Date: 2003/06/10 12:11:26 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
package org.securityfilter.test.http.form;
-import com.meterware.httpunit.WebResponse;
import org.securityfilter.example.Constants;
import org.securityfilter.test.http.TestBase;
/**
- * PathTricksTest - tests for proper operation when "path tricks" are employed in URLs:
- * /./securePage.jsp
- * /public/../securePage.jsp
+ * PathTricksTest - tests for proper operation when "path tricks" are employed in URLs
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.2 $ $Date: 2003/06/10 11:40:41 $
+ * @version $Revision: 1.3 $ $Date: 2003/06/10 12:11:26 $
*/
public class PathTricksTest extends TestBase {
/**
*/
public void testSingleDotURLTrick() throws Exception {
// request the secure page and login
- WebResponse response = performJustInTimeLogin("/./securePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ assertPageTitleAfterLogin("/./securePage.jsp", Constants.SECURE_TITLE);
}
/**
*/
public void testDoubleDotURLTrick() throws Exception {
// request the secure page and login
- WebResponse response = performJustInTimeLogin("/public/../securePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ assertPageTitleAfterLogin("/public/../securePage.jsp", Constants.SECURE_TITLE);
}
/**
*/
public void testMultipleSlashURLTrick() throws Exception {
// request the secure page and login
- WebResponse response = performJustInTimeLogin("//securePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ assertPageTitleAfterLogin("//securePage.jsp", Constants.SECURE_TITLE);
}
}
/*
- * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/UTFTest.java,v 1.1 2003/06/10 11:30:07 maxcooper Exp $
- * $Revision: 1.1 $
- * $Date: 2003/06/10 11:30:07 $
+ * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/UTFTest.java,v 1.2 2003/06/10 12:11:26 maxcooper Exp $
+ * $Revision: 1.2 $
+ * $Date: 2003/06/10 12:11:26 $
*
* ====================================================================
* The SecurityFilter Software License, Version 1.1
package org.securityfilter.test.http.form;
-import com.meterware.httpunit.WebResponse;
import org.securityfilter.example.Constants;
import org.securityfilter.test.http.TestBase;
* are used. Failures would indicate a security vulnerability.
*
* @author Max Cooper (max@maxcooper.com)
- * @version $Revision: 1.1 $ $Date: 2003/06/10 11:30:07 $
+ * @version $Revision: 1.2 $ $Date: 2003/06/10 12:11:26 $
*/
public class UTFTest extends TestBase {
/**
*/
public void testUTFEncodedDirectorySeparator() throws Exception {
// request the secure page and login
- WebResponse response = performJustInTimeLogin("%2FsecurePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ assertPageTitleAfterLogin("%2FsecurePage.jsp", Constants.SECURE_TITLE);
}
/**
*/
public void testUTFEncodedPageName() throws Exception {
// request the secure page and login
- WebResponse response = performJustInTimeLogin("/%73ecurePage.jsp");
-
- // make sure the response leads to the secure page
- String title = response.getTitle();
- assertEquals(
- "Expected secure page, got:" + title,
- Constants.SECURE_TITLE,
- title
- );
+ assertPageTitleAfterLogin("/%73ecurePage.jsp", Constants.SECURE_TITLE);
}
}
projects / securityfilter.git / commitdiff