Return-Path: 
 <tomcat-dev-return-21069-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 95988 invoked by uid 500); 10 May 2001 23:57:06 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-dev@jakarta.apache.org>
Reply-To: tomcat-dev@jakarta.apache.org
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 95978 invoked by uid 500); 10 May 2001 23:57:06 -0000
Delivered-To: apmail-jakarta-tomcat-4.0-cvs@apache.org
Date: 10 May 2001 23:57:06 -0000
Message-ID: <20010510235706.95972.qmail@apache.org>
From: craigmcc@apache.org
To: jakarta-tomcat-4.0-cvs@apache.org
Subject: cvs commit: jakarta-tomcat-4.0/tester/web/WEB-INF web.xml

craigmcc    01/05/10 16:57:06

  Modified:    tester/src/bin tester.xml
               tester/web/WEB-INF web.xml
  Added:       tester/src/tester/org/apache/tester Authentication05.java
  Log:
  Update tests to check for "all users allowed" (i.e. a "*" in the
  <role-name> element of an <auth-constraint>) and "no users allowed (i.e.
  no <role-name> elements inside an <auth-constraint>).
  
  Revision  Changes    Path
  1.44      +16 -0     jakarta-tomcat-4.0/tester/src/bin/tester.xml
  
  Index: tester.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/tester/src/bin/tester.xml,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- tester.xml	2001/05/10 22:52:23	1.43
  +++ tester.xml	2001/05/10 23:57:05	1.44
  @@ -60,6 +60,8 @@
            tested by invoking a protected URI followed by a non-protected URI
       -->
   
  +    <!-- ========== Basic Access to Authenticated Resources =============== -->
  +
       <tester host="${host}" port="${port}" protocol="${protocol}"
             debug="${debug}"
            request="${context.path}/protected/Authentication01"
  @@ -85,6 +87,20 @@
            request="${context.path}/protected/Authentication04"
          inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
         outContent="Authentication04 PASSED"/>
  +
  +    <!-- ========== "All Allowed" and "All Disallowed" Access ============= -->
  +
  +    <tester host="${host}" port="${port}" protocol="HTTP/1.0"
  +          debug="${debug}"
  +         request="${context.path}/allowed/Authentication05"
  +       inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
  +      outContent="Authentication05 PASSED"/>
  +
  +    <tester host="${host}" port="${port}" protocol="HTTP/1.0"
  +          debug="${debug}"
  +         request="${context.path}/disallowed/Authentication05"
  +       inHeaders="Authorization:Basic dG9tY2F0OnRvbWNhdA=="
  +          status="403"/>
   
     </target>
   
  
  
  
  1.1                  jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Authentication05.java
  
  Index: Authentication05.java
  ===================================================================
  /* ========================================================================= *
   *                                                                           *
   *                 The Apache Software License,  Version 1.1                 *
   *                                                                           *
   *      Copyright (c) 1999, 2000, 2001  The Apache Software Foundation.      *
   *                           All rights reserved.                            *
   *                                                                           *
   * ========================================================================= *
   *                                                                           *
   * Redistribution and use in source and binary forms,  with or without modi- *
   * fication, are permitted provided that the following conditions are met:   *
   *                                                                           *
   * 1. Redistributions of source code  must retain the above copyright notice *
   *    notice, this list of conditions and the following disclaimer.          *
   *                                                                           *
   * 2. Redistributions  in binary  form  must  reproduce the  above copyright *
   *    notice,  this list of conditions  and the following  disclaimer in the *
   *    documentation and/or other materials provided with the distribution.   *
   *                                                                           *
   * 3. The end-user documentation  included with the redistribution,  if any, *
   *    must include the following acknowlegement:                             *
   *                                                                           *
   *       "This product includes  software developed  by the Apache  Software *
   *        Foundation <http://www.apache.org/>."                              *
   *                                                                           *
   *    Alternately, this acknowlegement may appear in the software itself, if *
   *    and wherever such third-party acknowlegements normally appear.         *
   *                                                                           *
   * 4. The names  "The  Jakarta  Project",  "Tomcat",  and  "Apache  Software *
   *    Foundation"  must not be used  to endorse or promote  products derived *
   *    from this  software without  prior  written  permission.  For  written *
   *    permission, please contact <apache@apache.org>.                        *
   *                                                                           *
   * 5. Products derived from this software may not be called "Apache" nor may *
   *    "Apache" appear in their names without prior written permission of the *
   *    Apache Software Foundation.                                            *
   *                                                                           *
   * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES *
   * INCLUDING, BUT NOT LIMITED TO,  THE IMPLIED WARRANTIES OF MERCHANTABILITY *
   * AND FITNESS FOR  A PARTICULAR PURPOSE  ARE DISCLAIMED.  IN NO EVENT SHALL *
   * THE APACHE  SOFTWARE  FOUNDATION OR  ITS CONTRIBUTORS  BE LIABLE  FOR ANY *
   * DIRECT,  INDIRECT,   INCIDENTAL,  SPECIAL,  EXEMPLARY,  OR  CONSEQUENTIAL *
   * DAMAGES (INCLUDING,  BUT NOT LIMITED TO,  PROCUREMENT OF SUBSTITUTE GOODS *
   * OR SERVICES;  LOSS OF USE,  DATA,  OR PROFITS;  OR BUSINESS INTERRUPTION) *
   * HOWEVER CAUSED AND  ON ANY  THEORY  OF  LIABILITY,  WHETHER IN  CONTRACT, *
   * STRICT LIABILITY, OR TORT  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN *
   * ANY  WAY  OUT OF  THE  USE OF  THIS  SOFTWARE,  EVEN  IF  ADVISED  OF THE *
   * POSSIBILITY OF SUCH DAMAGE.                                               *
   *                                                                           *
   * ========================================================================= *
   *                                                                           *
   * This software  consists of voluntary  contributions made  by many indivi- *
   * duals on behalf of the  Apache Software Foundation.  For more information *
   * on the Apache Software Foundation, please see <http://www.apache.org/>.   *
   *                                                                           *
   * ========================================================================= */
  
  package org.apache.tester;
  
  
  import java.io.*;
  import java.security.Principal;
  import javax.servlet.*;
  import javax.servlet.http.*;
  
  /**
   * Ensure that a resource protected a a security constratint that allows all
   * roles will permit access to an authenticated user.
   *
   * @author Craig R. McClanahan
   * @version $Revision: 1.1 $ $Date: 2001/05/10 23:57:05 $
   */
  
  public class Authentication05 extends HttpServlet {
  
      public void doGet(HttpServletRequest request, HttpServletResponse response)
          throws IOException, ServletException {
  
          response.setContentType("text/plain");
          PrintWriter writer = response.getWriter();
          StringBuffer sb = new StringBuffer();
  
          String remoteUser = request.getRemoteUser();
          if (remoteUser == null)
              sb.append(" No remote user returned/");
          else if (!"tomcat".equals(remoteUser)) {
              sb.append(" Remote user is '");
              sb.append(remoteUser);
              sb.append("'/");
          }
  
          Principal userPrincipal = request.getUserPrincipal();
          if (userPrincipal == null)
              sb.append(" No user principal returned/");
          else if (!"tomcat".equals(userPrincipal.getName())) {
              sb.append(" User principal is '");
              sb.append(userPrincipal);
              sb.append("'/");
          }
  
          if (!request.isUserInRole("tomcat"))
              sb.append(" Not in role 'tomcat'/");
  
          if (sb.length() < 1)
              writer.println("Authentication05 PASSED");
          else {
              writer.print("Authentication05 FAILED -");
              writer.println(sb.toString());
          }
  
          while (true) {
              String message = StaticLogger.read();
              if (message == null)
                  break;
              writer.println(message);
          }
          StaticLogger.reset();
  
      }
  
  
  }
  
  
  
  1.33      +35 -1     jakarta-tomcat-4.0/tester/web/WEB-INF/web.xml
  
  Index: web.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/tester/web/WEB-INF/web.xml,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- web.xml	2001/05/10 22:52:27	1.32
  +++ web.xml	2001/05/10 23:57:05	1.33
  @@ -336,6 +336,11 @@
       </servlet>
   
       <servlet>
  +        <servlet-name>Authentication05</servlet-name>
  +        <servlet-class>org.apache.tester.Authentication05</servlet-class>
  +    </servlet>
  +
  +    <servlet>
           <servlet-name>Decoding01</servlet-name>
           <servlet-class>org.apache.tester.Decoding01</servlet-class>
       </servlet>
  @@ -656,6 +661,16 @@
       </servlet-mapping>
   
       <servlet-mapping>
  +        <servlet-name>Authentication05</servlet-name>
  +        <url-pattern>/allowed/Authentication05</url-pattern>
  +    </servlet-mapping>
  +
  +    <servlet-mapping>
  +        <servlet-name>Authentication05</servlet-name>
  +        <url-pattern>/disallowed/Authentication05</url-pattern>
  +    </servlet-mapping>
  +
  +    <servlet-mapping>
           <servlet-name>Decoding01</servlet-name>
           <url-pattern>/Decoding01/*</url-pattern>
       </servlet-mapping>
  @@ -1173,11 +1188,30 @@
   
       <security-constraint>
           <web-resource-collection>
  -            <web-resource-name>Authentication Servlet</web-resource-name>
  +            <web-resource-name>General Protected Area</web-resource-name>
               <url-pattern>/protected/*</url-pattern>
           </web-resource-collection>
           <auth-constraint>
               <role-name>tomcat</role-name>
  +        </auth-constraint>
  +    </security-constraint>
  +
  +    <security-constraint>
  +        <web-resource-collection>
  +            <web-resource-name>All Users Allowed Area</web-resource-name>
  +            <url-pattern>/allowed/*</url-pattern>
  +        </web-resource-collection>
  +        <auth-constraint>
  +            <role-name>*</role-name>
  +        </auth-constraint>
  +    </security-constraint>
  +
  +    <security-constraint>
  +        <web-resource-collection>
  +            <web-resource-name>No Users Allowed Area</web-resource-name>
  +            <url-pattern>/disallowed/*</url-pattern>
  +        </web-resource-collection>
  +        <auth-constraint>
           </auth-constraint>
       </security-constraint>