tests/test-loginservice/src/test/java/org/eclipse/jetty/DataSourceLoginServiceTest.java - jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //


 package org.eclipse.jetty;

 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;

 import java.io.File;
 import java.io.FileOutputStream;
 import java.net.URI;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.Statement;
 import java.util.concurrent.TimeUnit;

 import javax.servlet.http.HttpServletResponse;

 import org.apache.derby.jdbc.EmbeddedDataSource;
 import org.eclipse.jetty.client.HttpClient;
 import org.eclipse.jetty.client.api.AuthenticationStore;
 import org.eclipse.jetty.client.api.ContentResponse;
 import org.eclipse.jetty.client.util.BasicAuthentication;
 import org.eclipse.jetty.plus.security.DataSourceLoginService;
 import org.eclipse.jetty.toolchain.test.FS;
 import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
 import org.eclipse.jetty.util.Loader;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;

 /**
  * DataSourceLoginServiceTest
  *
  *
  */
 public class DataSourceLoginServiceTest
 {


     public static final String _content = "This is some protected content";
     private static File _docRoot;
     private static HttpClient _client;
     private static String __realm = "DSRealm";
     private static URI _baseUri;
     private static final int __cacheInterval = 200;
     private static DatabaseLoginServiceTestServer _testServer;


     @BeforeClass
     public static void setUp() throws Exception
     {

         _docRoot = MavenTestingUtils.getTargetTestingDir("loginservice-test");
         FS.ensureDirExists(_docRoot);

         File content = new File(_docRoot,"input.txt");
         FileOutputStream out = new FileOutputStream(content);
         out.write(_content.getBytes("utf-8"));
         out.close();


         //clear previous runs
         File scriptFile = MavenTestingUtils.getTestResourceFile("droptables.sql");
         int result = DatabaseLoginServiceTestServer.runscript(scriptFile);
         //ignore result as derby spits errors for dropping tables that dont exist

         //create afresh
         scriptFile = MavenTestingUtils.getTestResourceFile("createdb.sql");
         result = DatabaseLoginServiceTestServer.runscript(scriptFile);
          assertThat("runScript result",result, is(0));

         _testServer = new DatabaseLoginServiceTestServer();
         _testServer.setResourceBase(_docRoot.getAbsolutePath());
         _testServer.setLoginService(configureLoginService());
         _testServer.start();
         _baseUri = _testServer.getBaseUri();
      }

      @AfterClass
      public static void tearDown()
          throws Exception
      {
          if (_testServer != null)
          {
              _testServer.stop();
              _testServer = null;
          }
      }

      public static DataSourceLoginService configureLoginService () throws Exception
      {
          DataSourceLoginService loginService = new DataSourceLoginService();
          loginService.setUserTableName("users");
          loginService.setUserTableKey("id");
          loginService.setUserTableUserField("username");
          loginService.setUserTablePasswordField("pwd");
          loginService.setRoleTableName("roles");
          loginService.setRoleTableKey("id");
          loginService.setRoleTableRoleField("role");
          loginService.setUserRoleTableName("user_roles");
          loginService.setUserRoleTableRoleKey("role_id");
          loginService.setUserRoleTableUserKey("user_id");
          loginService.setJndiName("dstest");
          loginService.setName(__realm);
          loginService.setCacheMs(__cacheInterval);
          if (_testServer != null)
              loginService.setServer(_testServer.getServer());

          //create a datasource
          EmbeddedDataSource ds = new EmbeddedDataSource();
          File db = new File (DatabaseLoginServiceTestServer.getDbRoot(), "loginservice");
          ds.setDatabaseName(db.getAbsolutePath());
          org.eclipse.jetty.plus.jndi.Resource binding = new org.eclipse.jetty.plus.jndi.Resource(null, "dstest",
                                                                                                       ds);
          assertThat("Created binding for dstest", binding, notNullValue());
          return loginService;
      }

      @Test
      public void testGetAndPasswordUpdate() throws Exception
      {
          try
          {
              startClient("jetty", "jetty");

              ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
              assertEquals(HttpServletResponse.SC_OK,response.getStatus());
              assertEquals(_content, response.getContentAsString());

              stopClient();

              String newpwd = String.valueOf(System.currentTimeMillis());

              changePassword("jetty", newpwd);
              TimeUnit.MILLISECONDS.sleep(2*__cacheInterval);  //pause to ensure cache invalidates

              startClient("jetty", newpwd);

              response = _client.GET(_baseUri.resolve("input.txt"));
              assertEquals(HttpServletResponse.SC_OK,response.getStatus());
              assertEquals(_content, response.getContentAsString());

          }
          finally
          {
              stopClient();
          }
      }


      protected void changePassword (String user, String newpwd) throws Exception
      {
          Loader.loadClass(this.getClass(), "org.apache.derby.jdbc.EmbeddedDriver").newInstance();
          try (Connection connection = DriverManager.getConnection(DatabaseLoginServiceTestServer.__dbURL, "", "");
               Statement stmt = connection.createStatement())
          {
              connection.setAutoCommit(true);
              stmt.executeUpdate("update users set pwd='"+newpwd+"' where username='"+user+"'");
          }

      }


      protected void startClient(String user, String pwd) throws Exception
      {
          _client = new HttpClient();
          QueuedThreadPool executor = new QueuedThreadPool();
          executor.setName(executor.getName() + "-client");
          _client.setExecutor(executor);
          AuthenticationStore authStore = _client.getAuthenticationStore();
          authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, user, pwd));
          _client.start();
      }

      protected void stopClient() throws Exception
      {
          if (_client != null)
          {
              _client.stop();
              _client = null;
          }
      }

 }
	//
	// ========================================================================
	// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//


	package org.eclipse.jetty;

	import static org.hamcrest.Matchers.is;
	import static org.hamcrest.Matchers.notNullValue;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertThat;

	import java.io.File;
	import java.io.FileOutputStream;
	import java.net.URI;
	import java.sql.Connection;
	import java.sql.DriverManager;
	import java.sql.Statement;
	import java.util.concurrent.TimeUnit;

	import javax.servlet.http.HttpServletResponse;

	import org.apache.derby.jdbc.EmbeddedDataSource;
	import org.eclipse.jetty.client.HttpClient;
	import org.eclipse.jetty.client.api.AuthenticationStore;
	import org.eclipse.jetty.client.api.ContentResponse;
	import org.eclipse.jetty.client.util.BasicAuthentication;
	import org.eclipse.jetty.plus.security.DataSourceLoginService;
	import org.eclipse.jetty.toolchain.test.FS;
	import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
	import org.eclipse.jetty.util.Loader;
	import org.eclipse.jetty.util.thread.QueuedThreadPool;
	import org.junit.AfterClass;
	import org.junit.BeforeClass;
	import org.junit.Test;

	/**
	* DataSourceLoginServiceTest
	*
	*
	*/
	public class DataSourceLoginServiceTest
	{


	public static final String _content = "This is some protected content";
	private static File _docRoot;
	private static HttpClient _client;
	private static String __realm = "DSRealm";
	private static URI _baseUri;
	private static final int __cacheInterval = 200;
	private static DatabaseLoginServiceTestServer _testServer;




	@BeforeClass
	public static void setUp() throws Exception
	{

	_docRoot = MavenTestingUtils.getTargetTestingDir("loginservice-test");
	FS.ensureDirExists(_docRoot);

	File content = new File(_docRoot,"input.txt");
	FileOutputStream out = new FileOutputStream(content);
	out.write(_content.getBytes("utf-8"));
	out.close();


	//clear previous runs
	File scriptFile = MavenTestingUtils.getTestResourceFile("droptables.sql");
	int result = DatabaseLoginServiceTestServer.runscript(scriptFile);
	//ignore result as derby spits errors for dropping tables that dont exist

	//create afresh
	scriptFile = MavenTestingUtils.getTestResourceFile("createdb.sql");
	result = DatabaseLoginServiceTestServer.runscript(scriptFile);
	assertThat("runScript result",result, is(0));

	_testServer = new DatabaseLoginServiceTestServer();
	_testServer.setResourceBase(_docRoot.getAbsolutePath());
	_testServer.setLoginService(configureLoginService());
	_testServer.start();
	_baseUri = _testServer.getBaseUri();
	}

	@AfterClass
	public static void tearDown()
	throws Exception
	{
	if (_testServer != null)
	{
	_testServer.stop();
	_testServer = null;
	}
	}

	public static DataSourceLoginService configureLoginService () throws Exception
	{
	DataSourceLoginService loginService = new DataSourceLoginService();
	loginService.setUserTableName("users");
	loginService.setUserTableKey("id");
	loginService.setUserTableUserField("username");
	loginService.setUserTablePasswordField("pwd");
	loginService.setRoleTableName("roles");
	loginService.setRoleTableKey("id");
	loginService.setRoleTableRoleField("role");
	loginService.setUserRoleTableName("user_roles");
	loginService.setUserRoleTableRoleKey("role_id");
	loginService.setUserRoleTableUserKey("user_id");
	loginService.setJndiName("dstest");
	loginService.setName(__realm);
	loginService.setCacheMs(__cacheInterval);
	if (_testServer != null)
	loginService.setServer(_testServer.getServer());

	//create a datasource
	EmbeddedDataSource ds = new EmbeddedDataSource();
	File db = new File (DatabaseLoginServiceTestServer.getDbRoot(), "loginservice");
	ds.setDatabaseName(db.getAbsolutePath());
	org.eclipse.jetty.plus.jndi.Resource binding = new org.eclipse.jetty.plus.jndi.Resource(null, "dstest",
	ds);
	assertThat("Created binding for dstest", binding, notNullValue());
	return loginService;
	}

	@Test
	public void testGetAndPasswordUpdate() throws Exception
	{
	try
	{
	startClient("jetty", "jetty");

	ContentResponse response = _client.GET(_baseUri.resolve("input.txt"));
	assertEquals(HttpServletResponse.SC_OK,response.getStatus());
	assertEquals(_content, response.getContentAsString());

	stopClient();

	String newpwd = String.valueOf(System.currentTimeMillis());

	changePassword("jetty", newpwd);
	TimeUnit.MILLISECONDS.sleep(2*__cacheInterval); //pause to ensure cache invalidates

	startClient("jetty", newpwd);

	response = _client.GET(_baseUri.resolve("input.txt"));
	assertEquals(HttpServletResponse.SC_OK,response.getStatus());
	assertEquals(_content, response.getContentAsString());

	}
	finally
	{
	stopClient();
	}
	}


	protected void changePassword (String user, String newpwd) throws Exception
	{
	Loader.loadClass(this.getClass(), "org.apache.derby.jdbc.EmbeddedDriver").newInstance();
	try (Connection connection = DriverManager.getConnection(DatabaseLoginServiceTestServer.__dbURL, "", "");
	Statement stmt = connection.createStatement())
	{
	connection.setAutoCommit(true);
	stmt.executeUpdate("update users set pwd='"+newpwd+"' where username='"+user+"'");
	}

	}


	protected void startClient(String user, String pwd) throws Exception
	{
	_client = new HttpClient();
	QueuedThreadPool executor = new QueuedThreadPool();
	executor.setName(executor.getName() + "-client");
	_client.setExecutor(executor);
	AuthenticationStore authStore = _client.getAuthenticationStore();
	authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, user, pwd));
	_client.start();
	}

	protected void stopClient() throws Exception
	{
	if (_client != null)
	{
	_client.stop();
	_client = null;
	}
	}

	}