Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11564 from spyrkob/WFLY-10894
[WFLY-10894] Tests for propagating undertow authentication mode to El…
- Loading branch information
Showing
4 changed files
with
351 additions
and
0 deletions.
There are no files selected for viewing
167 changes: 167 additions & 0 deletions
167
.../java/org/wildfly/test/integration/elytron/authmode/ConstraintDrivenAuthModeTestCase.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,167 @@ | ||
package org.wildfly.test.integration.elytron.authmode; | ||
|
||
import org.apache.http.auth.AuthScope; | ||
import org.apache.http.auth.UsernamePasswordCredentials; | ||
import org.apache.http.client.CredentialsProvider; | ||
import org.apache.http.client.methods.CloseableHttpResponse; | ||
import org.apache.http.client.methods.HttpGet; | ||
import org.apache.http.impl.auth.BasicScheme; | ||
import org.apache.http.impl.client.BasicCredentialsProvider; | ||
import org.apache.http.impl.client.CloseableHttpClient; | ||
import org.apache.http.impl.client.HttpClients; | ||
import org.apache.http.util.EntityUtils; | ||
import org.jboss.arquillian.container.test.api.Deployment; | ||
import org.jboss.arquillian.container.test.api.RunAsClient; | ||
import org.jboss.arquillian.junit.Arquillian; | ||
import org.jboss.arquillian.test.api.ArquillianResource; | ||
import org.jboss.as.arquillian.api.ServerSetup; | ||
import org.jboss.as.test.integration.management.util.CLIWrapper; | ||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.spec.WebArchive; | ||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
import org.wildfly.test.security.common.AbstractElytronSetupTask; | ||
import org.wildfly.test.security.common.elytron.ConfigurableElement; | ||
|
||
import java.net.URI; | ||
import java.net.URL; | ||
|
||
import static org.apache.http.HttpStatus.SC_OK; | ||
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; | ||
import static org.junit.Assert.assertEquals; | ||
|
||
@RunAsClient | ||
@RunWith(Arquillian.class) | ||
@ServerSetup(ConstraintDrivenAuthModeTestCase.ServerSetup.class) | ||
public class ConstraintDrivenAuthModeTestCase { | ||
|
||
private static final String NAME = ConstraintDrivenAuthModeTestCase.class.getSimpleName(); | ||
|
||
@Deployment | ||
public static WebArchive createDeployment() { | ||
WebArchive war = ShrinkWrap.create(WebArchive.class, NAME + ".war"); | ||
war.addAsWebInfResource(ConstraintDrivenAuthModeTestCase.class.getPackage(), "authmode-web.xml", "web.xml"); | ||
war.addAsWebResource(ConstraintDrivenAuthModeTestCase.class.getPackage(), "authmode-page.jsp", "secure.jsp"); | ||
war.addAsWebResource(ConstraintDrivenAuthModeTestCase.class.getPackage(), "authmode-page.jsp", "unsecure.jsp"); | ||
|
||
return war; | ||
} | ||
|
||
@ArquillianResource | ||
private URL url; | ||
|
||
@Test | ||
public void testUnsecuredResourceWithValidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password1"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, "UTF-8", false)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testSecuredResourceWithValidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "secure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password1"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, "UTF-8", false)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "user1", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testSecuredResourceWithInvalidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "secure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password2"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, request)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_UNAUTHORIZED, statusCode); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testUnsecureResourceWithInvalidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password2"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, request)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testUnsecureResourceWithoutCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom().build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
static class ServerSetup extends AbstractElytronSetupTask { | ||
|
||
|
||
@Override | ||
protected ConfigurableElement[] getConfigurableElements() { | ||
ConfigurableElement[] configurableElements = new ConfigurableElement[1]; | ||
configurableElements[0] = new ConfigurableElement() { | ||
@Override | ||
public String getName() { | ||
return "Enable CONSTRAINT-DRIVEN auth"; | ||
} | ||
|
||
@Override | ||
public void create(CLIWrapper cli) throws Exception { | ||
cli.sendLine("/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=false)"); | ||
} | ||
|
||
@Override | ||
public void remove(CLIWrapper cli) throws Exception { | ||
cli.sendLine("/subsystem=undertow/servlet-container=default:undefine-attribute(name=proactive-authentication)"); | ||
} | ||
|
||
}; | ||
return configurableElements; | ||
} | ||
} | ||
} |
165 changes: 165 additions & 0 deletions
165
...rc/test/java/org/wildfly/test/integration/elytron/authmode/ProactiveAuthModeTestCase.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
package org.wildfly.test.integration.elytron.authmode; | ||
|
||
import org.apache.http.auth.AuthScope; | ||
import org.apache.http.auth.UsernamePasswordCredentials; | ||
import org.apache.http.client.CredentialsProvider; | ||
import org.apache.http.client.methods.CloseableHttpResponse; | ||
import org.apache.http.client.methods.HttpGet; | ||
import org.apache.http.impl.auth.BasicScheme; | ||
import org.apache.http.impl.client.BasicCredentialsProvider; | ||
import org.apache.http.impl.client.CloseableHttpClient; | ||
import org.apache.http.impl.client.HttpClients; | ||
import org.apache.http.util.EntityUtils; | ||
import org.jboss.arquillian.container.test.api.Deployment; | ||
import org.jboss.arquillian.container.test.api.RunAsClient; | ||
import org.jboss.arquillian.junit.Arquillian; | ||
import org.jboss.arquillian.test.api.ArquillianResource; | ||
import org.jboss.as.arquillian.api.ServerSetup; | ||
import org.jboss.as.test.integration.management.util.CLIWrapper; | ||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.spec.WebArchive; | ||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
import org.wildfly.test.security.common.AbstractElytronSetupTask; | ||
import org.wildfly.test.security.common.elytron.ConfigurableElement; | ||
|
||
import java.net.URI; | ||
import java.net.URL; | ||
|
||
import static org.apache.http.HttpStatus.SC_OK; | ||
import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; | ||
import static org.junit.Assert.assertEquals; | ||
|
||
@RunAsClient | ||
@RunWith(Arquillian.class) | ||
@ServerSetup(ProactiveAuthModeTestCase.ServerSetup.class) | ||
public class ProactiveAuthModeTestCase { | ||
private static final String NAME = ProactiveAuthModeTestCase.class.getSimpleName(); | ||
|
||
@Deployment | ||
public static WebArchive createDeployment() { | ||
WebArchive war = ShrinkWrap.create(WebArchive.class, NAME + ".war"); | ||
war.addAsWebInfResource(ProactiveAuthModeTestCase.class.getPackage(), "authmode-web.xml", "web.xml"); | ||
war.addAsWebResource(ProactiveAuthModeTestCase.class.getPackage(), "authmode-page.jsp", "secure.jsp"); | ||
war.addAsWebResource(ProactiveAuthModeTestCase.class.getPackage(), "authmode-page.jsp", "unsecure.jsp"); | ||
|
||
return war; | ||
} | ||
|
||
@ArquillianResource | ||
private URL url; | ||
|
||
@Test | ||
public void testUnsecuredResourceWithValidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password1"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, "UTF-8", false)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "user1", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testSecuredResourceWithValidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "secure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password1"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, "UTF-8", false)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "user1", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testSecuredResourceWithInvalidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "secure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password2"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, request)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_UNAUTHORIZED, statusCode); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testUnsecureResourceWithInvalidCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("user1", "password2"); | ||
|
||
CredentialsProvider credsProvider = new BasicCredentialsProvider(); | ||
credsProvider.setCredentials(AuthScope.ANY, credentials); | ||
request.addHeader(new BasicScheme().authenticate(credentials, request)); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom() | ||
.build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_UNAUTHORIZED, statusCode); | ||
} | ||
} | ||
} | ||
|
||
@Test | ||
public void testUnsecureResourceWithoutCredential() throws Exception { | ||
HttpGet request = new HttpGet(new URI(url.toExternalForm() + "unsecure.jsp")); | ||
|
||
try (CloseableHttpClient httpClient = HttpClients.custom().build()) { | ||
try (CloseableHttpResponse response = httpClient.execute(request)) { | ||
int statusCode = response.getStatusLine().getStatusCode(); | ||
assertEquals("Unexpected status code in HTTP response.", SC_OK, statusCode); | ||
assertEquals("Unexpected content of HTTP response.", "", EntityUtils.toString(response.getEntity())); | ||
} | ||
} | ||
} | ||
|
||
static class ServerSetup extends AbstractElytronSetupTask { | ||
|
||
|
||
@Override | ||
protected ConfigurableElement[] getConfigurableElements() { | ||
ConfigurableElement[] configurableElements = new ConfigurableElement[1]; | ||
configurableElements[0] = new ConfigurableElement() { | ||
@Override | ||
public String getName() { | ||
return "Enable CONSTRAINT-DRIVEN auth"; | ||
} | ||
|
||
@Override | ||
public void create(CLIWrapper cli) throws Exception { | ||
cli.sendLine("/subsystem=undertow/servlet-container=default:write-attribute(name=proactive-authentication, value=true)"); | ||
} | ||
|
||
@Override | ||
public void remove(CLIWrapper cli) throws Exception { | ||
cli.sendLine("/subsystem=undertow/servlet-container=default:undefine-attribute(name=proactive-authentication)"); | ||
} | ||
|
||
}; | ||
return configurableElements; | ||
} | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
...ion/elytron/src/test/java/org/wildfly/test/integration/elytron/authmode/authmode-page.jsp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
${pageContext.request.remoteUser} |
18 changes: 18 additions & 0 deletions
18
...tion/elytron/src/test/java/org/wildfly/test/integration/elytron/authmode/authmode-web.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_3_0.xsd" | ||
version="3.0"> | ||
<security-constraint> | ||
<web-resource-collection> | ||
<url-pattern>/secure.jsp</url-pattern> | ||
</web-resource-collection> | ||
<auth-constraint> | ||
<role-name>Role1</role-name> | ||
</auth-constraint> | ||
</security-constraint> | ||
|
||
<login-config> | ||
<auth-method>BASIC</auth-method> | ||
<realm-name>other</realm-name> | ||
</login-config> | ||
</web-app> |