--- /dev/null
+/*
+ * $Header$
+ * $Revision$
+ * $Date$
+ *
+ * ====================================================================
+ * The SecurityFilter Software License, Version 1.1
+ *
+ * (this license is derived and fully compatible with the Apache Software
+ * License - see http://www.apache.org/LICENSE.txt)
+ *
+ * Copyright (c) 2002 SecurityFilter.org. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by
+ * SecurityFilter.org (http://www.securityfilter.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The name "SecurityFilter" must not be used to endorse or promote
+ * products derived from this software without prior written permission.
+ * For written permission, please contact license@securityfilter.org .
+ *
+ * 5. Products derived from this software may not be called "SecurityFilter",
+ * nor may "SecurityFilter" appear in their name, without prior written
+ * permission of SecurityFilter.org.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ */
+
+package org.securityfilter.test.http.form;
+
+import org.securityfilter.test.http.TestBase;
+
+import com.meterware.httpunit.GetMethodWebRequest;
+import com.meterware.httpunit.WebRequest;
+
+/**
+ * NoAuthSessionTest - Ensure that SecurityFilter does not create a session when accessing unsecured pages.
+ *
+ * Bug report:
+ * http://sourceforge.net/tracker/index.php?func=detail&aid=1056920&group_id=59484&atid=491164
+ *
+ * @author Max Cooper (max@maxcooper.com)
+ * @version $Revision$ $Date$
+ */
+public class NoAuthSessionTest extends TestBase {
+ /**
+ * Constructor
+ *
+ * @param name
+ */
+ public NoAuthSessionTest(String name) {
+ super(name);
+ }
+
+ /**
+ * Test for session cookie on index page. There should be no session cookie.
+ *
+ * @throws Exception
+ */
+ public void testNoAuthSessionForUnsecured() throws Exception {
+
+ WebRequest request = new GetMethodWebRequest(baseUrl + "/index.jsp");
+ session.getResponse(request);
+
+ // Check that there is no session ID
+ String sessionId = session.getCookieValue("JSESSIONID");
+ assertNull("Got session for non-authenticated index page", sessionId);
+ }
+
+ /**
+ * Test for session cookie on direct access of login page. There should be no session cookie.
+ *
+ * @throws Exception
+ */
+ public void testNoAuthSessionForLoginPage() throws Exception {
+
+ WebRequest request = new GetMethodWebRequest(baseUrl + "/loginForm.jsp");
+ session.getResponse(request);
+
+ // Check that there is no session ID
+ String sessionId = session.getCookieValue("JSESSIONID");
+ assertNull("Got session for non-authenticated login page", sessionId);
+ }
+}
+++ /dev/null
-/*
- * $Header$
- * $Revision$
- * $Date$
- *
- * ====================================================================
- * The SecurityFilter Software License, Version 1.1
- *
- * (this license is derived and fully compatible with the Apache Software
- * License - see http://www.apache.org/LICENSE.txt)
- *
- * Copyright (c) 2002 SecurityFilter.org. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by
- * SecurityFilter.org (http://www.securityfilter.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The name "SecurityFilter" must not be used to endorse or promote
- * products derived from this software without prior written permission.
- * For written permission, please contact license@securityfilter.org .
- *
- * 5. Products derived from this software may not be called "SecurityFilter",
- * nor may "SecurityFilter" appear in their name, without prior written
- * permission of SecurityFilter.org.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- */
-
-package org.securityfilter.test.http.form;
-
-import org.securityfilter.test.http.TestBase;
-
-import com.meterware.httpunit.GetMethodWebRequest;
-import com.meterware.httpunit.WebRequest;
-import com.meterware.httpunit.WebResponse;
-
-/**
- * NoSessionForUnsecuredTest - Ensure that SecurityFilter does not create a session when accessing unsecured pages.
- *
- * Bug report:
- * http://sourceforge.net/tracker/index.php?func=detail&aid=1056920&group_id=59484&atid=491164
- *
- * @author Max Cooper (max@maxcooper.com)
- * @version $Revision$ $Date$
- */
-public class NoSessionForUnsecuredTest extends TestBase {
- /**
- * Constructor
- *
- * @param name
- */
- public NoSessionForUnsecuredTest(String name) {
- super(name);
- }
-
- /**
- * Test for session cookie on index page. There should be no session cookie.
- *
- * @throws Exception
- */
- public void testNoSessionForUnsecured() throws Exception {
-
- WebRequest request = new GetMethodWebRequest(baseUrl + "/index.jsp");
- WebResponse response = session.getResponse(request);
-
- String[] cookieNames = response.getNewCookieNames();
- assertEquals("Number of cookies should be 0.", 0, cookieNames.length);
- }
-
- /**
- * Test for session cookie on index page. There should be no session cookie.
- *
- * @throws Exception
- */
- public void testNoSessionForLoginPage() throws Exception {
-
- WebRequest request = new GetMethodWebRequest(baseUrl + "/loginForm.jsp");
- WebResponse response = session.getResponse(request);
-
- String[] cookieNames = response.getNewCookieNames();
- assertEquals("Number of cookies should be 0.", 0, cookieNames.length);
- }
-}
projects / securityfilter.git / commitdiff