incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r1214794 - /sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
Date Thu, 15 Dec 2011 14:47:35 GMT
Author: fmeschbe
Date: Thu Dec 15 14:47:35 2011
New Revision: 1214794

URL: http://svn.apache.org/viewvc?rev=1214794&view=rev
Log:
SLING-2329 Fix loop prevention
  - add a test simulating a request loop with invalid credentials -> expect 403/FORBIDDEN

Modified:
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java?rev=1214794&r1=1214793&r2=1214794&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
(original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
Thu Dec 15 14:47:35 2011
@@ -115,6 +115,21 @@ public class AuthenticationResponseCodeT
         assertEquals(HttpServletResponse.SC_UNAUTHORIZED, status);
     }
 
+    public void testPreventLoopIncorrectFormCredentials() throws Exception {
+        List<NameValuePair> params = new ArrayList<NameValuePair>();
+        params.add(new NameValuePair("j_username", "garbage"));
+        params.add(new NameValuePair("j_password", "garbage"));
+
+        final String requestUrl = HTTP_BASE_URL + "/j_security_check";
+        List<Header> headers = new ArrayList<Header>();
+        headers.add(new Header("Referer", requestUrl));
+        headers.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
+
+        HttpMethod post = assertPostStatus(requestUrl, HttpServletResponse.SC_FORBIDDEN,
params, headers, null);
+        assertNotNull(post.getResponseHeader("X-Reason"));
+        assertEquals("Username and Password do not match", post.getResponseHeader("X-Reason").getValue());
+    }
+
     public void testXRequestedWithIncorrectCredentials() throws Exception {
         List<NameValuePair> params = new ArrayList<NameValuePair>();
         params.add(new NameValuePair("j_username", "garbage"));



Mime
View raw message