This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new f031c56dd3 Split test into three - helps when test machines have many
cores
f031c56dd3 is described below
commit f031c56dd32d2fdda7ce23276483e2ddb14b7951
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Dec 4 15:22:19 2023 +0000
Split test into three - helps when test machines have many cores
---
...henticator.java => TestFormAuthenticatorA.java} | 80 +-----
...henticator.java => TestFormAuthenticatorB.java} | 281 +--------------------
...henticator.java => TestFormAuthenticatorC.java} | 275 +-------------------
3 files changed, 11 insertions(+), 625 deletions(-)
diff --git a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
b/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
similarity index 91%
copy from test/org/apache/catalina/authenticator/TestFormAuthenticator.java
copy to test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
index 521e469c95..56c78b199a 100644
--- a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
+++ b/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
@@ -72,7 +72,7 @@ import org.apache.tomcat.websocket.server.WsContextListener;
* but it makes no claims to generality).
*
*/
-public class TestFormAuthenticator extends TomcatBaseTest {
+public class TestFormAuthenticatorA extends TomcatBaseTest {
// these should really be singletons to be type-safe,
// we are in a unit test and don't need to paranoid.
@@ -107,31 +107,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostNoContinueWithCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- @Test
- public void testPostWithContinueAndCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
- // Bug 49779
- @Test
- public void testPostNoContinuePostRedirectWithCookies() throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- // Bug 49779
- @Test
- public void testPostWithContinuePostRedirectWithCookies() throws Exception
{
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
// next, a set of tests where the server Context is configured to never
@@ -144,33 +120,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
CLIENT_NO_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostNoContinueNoServerCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
- @Test
- public void testPostWithContinueNoServerCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- // variant of Bug 49779
- @Test
- public void testPostNoContinuePostRedirectNoServerCookies()
- throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- // variant of Bug 49779
- @Test
- public void testPostWithContinuePostRedirectNoServerCookies()
- throws Exception {
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
// next, a set of tests where the server Context uses cookies,
@@ -183,34 +133,6 @@ public class TestFormAuthenticator extends TomcatBaseTest {
CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostNoContinueNoClientCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- @Test
- public void testPostWithContinueNoClientCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- // variant of Bug 49779
- @Test
- public void testPostNoContinuePostRedirectNoClientCookies()
- throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- // variant of Bug 49779
- @Test
- public void testPostWithContinuePostRedirectNoClientCookies()
- throws Exception {
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// finally, a set of tests to explore quirky situations
// but there is not need to replicate all the scenarios above.
diff --git a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
b/test/org/apache/catalina/authenticator/TestFormAuthenticatorB.java
similarity index 67%
copy from test/org/apache/catalina/authenticator/TestFormAuthenticator.java
copy to test/org/apache/catalina/authenticator/TestFormAuthenticatorB.java
index 521e469c95..a8dff997c7 100644
--- a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
+++ b/test/org/apache/catalina/authenticator/TestFormAuthenticatorB.java
@@ -17,15 +17,9 @@
package org.apache.catalina.authenticator;
import java.io.File;
-import java.io.IOException;
import java.util.List;
import java.util.StringTokenizer;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import org.junit.Assert;
import org.junit.Test;
@@ -33,12 +27,8 @@ import org.apache.catalina.Context;
import org.apache.catalina.Valve;
import org.apache.catalina.startup.SimpleHttpClient;
import org.apache.catalina.startup.TesterMapRealm;
-import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
-import org.apache.tomcat.util.descriptor.web.LoginConfig;
-import org.apache.tomcat.util.descriptor.web.SecurityCollection;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.websocket.server.WsContextListener;
/*
@@ -53,7 +43,7 @@ import org.apache.tomcat.websocket.server.WsContextListener;
* as a path parameter appended to ALL urls within its response. That is
* achievable with servlets, jsps, jstl (all of which which can ask for an
* encoded url to be inserted into the dynamic web page). It cannot work
- * with static html.
+ * with static HTML.
* note: this test class uses the Tomcat sample jsps, which conform.
*
* 3. Therefore, any webapp that MIGHT need to authenticate a client that
@@ -72,7 +62,7 @@ import org.apache.tomcat.websocket.server.WsContextListener;
* but it makes no claims to generality).
*
*/
-public class TestFormAuthenticator extends TomcatBaseTest {
+public class TestFormAuthenticatorB extends TomcatBaseTest {
// these should really be singletons to be type-safe,
// we are in a unit test and don't need to paranoid.
@@ -91,34 +81,18 @@ public class TestFormAuthenticator extends TomcatBaseTest {
protected static final boolean SERVER_CHANGE_SESSID = true;
protected static final boolean SERVER_FREEZE_SESSID =
!SERVER_CHANGE_SESSID;
- // minimum session timeout
- private static final int SHORT_SESSION_TIMEOUT_SECS = 1;
- private static final long TIMEOUT_DELAY_MSECS =
((SHORT_SESSION_TIMEOUT_SECS + 10) * 1000);
-
private FormAuthClient client;
// first, a set of tests where the server uses a cookie to carry
// the current session ID during and after authentication, and
// the client is prepared to return cookies with each request
- @Test
- public void testGetWithCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostNoContinueWithCookies() throws Exception {
doTest("POST", "GET", NO_100_CONTINUE,
CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostWithContinueAndCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// Bug 49779
@Test
public void testPostNoContinuePostRedirectWithCookies() throws Exception {
@@ -126,36 +100,16 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- // Bug 49779
- @Test
- public void testPostWithContinuePostRedirectWithCookies() throws Exception
{
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// next, a set of tests where the server Context is configured to never
// use cookies and the session ID is only carried as a url path parameter
- // Bug 53584
- @Test
- public void testGetNoServerCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostNoContinueNoServerCookies() throws Exception {
doTest("POST", "GET", NO_100_CONTINUE,
CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostWithContinueNoServerCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// variant of Bug 49779
@Test
public void testPostNoContinuePostRedirectNoServerCookies()
@@ -164,37 +118,19 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
}
- // variant of Bug 49779
- @Test
- public void testPostWithContinuePostRedirectNoServerCookies()
- throws Exception {
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
+
// next, a set of tests where the server Context uses cookies,
// but the client refuses to return them and tries to use
// the session ID if carried as a url path parameter
- @Test
- public void testGetNoClientCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostNoContinueNoClientCookies() throws Exception {
doTest("POST", "GET", NO_100_CONTINUE,
CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostWithContinueNoClientCookies() throws Exception {
- doTest("POST", "GET", USE_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// variant of Bug 49779
@Test
public void testPostNoContinuePostRedirectNoClientCookies()
@@ -203,97 +139,12 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- // variant of Bug 49779
- @Test
- public void testPostWithContinuePostRedirectNoClientCookies()
- throws Exception {
- doTest("POST", "POST", USE_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
+
// finally, a set of tests to explore quirky situations
// but there is not need to replicate all the scenarios above.
- @Test
- public void testNoChangedSessidWithCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
- }
-
- @Test
- public void testNoChangedSessidWithoutCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
- }
-
- @Test
- public void testTimeoutWithoutCookies() throws Exception {
- String protectedUri = doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
-
- // Force session to expire one second from now
- Context context = (Context)
getTomcatInstance().getHost().findChildren()[0];
- forceSessionMaxInactiveInterval(context, SHORT_SESSION_TIMEOUT_SECS);
-
- // wait long enough for my session to expire
- Thread.sleep(TIMEOUT_DELAY_MSECS);
-
- // then try to continue using the expired session to get the
- // protected resource once more.
- // should get login challenge or timeout status 408
- doTestProtected("GET", protectedUri, NO_100_CONTINUE,
- FormAuthClient.LOGIN_REQUIRED, 1);
- }
-
- // HTTP 1.0 test
- @Test
- public void testGetWithCookiesHttp10() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID,
- CLIENT_USE_HTTP_10);
- }
-
-
- @Test
- public void testSelectedMethods() throws Exception {
-
- FormAuthClientSelectedMethods client =
- new FormAuthClientSelectedMethods(true, true, true, true);
-
- // First request for protected resource gets the login page
- client.doResourceRequest("PUT", true, "/test?" +
- SelectedMethodsServlet.PARAM + "=" +
- SelectedMethodsServlet.VALUE, null);
- Assert.assertTrue(client.getResponseLine(), client.isResponse200());
- Assert.assertTrue(client.isResponseBodyOK());
- String originalSessionId = client.getSessionId();
- client.reset();
-
- // Second request replies to the login challenge
- client.doResourceRequest("POST", true, "/test/j_security_check",
- FormAuthClientBase.LOGIN_REPLY);
- Assert.assertTrue("login failed " + client.getResponseLine(),
- client.isResponse303());
- Assert.assertTrue(client.isResponseBodyOK());
- String redirectUri = client.getRedirectUri();
- client.reset();
-
- // Third request - the login was successful so
- // follow the redirect to the protected resource
- client.doResourceRequest("GET", true, redirectUri, null);
- Assert.assertTrue(client.isResponse200());
- Assert.assertTrue(client.isResponseBodyOK());
- String newSessionId = client.getSessionId();
-
- Assert.assertTrue(!originalSessionId.equals(newSessionId));
- client.reset();
- }
-
-
/*
* Choreograph the steps of the test dialogue with the server
* 1. while not authenticated, try to access a protected resource
@@ -534,7 +385,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
}
/*
- * verify the server response html body is the page we expect,
+ * verify the server response HTML body is the page we expect,
* based on the dialogue position within doTest.
*/
@Override
@@ -543,7 +394,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
}
/*
- * verify the server response html body is the page we expect,
+ * verify the server response HTML body is the page we expect,
* based on the dialogue position given by the caller.
*/
public boolean isResponseBodyOK(int testPhase) {
@@ -666,124 +517,4 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
setPort(getPort());
}
}
-
-
- /**
- * Encapsulate the logic needed to run a suitably-configured Tomcat
- * instance, send it an HTTP request and process the server response when
- * the protected resource is only protected for some HTTP methods. The use
- * case of particular interest is when GET and POST are not protected since
- * those are the methods used by the login form and the redirect and if
- * those methods are not protected the authenticator may not process the
- * associated requests.
- */
- private class FormAuthClientSelectedMethods extends FormAuthClientBase {
-
- private FormAuthClientSelectedMethods(boolean clientShouldUseCookies,
- boolean clientShouldUseHttp11,
- boolean serverShouldUseCookies,
- boolean serverShouldChangeSessid) throws Exception {
-
- this.clientShouldUseHttp11 = clientShouldUseHttp11;
-
- Tomcat tomcat = getTomcatInstance();
-
- Context ctx = tomcat.addContext(
- "", System.getProperty("java.io.tmpdir"));
- Tomcat.addServlet(ctx, "SelectedMethods",
- new SelectedMethodsServlet());
- ctx.addServletMappingDecoded("/test", "SelectedMethods");
- // Login servlet just needs to respond "OK". Client will handle
- // creating a valid response. No need for a form.
- Tomcat.addServlet(ctx, "Login",
- new TesterServlet());
- ctx.addServletMappingDecoded("/login", "Login");
-
- // Configure the security constraints
- SecurityConstraint constraint = new SecurityConstraint();
- SecurityCollection collection = new SecurityCollection();
- collection.setName("Protect PUT");
- collection.addMethod("PUT");
- collection.addPatternDecoded("/test");
- constraint.addCollection(collection);
- constraint.addAuthRole("tomcat");
- ctx.addConstraint(constraint);
-
- // Configure authentication
- LoginConfig lc = new LoginConfig();
- lc.setAuthMethod("FORM");
- lc.setLoginPage("/login");
- ctx.setLoginConfig(lc);
- ctx.getPipeline().addValve(new FormAuthenticator());
-
- setUseCookies(clientShouldUseCookies);
- ctx.setCookies(serverShouldUseCookies);
-
- TesterMapRealm realm = new TesterMapRealm();
- realm.addUser("tomcat", "tomcat");
- realm.addUserRole("tomcat", "tomcat");
- ctx.setRealm(realm);
-
- tomcat.start();
-
- // Valve pipeline is only established after tomcat starts
- Valve[] valves = ctx.getPipeline().getValves();
- for (Valve valve : valves) {
- if (valve instanceof AuthenticatorBase) {
- ((AuthenticatorBase)valve)
- .setChangeSessionIdOnAuthentication(
- serverShouldChangeSessid);
- break;
- }
- }
-
- // Port only known after Tomcat starts
- setPort(getPort());
- }
-
- @Override
- public boolean isResponseBodyOK() {
- if (isResponse303()) {
- return true;
- }
- Assert.assertTrue(getResponseBody(),
getResponseBody().contains("OK"));
- Assert.assertFalse(getResponseBody().contains("FAIL"));
- return true;
- }
- }
-
-
- private static final class SelectedMethodsServlet extends HttpServlet {
-
- private static final long serialVersionUID = 1L;
- public static final String PARAM = "TestParam";
- public static final String VALUE = "TestValue";
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- resp.setContentType("text/plain;charset=UTF-8");
-
- if (VALUE.equals(req.getParameter(PARAM)) &&
- req.isUserInRole("tomcat")) {
- resp.getWriter().print("OK");
- } else {
- resp.getWriter().print("FAIL");
- }
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- // Same as GET for this test case
- doGet(req, resp);
- }
-
- @Override
- protected void doPut(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- // Same as GET for this test case
- doGet(req, resp);
- }
- }
}
diff --git a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
b/test/org/apache/catalina/authenticator/TestFormAuthenticatorC.java
similarity index 67%
rename from test/org/apache/catalina/authenticator/TestFormAuthenticator.java
rename to test/org/apache/catalina/authenticator/TestFormAuthenticatorC.java
index 521e469c95..78ab635db9 100644
--- a/test/org/apache/catalina/authenticator/TestFormAuthenticator.java
+++ b/test/org/apache/catalina/authenticator/TestFormAuthenticatorC.java
@@ -17,15 +17,9 @@
package org.apache.catalina.authenticator;
import java.io.File;
-import java.io.IOException;
import java.util.List;
import java.util.StringTokenizer;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import org.junit.Assert;
import org.junit.Test;
@@ -33,12 +27,8 @@ import org.apache.catalina.Context;
import org.apache.catalina.Valve;
import org.apache.catalina.startup.SimpleHttpClient;
import org.apache.catalina.startup.TesterMapRealm;
-import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
-import org.apache.tomcat.util.descriptor.web.LoginConfig;
-import org.apache.tomcat.util.descriptor.web.SecurityCollection;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.websocket.server.WsContextListener;
/*
@@ -53,7 +43,7 @@ import org.apache.tomcat.websocket.server.WsContextListener;
* as a path parameter appended to ALL urls within its response. That is
* achievable with servlets, jsps, jstl (all of which which can ask for an
* encoded url to be inserted into the dynamic web page). It cannot work
- * with static html.
+ * with static HTML.
* note: this test class uses the Tomcat sample jsps, which conform.
*
* 3. Therefore, any webapp that MIGHT need to authenticate a client that
@@ -72,7 +62,7 @@ import org.apache.tomcat.websocket.server.WsContextListener;
* but it makes no claims to generality).
*
*/
-public class TestFormAuthenticator extends TomcatBaseTest {
+public class TestFormAuthenticatorC extends TomcatBaseTest {
// these should really be singletons to be type-safe,
// we are in a unit test and don't need to paranoid.
@@ -91,41 +81,18 @@ public class TestFormAuthenticator extends TomcatBaseTest {
protected static final boolean SERVER_CHANGE_SESSID = true;
protected static final boolean SERVER_FREEZE_SESSID =
!SERVER_CHANGE_SESSID;
- // minimum session timeout
- private static final int SHORT_SESSION_TIMEOUT_SECS = 1;
- private static final long TIMEOUT_DELAY_MSECS =
((SHORT_SESSION_TIMEOUT_SECS + 10) * 1000);
-
private FormAuthClient client;
// first, a set of tests where the server uses a cookie to carry
// the current session ID during and after authentication, and
// the client is prepared to return cookies with each request
- @Test
- public void testGetWithCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- @Test
- public void testPostNoContinueWithCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostWithContinueAndCookies() throws Exception {
doTest("POST", "GET", USE_100_CONTINUE,
CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- // Bug 49779
- @Test
- public void testPostNoContinuePostRedirectWithCookies() throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// Bug 49779
@Test
public void testPostWithContinuePostRedirectWithCookies() throws Exception
{
@@ -137,33 +104,12 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
// next, a set of tests where the server Context is configured to never
// use cookies and the session ID is only carried as a url path parameter
- // Bug 53584
- @Test
- public void testGetNoServerCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
- @Test
- public void testPostNoContinueNoServerCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostWithContinueNoServerCookies() throws Exception {
doTest("POST", "GET", USE_100_CONTINUE,
CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
}
- // variant of Bug 49779
- @Test
- public void testPostNoContinuePostRedirectNoServerCookies()
- throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_NO_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// variant of Bug 49779
@Test
public void testPostWithContinuePostRedirectNoServerCookies()
@@ -183,26 +129,12 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- @Test
- public void testPostNoContinueNoClientCookies() throws Exception {
- doTest("POST", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
@Test
public void testPostWithContinueNoClientCookies() throws Exception {
doTest("POST", "GET", USE_100_CONTINUE,
CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
}
- // variant of Bug 49779
- @Test
- public void testPostNoContinuePostRedirectNoClientCookies()
- throws Exception {
- doTest("POST", "POST", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID);
- }
-
// variant of Bug 49779
@Test
public void testPostWithContinuePostRedirectNoClientCookies()
@@ -215,85 +147,6 @@ public class TestFormAuthenticator extends TomcatBaseTest {
// finally, a set of tests to explore quirky situations
// but there is not need to replicate all the scenarios above.
- @Test
- public void testNoChangedSessidWithCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
- }
-
- @Test
- public void testNoChangedSessidWithoutCookies() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
- }
-
- @Test
- public void testTimeoutWithoutCookies() throws Exception {
- String protectedUri = doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_NO_COOKIES, SERVER_USE_COOKIES,
- SERVER_FREEZE_SESSID);
-
- // Force session to expire one second from now
- Context context = (Context)
getTomcatInstance().getHost().findChildren()[0];
- forceSessionMaxInactiveInterval(context, SHORT_SESSION_TIMEOUT_SECS);
-
- // wait long enough for my session to expire
- Thread.sleep(TIMEOUT_DELAY_MSECS);
-
- // then try to continue using the expired session to get the
- // protected resource once more.
- // should get login challenge or timeout status 408
- doTestProtected("GET", protectedUri, NO_100_CONTINUE,
- FormAuthClient.LOGIN_REQUIRED, 1);
- }
-
- // HTTP 1.0 test
- @Test
- public void testGetWithCookiesHttp10() throws Exception {
- doTest("GET", "GET", NO_100_CONTINUE,
- CLIENT_USE_COOKIES, SERVER_USE_COOKIES, SERVER_CHANGE_SESSID,
- CLIENT_USE_HTTP_10);
- }
-
-
- @Test
- public void testSelectedMethods() throws Exception {
-
- FormAuthClientSelectedMethods client =
- new FormAuthClientSelectedMethods(true, true, true, true);
-
- // First request for protected resource gets the login page
- client.doResourceRequest("PUT", true, "/test?" +
- SelectedMethodsServlet.PARAM + "=" +
- SelectedMethodsServlet.VALUE, null);
- Assert.assertTrue(client.getResponseLine(), client.isResponse200());
- Assert.assertTrue(client.isResponseBodyOK());
- String originalSessionId = client.getSessionId();
- client.reset();
-
- // Second request replies to the login challenge
- client.doResourceRequest("POST", true, "/test/j_security_check",
- FormAuthClientBase.LOGIN_REPLY);
- Assert.assertTrue("login failed " + client.getResponseLine(),
- client.isResponse303());
- Assert.assertTrue(client.isResponseBodyOK());
- String redirectUri = client.getRedirectUri();
- client.reset();
-
- // Third request - the login was successful so
- // follow the redirect to the protected resource
- client.doResourceRequest("GET", true, redirectUri, null);
- Assert.assertTrue(client.isResponse200());
- Assert.assertTrue(client.isResponseBodyOK());
- String newSessionId = client.getSessionId();
-
- Assert.assertTrue(!originalSessionId.equals(newSessionId));
- client.reset();
- }
-
-
/*
* Choreograph the steps of the test dialogue with the server
* 1. while not authenticated, try to access a protected resource
@@ -534,7 +387,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
}
/*
- * verify the server response html body is the page we expect,
+ * verify the server response HTML body is the page we expect,
* based on the dialogue position within doTest.
*/
@Override
@@ -543,7 +396,7 @@ public class TestFormAuthenticator extends TomcatBaseTest {
}
/*
- * verify the server response html body is the page we expect,
+ * verify the server response HTML body is the page we expect,
* based on the dialogue position given by the caller.
*/
public boolean isResponseBodyOK(int testPhase) {
@@ -666,124 +519,4 @@ public class TestFormAuthenticator extends TomcatBaseTest
{
setPort(getPort());
}
}
-
-
- /**
- * Encapsulate the logic needed to run a suitably-configured Tomcat
- * instance, send it an HTTP request and process the server response when
- * the protected resource is only protected for some HTTP methods. The use
- * case of particular interest is when GET and POST are not protected since
- * those are the methods used by the login form and the redirect and if
- * those methods are not protected the authenticator may not process the
- * associated requests.
- */
- private class FormAuthClientSelectedMethods extends FormAuthClientBase {
-
- private FormAuthClientSelectedMethods(boolean clientShouldUseCookies,
- boolean clientShouldUseHttp11,
- boolean serverShouldUseCookies,
- boolean serverShouldChangeSessid) throws Exception {
-
- this.clientShouldUseHttp11 = clientShouldUseHttp11;
-
- Tomcat tomcat = getTomcatInstance();
-
- Context ctx = tomcat.addContext(
- "", System.getProperty("java.io.tmpdir"));
- Tomcat.addServlet(ctx, "SelectedMethods",
- new SelectedMethodsServlet());
- ctx.addServletMappingDecoded("/test", "SelectedMethods");
- // Login servlet just needs to respond "OK". Client will handle
- // creating a valid response. No need for a form.
- Tomcat.addServlet(ctx, "Login",
- new TesterServlet());
- ctx.addServletMappingDecoded("/login", "Login");
-
- // Configure the security constraints
- SecurityConstraint constraint = new SecurityConstraint();
- SecurityCollection collection = new SecurityCollection();
- collection.setName("Protect PUT");
- collection.addMethod("PUT");
- collection.addPatternDecoded("/test");
- constraint.addCollection(collection);
- constraint.addAuthRole("tomcat");
- ctx.addConstraint(constraint);
-
- // Configure authentication
- LoginConfig lc = new LoginConfig();
- lc.setAuthMethod("FORM");
- lc.setLoginPage("/login");
- ctx.setLoginConfig(lc);
- ctx.getPipeline().addValve(new FormAuthenticator());
-
- setUseCookies(clientShouldUseCookies);
- ctx.setCookies(serverShouldUseCookies);
-
- TesterMapRealm realm = new TesterMapRealm();
- realm.addUser("tomcat", "tomcat");
- realm.addUserRole("tomcat", "tomcat");
- ctx.setRealm(realm);
-
- tomcat.start();
-
- // Valve pipeline is only established after tomcat starts
- Valve[] valves = ctx.getPipeline().getValves();
- for (Valve valve : valves) {
- if (valve instanceof AuthenticatorBase) {
- ((AuthenticatorBase)valve)
- .setChangeSessionIdOnAuthentication(
- serverShouldChangeSessid);
- break;
- }
- }
-
- // Port only known after Tomcat starts
- setPort(getPort());
- }
-
- @Override
- public boolean isResponseBodyOK() {
- if (isResponse303()) {
- return true;
- }
- Assert.assertTrue(getResponseBody(),
getResponseBody().contains("OK"));
- Assert.assertFalse(getResponseBody().contains("FAIL"));
- return true;
- }
- }
-
-
- private static final class SelectedMethodsServlet extends HttpServlet {
-
- private static final long serialVersionUID = 1L;
- public static final String PARAM = "TestParam";
- public static final String VALUE = "TestValue";
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- resp.setContentType("text/plain;charset=UTF-8");
-
- if (VALUE.equals(req.getParameter(PARAM)) &&
- req.isUserInRole("tomcat")) {
- resp.getWriter().print("OK");
- } else {
- resp.getWriter().print("FAIL");
- }
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- // Same as GET for this test case
- doGet(req, resp);
- }
-
- @Override
- protected void doPut(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- // Same as GET for this test case
- doGet(req, resp);
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
