Google Git
Sign in
third-party-mirror / glassfish / f8c62026c286afe559ae262be5ecd1ac3fcc5f66 / . / appserver / tests / appserv-tests / devtests / security / jaccmr8 / client / Client.java
blob: 2e9977930696c8dd5783cf62a0c7f991d7f7b520 [file] [log] [blame]
/*
* Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package org.glassfish.jacc.test.mr8;
import java.net.*;
import java.io.*;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Hashtable;
import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
public class Client {
private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
private static String testSuite = "Security::JACCMR8";
private static String contextPath = "/jaccmr8";
private String host;
private String port;
private String username;
private String password;
private String rolename;
private String otheruser;
private String ejbmode = "None";
public static void main(String[] args) {
stat.addDescription(testSuite);
Client client = new Client(args);
client.doTests();
stat.printSummary();
}
public Client(String[] args) {
host = args[0];
port = args[1];
username = args[2];
password = args[3];
rolename = args[4];
otheruser = args[5];
System.out.println(" Host: " + host);
System.out.println(" Port: " + port);
System.out.println(" Username: " + username);
System.out.println(" Rolename: " + rolename);
System.out.println("Other User: " + otheruser);
}
public void doTests() {
// Use the stateful EJB inside the servlet
// The stateful EJB uses annotations to protect the EJB
ejbmode = "stateful";
testAnyAuthUser();
testAnyAuthUserOther();
testAnyAuthUserNone();
testDenyUncovered();
testDenyUncoveredOther();
testDenyUncoveredNone();
testStar();
testStarOther();
testStarNone();
testServlet();
testServletOther();
testServletNone();
testAuthUser();
testAuthUserOther();
testAuthUserNone();
// Use the stateless EJB inside the servlet
// The stateless EJB uses the deployment descriptor to protect the EJB
// Only repeat tests that actually can invoke the servlet
ejbmode = "stateless";
testAnyAuthUser();
testAnyAuthUserOther();
testStar();
testAuthUser();
testServlet();
testServletOther();
testServletNone();
}
public void testAnyAuthUser() {
String servlet = "/anyauthuser";
String description = servlet+"-"+username+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,true,true,true,true,true,true);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testAnyAuthUserOther() {
String servlet = "/anyauthuser";
String description = servlet+"-"+otheruser+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, otheruser, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,false,true,true,false,false,true);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testAnyAuthUserNone() {
String servlet = "/anyauthuser";
String description = servlet+"--"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testAuthUser() {
String servlet = "/authuser";
String description = servlet+"-"+username+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,true,true,true,true,true,true);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testAuthUserOther() {
String servlet = "/authuser";
String description = servlet+"-"+otheruser+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testAuthUserNone() {
String servlet = "/authuser";
String description = servlet+"--"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testStar() {
String servlet = "/star";
String description = servlet+"-"+username+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,true,true,true,true,true,true);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testStarOther() {
String servlet = "/star";
String description = servlet+"-"+otheruser+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testStarNone() {
String servlet = "/star";
String description = servlet+"--"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testServlet() {
String servlet = "/servlet";
String description = servlet+"-"+username+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,false,false,false,false,false,false);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testServletOther() {
String servlet = "/servlet";
String description = servlet+"-"+otheruser+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, otheruser, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,false,false,false,false,false,false);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testServletNone() {
String servlet = "/servlet";
String description = servlet+"--"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 200, null, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// Check results in output
success = checkResults(output,false,false,false,false,false,false);
if (!success) {
System.out.println("Incorrect results:" + description);
stat.addStatus(description, stat.FAIL);
return;
}
stat.addStatus(description, stat.PASS);
}
public void testDenyUncovered() {
String servlet = "/denyuncoveredpost";
String description = servlet+"-"+username+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 403, username, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testDenyUncoveredOther() {
String servlet = "/denyuncoveredpost";
String description = servlet+"-"+otheruser+"-"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
public void testDenyUncoveredNone() {
String servlet = "/denyuncoveredpost";
String description = servlet+"--"+ejbmode;
StringBuffer output = new StringBuffer();
boolean success = doIndividualTest(servlet, 403, null, ejbmode, output);
if (!success) {
stat.addStatus(description, stat.FAIL);
return;
}
// No results to check!
stat.addStatus(description, stat.PASS);
}
// Validate that all the passed in results are as expected
// If any value is not as expected the overall results are false
private boolean checkResults(StringBuffer results,
boolean EJBisCallerInRole, boolean EJBisUserInAnyAuthUserRole,
boolean EJBInvokeAnyAuthUser, boolean EJBInvokeAuthUser,
boolean WEBisUserInRole, boolean WEBisUserInAnyAuthUserRole) {
int index;
boolean result = true;
if (EJBisCallerInRole)
index = results.indexOf("EJB isCallerInRole: true");
else
index = results.indexOf("EJB isCallerInRole: false");
if (index == -1)
result = false;
if (!result) return result;
if (EJBisUserInAnyAuthUserRole)
index = results.indexOf("EJB isUserInAnyAuthUserRole: true");
else
index = results.indexOf("EJB isUserInAnyAuthUserRole: false");
if (index == -1)
result = false;
if (!result) return result;
if (WEBisUserInRole)
index = results.indexOf("WEB isUserInRole: true");
else
index = results.indexOf("WEB isUserInRole: false");
if (index == -1)
result = false;
if (!result) return result;
if (WEBisUserInAnyAuthUserRole)
index = results.indexOf("WEB isUserInAnyAuthUserRole: true");
else
index = results.indexOf("WEB isUserInAnyAuthUserRole: false");
if (index == -1)
result = false;
if (!result) return result;
index = results.indexOf("EJB Invoke AnyAuthUser: Yes");
if (EJBInvokeAnyAuthUser)
result = (index != -1);
else
result = (index == -1);
if (!result) return result;
index = results.indexOf("EJB Invoke AuthUser: Yes");
if (EJBInvokeAuthUser)
result = (index != -1);
else
result = (index == -1);
return result;
}
private boolean doIndividualTest(String servlet, int code, String user, String mode, StringBuffer output) {
boolean result = false;
try {
int rtncode;
String url = "http://" + host + ":" + port + contextPath + servlet;
Hashtable ht = new Hashtable();
ht.put("mode", URLEncoder.encode(mode,"UTF-8"));
ht.put("name", URLEncoder.encode(rolename,"UTF-8"));
System.out.println("\nInvoking servlet at " + url);
rtncode = invokeServlet(url, ht, user, output);
System.out.println("The servlet return code: " + rtncode);
if (rtncode != code) {
System.out.println("Incorrect return code, expecting: " + code);
}
else result = true;
} catch (Exception ex) {
System.out.println("Exception: " + ex.toString());
//ex.printStackTrace();
}
return result;
}
private int invokeServlet(String url, Hashtable contentHash, String user, StringBuffer output) throws Exception {
URL u = new URL(url);
HttpURLConnection c1 = (HttpURLConnection) u.openConnection();
c1.setAllowUserInteraction(true);
if ((user != null) && (user.length() > 0)) {
// Add BASIC header for authentication
String auth = user + ":" + password;
String authEncoded = Base64.getEncoder().encodeToString(auth.getBytes());
c1.setRequestProperty("Authorization", "Basic " + authEncoded);
}
c1.setDoOutput(true);
c1.setUseCaches(false);
// get the output stream to POST to.
DataOutputStream out = new DataOutputStream(c1.getOutputStream());
String content = "";
// Create a single String value to be POSTED from the parameters passed
// to us. This is done by making "name"="value" pairs for all the keys
// in the Hashtable passed to us.
Enumeration e = contentHash.keys();
boolean first = true;
while (e.hasMoreElements()) {
// For each key and value pair in the hashtable
Object key = e.nextElement();
Object value = contentHash.get(key);
// If this is not the first key-value pair in the hashtable,
// concantenate an "&" sign to the constructed String
if (!first)
content += "&";
// append to a single string. Encode the value portion
content += (String) key + "=" + URLEncoder.encode((String) value,"UTF-8");
first = false;
}
// Write out the bytes of the content string to the stream.
out.writeBytes(content);
out.flush();
out.close();
// Connect and get the response code and/or output to verify
c1.connect();
int code = c1.getResponseCode();
if (code == HttpURLConnection.HTTP_OK) {
InputStream is = null;
BufferedReader input = null;
String line = null;
try {
is = c1.getInputStream();
input = new BufferedReader(new InputStreamReader(is));
while ((line = input.readLine()) != null) {
output.append(line);
System.out.println(line);
}
}
finally {
try { if (is != null) is.close(); }
catch (Exception exc) {}
try { if (input != null) input.close(); }
catch (Exception exc) {}
}
}
return code;
}
}