From f6bd308d08979bcb0646829606f70c5f97acdc8f Mon Sep 17 00:00:00 2001 From: markt Date: Thu, 3 Mar 2011 12:56:07 +0000 Subject: [PATCH] @ServletSecurity Refactor to reduce duplication in test code Add tests for method constraints git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1076606 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/catalina/core/TestStandardWrapper.java | 83 +++++++++++++--------- .../apache/catalina/startup/TomcatBaseTest.java | 4 +- 2 files changed, 53 insertions(+), 34 deletions(-) diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java b/test/org/apache/catalina/core/TestStandardWrapper.java index ae866f7a5..f059fe049 100644 --- a/test/org/apache/catalina/core/TestStandardWrapper.java +++ b/test/org/apache/catalina/core/TestStandardWrapper.java @@ -21,6 +21,7 @@ import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.HttpConstraint; +import javax.servlet.annotation.HttpMethodConstraint; import javax.servlet.annotation.ServletSecurity; import javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic; import javax.servlet.http.HttpServlet; @@ -36,41 +37,28 @@ import org.apache.tomcat.util.buf.ByteChunk; public class TestStandardWrapper extends TomcatBaseTest { public void testSecurityAnnotationsSimple() throws Exception { - doDenyTest(DenyServlet.class.getName()); + doTest(DenyAllServlet.class.getName(), false, false); } public void testSecurityAnnotationsSubclass1() throws Exception { - doDenyTest(SubclassDenyServlet.class.getName()); + doTest(SubclassDenyAllServlet.class.getName(), false, false); } public void testSecurityAnnotationsSubclass2() throws Exception { - doAllowTest(SubclassAllowServlet.class.getName()); + doTest(SubclassAllowAllServlet.class.getName(), false, true); } - private void doDenyTest(String servletClassName) throws Exception { - // Setup Tomcat instance - Tomcat tomcat = getTomcatInstance(); - - // Must have a real docBase - just use temp - Context ctx = - tomcat.addContext("", System.getProperty("java.io.tmpdir")); - - Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName); - wrapper.setAsyncSupported(true); - ctx.addServletMapping("/", "servlet"); - - tomcat.start(); - - // Call the servlet once - ByteChunk bc = new ByteChunk(); - int rc = getUrl("http://localhost:" + getPort() + "/", bc, null); - - assertNull(bc.toString()); - assertEquals(403, rc); - + public void testSecurityAnnotationsMethods1() throws Exception { + doTest(MethodConstraintServlet.class.getName(), false, false); + } + + public void testSecurityAnnotationsMethods2() throws Exception { + doTest(MethodConstraintServlet.class.getName(), true, true); } - private void doAllowTest(String servletClassName) throws Exception { + private void doTest(String servletClassName, boolean usePost, + boolean expect200) throws Exception { + // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); @@ -86,15 +74,23 @@ public class TestStandardWrapper extends TomcatBaseTest { // Call the servlet once ByteChunk bc = new ByteChunk(); - int rc = getUrl("http://localhost:" + getPort() + "/", bc, null); - - assertEquals("OK", bc.toString()); - assertEquals(200, rc); + int rc; + if (usePost) { + rc = postUrl(null, "http://localhost:" + getPort() + "/", bc, null); + } else { + rc = getUrl("http://localhost:" + getPort() + "/", bc, null); + } + if (expect200) { + assertEquals("OK", bc.toString()); + assertEquals(200, rc); + } else { + assertNull(bc.toString()); + assertEquals(403, rc); + } } - @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY)) - public static class DenyServlet extends HttpServlet { + public static class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; @Override @@ -104,14 +100,35 @@ public class TestStandardWrapper extends TomcatBaseTest { resp.setContentType("text/plain"); resp.getWriter().print("OK"); } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + doGet(req, resp); + } + } + + @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY)) + public static class DenyAllServlet extends TestServlet { + private static final long serialVersionUID = 1L; } - public static class SubclassDenyServlet extends DenyServlet { + public static class SubclassDenyAllServlet extends DenyAllServlet { private static final long serialVersionUID = 1L; } @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT)) - public static class SubclassAllowServlet extends DenyServlet { + public static class SubclassAllowAllServlet extends DenyAllServlet { + private static final long serialVersionUID = 1L; + } + + @ServletSecurity(value= @HttpConstraint(EmptyRoleSemantic.PERMIT), + httpMethodConstraints = { + @HttpMethodConstraint(value="GET", + emptyRoleSemantic = EmptyRoleSemantic.DENY) + } + ) + public static class MethodConstraintServlet extends TestServlet { private static final long serialVersionUID = 1L; } } diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java b/test/org/apache/catalina/startup/TomcatBaseTest.java index 8d178ff72..ee4aa48e7 100644 --- a/test/org/apache/catalina/startup/TomcatBaseTest.java +++ b/test/org/apache/catalina/startup/TomcatBaseTest.java @@ -238,7 +238,9 @@ public abstract class TomcatBaseTest extends TestCase { OutputStream os = null; try { os = connection.getOutputStream(); - os.write(body, 0, body.length); + if (body != null) { + os.write(body, 0, body.length); + } } finally { if (os != null) { try { -- 2.11.0