From: maxcooper Date: Wed, 15 Feb 2006 09:55:41 +0000 (+0000) Subject: bug#1056920: renamed unit test class and method names, improved session cookie test... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=363498485efe02782b0af0ca30c7240e2c6050cd;p=securityfilter.git bug#1056920: renamed unit test class and method names, improved session cookie test to look specifically for JSESSIONID cookie --- diff --git a/src/test/org/securityfilter/test/http/form/NoAuthSessionTest.java b/src/test/org/securityfilter/test/http/form/NoAuthSessionTest.java new file mode 100644 index 0000000..79d2df3 --- /dev/null +++ b/src/test/org/securityfilter/test/http/form/NoAuthSessionTest.java @@ -0,0 +1,111 @@ +/* + * $Header$ + * $Revision$ + * $Date$ + * + * ==================================================================== + * The SecurityFilter Software License, Version 1.1 + * + * (this license is derived and fully compatible with the Apache Software + * License - see http://www.apache.org/LICENSE.txt) + * + * Copyright (c) 2002 SecurityFilter.org. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by + * SecurityFilter.org (http://www.securityfilter.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The name "SecurityFilter" must not be used to endorse or promote + * products derived from this software without prior written permission. + * For written permission, please contact license@securityfilter.org . + * + * 5. Products derived from this software may not be called "SecurityFilter", + * nor may "SecurityFilter" appear in their name, without prior written + * permission of SecurityFilter.org. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + */ + +package org.securityfilter.test.http.form; + +import org.securityfilter.test.http.TestBase; + +import com.meterware.httpunit.GetMethodWebRequest; +import com.meterware.httpunit.WebRequest; + +/** + * NoAuthSessionTest - Ensure that SecurityFilter does not create a session when accessing unsecured pages. + * + * Bug report: + * http://sourceforge.net/tracker/index.php?func=detail&aid=1056920&group_id=59484&atid=491164 + * + * @author Max Cooper (max@maxcooper.com) + * @version $Revision$ $Date$ + */ +public class NoAuthSessionTest extends TestBase { + /** + * Constructor + * + * @param name + */ + public NoAuthSessionTest(String name) { + super(name); + } + + /** + * Test for session cookie on index page. There should be no session cookie. + * + * @throws Exception + */ + public void testNoAuthSessionForUnsecured() throws Exception { + + WebRequest request = new GetMethodWebRequest(baseUrl + "/index.jsp"); + session.getResponse(request); + + // Check that there is no session ID + String sessionId = session.getCookieValue("JSESSIONID"); + assertNull("Got session for non-authenticated index page", sessionId); + } + + /** + * Test for session cookie on direct access of login page. There should be no session cookie. + * + * @throws Exception + */ + public void testNoAuthSessionForLoginPage() throws Exception { + + WebRequest request = new GetMethodWebRequest(baseUrl + "/loginForm.jsp"); + session.getResponse(request); + + // Check that there is no session ID + String sessionId = session.getCookieValue("JSESSIONID"); + assertNull("Got session for non-authenticated login page", sessionId); + } +} diff --git a/src/test/org/securityfilter/test/http/form/NoSessionForUnsecuredTest.java b/src/test/org/securityfilter/test/http/form/NoSessionForUnsecuredTest.java deleted file mode 100644 index 8f3e888..0000000 --- a/src/test/org/securityfilter/test/http/form/NoSessionForUnsecuredTest.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * $Header$ - * $Revision$ - * $Date$ - * - * ==================================================================== - * The SecurityFilter Software License, Version 1.1 - * - * (this license is derived and fully compatible with the Apache Software - * License - see http://www.apache.org/LICENSE.txt) - * - * Copyright (c) 2002 SecurityFilter.org. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by - * SecurityFilter.org (http://www.securityfilter.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The name "SecurityFilter" must not be used to endorse or promote - * products derived from this software without prior written permission. - * For written permission, please contact license@securityfilter.org . - * - * 5. Products derived from this software may not be called "SecurityFilter", - * nor may "SecurityFilter" appear in their name, without prior written - * permission of SecurityFilter.org. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - */ - -package org.securityfilter.test.http.form; - -import org.securityfilter.test.http.TestBase; - -import com.meterware.httpunit.GetMethodWebRequest; -import com.meterware.httpunit.WebRequest; -import com.meterware.httpunit.WebResponse; - -/** - * NoSessionForUnsecuredTest - Ensure that SecurityFilter does not create a session when accessing unsecured pages. - * - * Bug report: - * http://sourceforge.net/tracker/index.php?func=detail&aid=1056920&group_id=59484&atid=491164 - * - * @author Max Cooper (max@maxcooper.com) - * @version $Revision$ $Date$ - */ -public class NoSessionForUnsecuredTest extends TestBase { - /** - * Constructor - * - * @param name - */ - public NoSessionForUnsecuredTest(String name) { - super(name); - } - - /** - * Test for session cookie on index page. There should be no session cookie. - * - * @throws Exception - */ - public void testNoSessionForUnsecured() throws Exception { - - WebRequest request = new GetMethodWebRequest(baseUrl + "/index.jsp"); - WebResponse response = session.getResponse(request); - - String[] cookieNames = response.getNewCookieNames(); - assertEquals("Number of cookies should be 0.", 0, cookieNames.length); - } - - /** - * Test for session cookie on index page. There should be no session cookie. - * - * @throws Exception - */ - public void testNoSessionForLoginPage() throws Exception { - - WebRequest request = new GetMethodWebRequest(baseUrl + "/loginForm.jsp"); - WebResponse response = session.getResponse(request); - - String[] cookieNames = response.getNewCookieNames(); - assertEquals("Number of cookies should be 0.", 0, cookieNames.length); - } -}