This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e36a358ef7ae908acb9f51274fdf2bfb796288aa
Author: Paul Lodge <plo...@redhat.com>
AuthorDate: Tue Sep 17 16:39:58 2024 +0200
Added a unit test to make sure that the Expires and Date headers have
consisent formatting and contain GMT
---
.../authenticator/TestFormAuthenticatorA.java | 37 ++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
b/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
index 2671b3e1cb..2b24015b63 100644
--- a/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
+++ b/test/org/apache/catalina/authenticator/TestFormAuthenticatorA.java
@@ -18,8 +18,12 @@ package org.apache.catalina.authenticator;
import java.io.File;
import java.io.IOException;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
@@ -40,6 +44,7 @@ import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.websocket.server.WsContextListener;
+import org.apache.tomcat.util.buf.ByteChunk;
/*
* Test FORM authentication for sessions that do and do not use cookies.
@@ -216,6 +221,38 @@ public class TestFormAuthenticatorA extends TomcatBaseTest
{
}
+ /*
+ * Test to ensure that the Expir and
+ */
+ @Test
+ public void testDateAndExpireHeadersUseGMT() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+
+ File appDir = new File(getBuildDirectory(), "webapps/examples");
+ Context ctxt = tomcat.addWebapp(null, "/examples",
appDir.getAbsolutePath());
+ FormAuthenticator form = new FormAuthenticator();
+ form.setSecurePagesWithPragma(true);
+ ctxt.getPipeline().addValve(form);
+ tomcat.start();
+
+ Map<String,List<String>> responseHeaders = new HashMap();
+ ByteChunk bc = new ByteChunk();
+ String path = "http://localhost:"; + getPort() +
"/examples/jsp/security/protected/index.jsp";
+ int rc = getUrl(path, bc, responseHeaders);
+ Assert.assertTrue(String.format("Expecting 200, but got ", rc), rc ==
200);
+ String expiresDate = responseHeaders.get("Expires").get(0).toString();
+
+ String ExpectedDateFormatRegx = "^[A-za-z]{3}, \\d{2} \\w{3} \\d{4}
\\d{2}:\\d{2}:\\d{2} GMT$";
+ Pattern pattern = Pattern.compile(ExpectedDateFormatRegx);
+ Matcher matcher = pattern.matcher((CharSequence)expiresDate);
+ Assert.assertTrue("Expires header date not in expected format",
matcher.matches());
+
+ String Date = responseHeaders.get("Date").get(0).toString();
+ matcher = pattern.matcher((CharSequence)Date);
+ Assert.assertTrue("Date header not in expected format",
matcher.matches());
+ }
+
+
/*
* Choreograph the steps of the test dialogue with the server
* 1. while not authenticated, try to access a protected resource
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
