archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r701910 - in /archiva/branches/archiva-security-fix/archiva-modules/archiva-web: archiva-security/src/test/java/org/apache/maven/archiva/security/ archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/
Date Mon, 06 Oct 2008 01:11:37 GMT
Author: oching
Date: Sun Oct  5 18:11:37 2008
New Revision: 701910

URL: http://svn.apache.org/viewvc?rev=701910&view=rev
Log:
-updated RepositoryServletSecurityTest
-added test class for ArchivaServletAuthenticator

Added:
    archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
Modified:
    archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java

Added: archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java?rev=701910&view=auto
==============================================================================
--- archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
(added)
+++ archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.java
Sun Oct  5 18:11:37 2008
@@ -0,0 +1,50 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.spring.PlexusInSpringTestCase;
+
+/**
+ * ArchivaServletAuthenticatorTest
+ * 
+ * @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>
+ * @version
+ */
+public class ArchivaServletAuthenticatorTest
+    extends PlexusInSpringTestCase
+{
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+    }
+    
+    public void testIsAuthenticated()
+        throws Exception
+    {
+        //TODO
+    }
+    
+    public void testIsAuthorized()
+        throws Exception
+    {
+        //TODO
+    }
+}

Modified: archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java?rev=701910&r1=701909&r2=701910&view=diff
==============================================================================
--- archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
(original)
+++ archiva/branches/archiva-security-fix/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
Sun Oct  5 18:11:37 2008
@@ -91,11 +91,7 @@
     private ArchivaXworkUser archivaXworkUser;
 
     private RepositoryServlet servlet;
-
-    private MockControl davResourceFactoryControl;
-
-    private DavResourceFactory davResourceFactory;
-
+    
     public void setUp()
         throws Exception
     {
@@ -135,11 +131,7 @@
         archivaXworkUser = new ArchivaXworkUser();
         archivaXworkUser.setGuest( "guest" );
 
-        davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser
);
-
-        davResourceFactoryControl = MockControl.createControl( DavResourceFactory.class );
-        davResourceFactoryControl.setDefaultMatcher( new AlwaysMatcher() );
-        davResourceFactory = (DavResourceFactory) davResourceFactoryControl.getMock();
+        davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser
);      
     }
 
     protected ManagedRepositoryConfiguration createManagedRepository( String id, String name,
File location )
@@ -230,8 +222,7 @@
 
         httpAuthControl.replay();
         servletAuthControl.replay();
-
-        //WebResponse response = sc.getResponse( request );
+        
         servlet.service( ic.getRequest(), ic.getResponse() );
         
         httpAuthControl.verify();
@@ -270,8 +261,7 @@
         servletAuth.isAuthorized( "guest", "internal", true );
         servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
         servletAuthControl.setReturnValue( true );
-        //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal",
true ), true );
-        
+                
      // ArchivaDavResourceFactory#isAuthorized()
         SecuritySession session = new DefaultSecuritySession();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ),
result );
@@ -283,12 +273,10 @@
         servletAuth.isAuthorized( "guest", "internal", true );
         servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
         servletAuthControl.setReturnValue( true );
-        //servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal",
true ), true );
         
         httpAuthControl.replay();
         servletAuthControl.replay();
 
-        //WebResponse response = sc.getResponse( request );
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -333,7 +321,6 @@
         httpAuthControl.replay();
         servletAuthControl.replay();
         
-        //WebResponse response = sc.getResponse( request );
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -379,9 +366,6 @@
         httpAuthControl.replay();
         servletAuthControl.replay();
 
-        // WebResponse response = sc.getResponse( request );
-        // WebResponse response = ic.getServletResponse();
-
         servlet.service( ic.getRequest(), ic.getResponse() );
 
         httpAuthControl.verify();
@@ -534,26 +518,33 @@
         InvocationContext ic = sc.newInvocation( request );
         servlet = (RepositoryServlet) ic.getServlet();
         servlet.setDavSessionProvider( davSessionProvider );
-        servlet.setResourceFactory( davResourceFactory );
 
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory)
servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+        
         AuthenticationResult result = new AuthenticationResult();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ),
result );
         servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true
);
 
-        //TODO remove davResourceFactoryControl!
-        davResourceFactoryControl.expectAndThrow( davResourceFactory.createResource( null,
null, null ),
-                                                  new UnauthorizedDavException( "internal",
"User not authorized" ) );
-
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ),
result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ),
true );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal",
true ),
+                                           new UnauthorizedException( "User not authorized
to read repository." ) );
+        
         httpAuthControl.replay();
         servletAuthControl.replay();
-        davResourceFactoryControl.replay();
-
+        
         WebResponse response = sc.getResponse( request );
 
         httpAuthControl.verify();
         servletAuthControl.verify();
-        davResourceFactoryControl.verify();
-
+        
         assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
     }
 }



Mime
View raw message