[jcatapult] r2388 committed - Initial pass at fixing security to support context paths

0 views

Skip to first unread message

codesite...@google.com

unread,

Oct 14, 2009, 8:11:35 PM10/14/09

to jcatapul...@googlegroups.com

Revision: 2388
Author: bpontarelli
Date: Wed Oct 14 17:10:55 2009
Log: Initial pass at fixing security to support context paths
http://code.google.com/p/jcatapult/source/detail?r=2388

Deleted:

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/ServletTools.java
Modified:
/jcatapult-security/trunk/.classpath
/jcatapult-security/trunk/jcatapult-security.eml
/jcatapult-security/trunk/jcatapult-security.ipr
/jcatapult-security/trunk/project.xml

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/auth/ConfiguredAuthorizer.java

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/saved/DefaultSavedRequestService.java

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/FacadeHttpServletRequest.java

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflow.java

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/login/DefaultLoginWorkflow.java

/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflow.java

/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationExceptionHandlerTest.java

/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflowTest.java

/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginExceptionHandlerTest.java

/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginWorkflowTest.java

/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflowTest.java

=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/ServletTools.java
Fri Jan 25 11:23:16 2008
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2001-2007, JCatapult.org, All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the License.
- */
-package org.jcatapult.security.servlet;
-
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * <p>
- * This is a toolkit for common servlet methods.
- * </p>
- *
- * @author Brian Pontarelli
- */
-public class ServletTools {
- /**
- * Deterimes the URI that can be used in a redirect, which must
include the context path.
- *
- * @param httpRequest Used to get the context path.
- * @param uri The URI that is appended to the context path.
- * @return The context based URI.
- */
- public static String getContextURI(HttpServletRequest httpRequest,
String uri) {
- String context = httpRequest.getContextPath();
- if (context.equals("")) {
- return uri;
- }
-
- if (uri.startsWith("/")) {
- return context + uri;
- }
-
- return context + "/" + uri;
- }
-}
=======================================
--- /jcatapult-security/trunk/.classpath Tue Jun 9 13:46:47 2009
+++ /jcatapult-security/trunk/.classpath Wed Oct 14 17:10:55 2009
@@ -1,29 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER" />
- <classpathentry kind="src" path="src/conf/main" />
- <classpathentry kind="src" path="src/conf/test/integration"
output="target/classes/test/integration" />
- <classpathentry kind="src" path="src/conf/test/unit"
output="target/classes/test/unit" />
- <classpathentry kind="src" path="src/java/main" />
- <classpathentry kind="src" path="src/java/test/integration"
output="target/classes/test/integration" />
- <classpathentry kind="src" path="src/java/test/unit"
output="target/classes/test/unit" />
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/com/google/code/guice/guice/1.0/guice-1.0.jar"
sourcepath="/SAVANT_REPOSITORY/com/google/code/guice/guice/1.0/guice-1.0-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"
sourcepath="/SAVANT_REPOSITORY/javax/persistence/persistence-api/1.0/persistence-api-1.0-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/servlet/jsp/jsp-api/2.0/jsp-api-2.0.jar"
sourcepath="/SAVANT_REPOSITORY/javax/servlet/jsp/jsp-api/2.0/jsp-api-2.0-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"
sourcepath="/SAVANT_REPOSITORY/javax/servlet/servlet-api/2.4/servlet-api-2.4-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/net/java/dev/java-net-commons/java-net-commons/1.5/java-net-commons-1.5.jar"
sourcepath="/SAVANT_REPOSITORY/net/java/dev/java-net-commons/java-net-commons/1.5/java-net-commons-1.5-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-codec/1.3/commons-codec-1.3.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-codec/1.3/commons-codec-1.3-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-collections/3.1/commons-collections-3.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-collections/3.1/commons-collections-3.1-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-configuration/1.4/commons-configuration-1.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-configuration/1.4/commons-configuration-1.4-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-lang/2.3/commons-lang-2.3.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-lang/2.3/commons-lang-2.3-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-logging/1.1/commons-logging-1.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-logging/1.1/commons-logging-1.1-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/easymock/easymock/2.2/easymock-2.2.jar"
sourcepath="/SAVANT_REPOSITORY/org/easymock/easymock/2.2/easymock-2.2-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/freemarker/freemarker/2.3.12/freemarker-2.3.12.jar"
sourcepath="/SAVANT_REPOSITORY/org/freemarker/freemarker/2.3.12/freemarker-2.3.12-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/hsqldb/hsqldb/1.8.9/hsqldb-1.8.9.jar"
sourcepath="/SAVANT_REPOSITORY/org/hsqldb/hsqldb/1.8.9/hsqldb-1.8.9-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/jcatapult/jcatapult-core/1.0/jcatapult-core-1.0.jar"
sourcepath="/SAVANT_REPOSITORY/org/jcatapult/jcatapult-core/1.0/jcatapult-core-1.0-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/joda/joda-time/joda-time/1.4/joda-time-1.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/joda/joda-time/joda-time/1.4/joda-time-1.4-src.jar"
/>
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/junit/junit/4.4/junit-4.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/junit/junit/4.4/junit-4.4-src.jar" />
- <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/objectweb/asm/asm/3.1/asm-3.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/objectweb/asm/asm/3.1/asm-3.1-src.jar" />
- <classpathentry kind="output" path="target/classes/main" />
+ <classpathentry kind="src" path="src/java/main"/>
+ <classpathentry kind="src" path="src/conf/main"/>
+ <classpathentry kind="src" output="target/classes/test/unit"
path="src/conf/test/unit"/>
+ <classpathentry kind="src" output="target/classes/test/integration"
path="src/conf/test/integration"/>
+ <classpathentry kind="src" output="target/classes/test/integration"
path="src/java/test/integration"/>
+ <classpathentry kind="src" output="target/classes/test/unit"
path="src/java/test/unit"/>
+ <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/com/google/code/guice/guice/1.0/guice-1.0.jar"
sourcepath="/SAVANT_REPOSITORY/com/google/code/guice/guice/1.0/guice-1.0-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar"
sourcepath="/SAVANT_REPOSITORY/javax/persistence/persistence-api/1.0/persistence-api-1.0-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/servlet/jsp/jsp-api/2.0/jsp-api-2.0.jar"
sourcepath="/SAVANT_REPOSITORY/javax/servlet/jsp/jsp-api/2.0/jsp-api-2.0-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"
sourcepath="/SAVANT_REPOSITORY/javax/servlet/servlet-api/2.4/servlet-api-2.4-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/net/java/dev/java-net-commons/java-net-commons/1.5/java-net-commons-1.5.jar"
sourcepath="/SAVANT_REPOSITORY/net/java/dev/java-net-commons/java-net-commons/1.5/java-net-commons-1.5-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-codec/1.3/commons-codec-1.3.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-codec/1.3/commons-codec-1.3-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-collections/3.1/commons-collections-3.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-collections/3.1/commons-collections-3.1-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-configuration/1.4/commons-configuration-1.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-configuration/1.4/commons-configuration-1.4-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-lang/2.3/commons-lang-2.3.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-lang/2.3/commons-lang-2.3-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/apache/commons/commons-logging/1.1/commons-logging-1.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/apache/commons/commons-logging/1.1/commons-logging-1.1-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/easymock/easymock/2.2/easymock-2.2.jar"
sourcepath="/SAVANT_REPOSITORY/org/easymock/easymock/2.2/easymock-2.2-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/freemarker/freemarker/2.3.12/freemarker-2.3.12.jar"
sourcepath="/SAVANT_REPOSITORY/org/freemarker/freemarker/2.3.12/freemarker-2.3.12-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/hsqldb/hsqldb/1.8.9/hsqldb-1.8.9.jar"
sourcepath="/SAVANT_REPOSITORY/org/hsqldb/hsqldb/1.8.9/hsqldb-1.8.9-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/jcatapult/jcatapult-core/1.0.2/jcatapult-core-1.0.2.jar"
sourcepath="/SAVANT_REPOSITORY/org/jcatapult/jcatapult-core/1.0.2/jcatapult-core-1.0.2-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/joda/joda-time/joda-time/1.4/joda-time-1.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/joda/joda-time/joda-time/1.4/joda-time-1.4-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/junit/junit/4.4/junit-4.4.jar"
sourcepath="/SAVANT_REPOSITORY/org/junit/junit/4.4/junit-4.4-src.jar"/>
+ <classpathentry kind="var"
path="SAVANT_REPOSITORY/org/objectweb/asm/asm/3.1/asm-3.1.jar"
sourcepath="/SAVANT_REPOSITORY/org/objectweb/asm/asm/3.1/asm-3.1-src.jar"/>
+ <classpathentry kind="output"
path="target/classes/production/jcatapult-security"/>
</classpath>
-
=======================================
--- /jcatapult-security/trunk/jcatapult-security.eml Sat Mar 14 16:07:48
2009
+++ /jcatapult-security/trunk/jcatapult-security.eml Wed Oct 14 17:10:55
2009
@@ -1,10 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<component inherit-compiler-output="true">
- <exclude-output />
- <testFolder url="file://$MODULE_DIR$/src/java/test/integration" />
- <testFolder url="file://$MODULE_DIR$/src/java/test/unit" />
- <excludeFolder url="file://$MODULE_DIR$/target" />
- <excludeFolder url="file://$MODULE_DIR$/web/WEB-INF/classes" />
- <excludeFolder url="file://$MODULE_DIR$/web/WEB-INF/lib" />
+ <exclude-output/>
+ <contentEntry url="file://$MODULE_DIR$">
+ <testFolder url="file://$MODULE_DIR$/src/java/test/integration"/>
+ <testFolder url="file://$MODULE_DIR$/src/java/test/unit"/>
+ <excludeFolder url="file://$MODULE_DIR$/target"/>
+ <excludeFolder url="file://$MODULE_DIR$/target/classes"/>
+ <excludeFolder url="file://$MODULE_DIR$/web/WEB-INF/classes"/>
+ <excludeFolder url="file://$MODULE_DIR$/web/WEB-INF/lib"/>
+ <excludeFolder url="file://$MODULE_DIR$/target/classes"/>
+ </contentEntry>
</component>
-
=======================================
--- /jcatapult-security/trunk/jcatapult-security.ipr Tue Jun 9 13:46:47
2009
+++ /jcatapult-security/trunk/jcatapult-security.ipr Wed Oct 14 17:10:55
2009
@@ -95,69 +95,69 @@
<component name="IdProvider"
IDEtalkID="C3E10093AD37246DAE72198F2F6CDB7D" />
<component name="InspectionProjectProfileManager">
<option name="PROJECT_PROFILE" value="Project Default" />
- <option name="USE_PROJECT_LEVEL_SETTINGS" value="false" />
- <scopes />
+ <option name="USE_PROJECT_PROFILE" value="true" />
+ <version value="1.0" />
<profiles>
<profile version="1.0" is_locked="false">
<option name="myName" value="Project Default" />
<option name="myLocal" value="false" />
- <inspection_tool class="InfiniteLoopStatement" level="WARNING"
enabled="false" />
- <inspection_tool class="TrivialIf" level="WARNING" enabled="false"
/>
- <inspection_tool class="EmptyFinallyBlock" level="WARNING"
enabled="false" />
- <inspection_tool class="EmptyStatementBody" level="WARNING"
enabled="false">
- <option name="m_reportEmptyBlocks" value="false" />
- </inspection_tool>
- <inspection_tool class="StringEquality" level="WARNING"
enabled="false" />
- <inspection_tool class="StringToString" level="WARNING"
enabled="false" />
- <inspection_tool class="LoopStatementsThatDontLoop"
level="WARNING" enabled="false" />
- <inspection_tool class="InfiniteRecursion" level="WARNING"
enabled="false" />
- <inspection_tool class="ConstantConditions" level="WARNING"
enabled="false">
+ <inspection_tool class="BooleanConstructor" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="CloneCallsSuperClone" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="CloneDeclaresCloneNotSupported"
enabled="false" level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="ConstantConditions" enabled="false"
level="WARNING" enabled_by_default="false">
<option name="SUGGEST_NULLABLE_ANNOTATIONS" value="false" />
<option name="DONT_REPORT_TRUE_ASSERT_STATEMENTS" value="false"
/>
</inspection_tool>
- <inspection_tool class="EmptyCatchBlock" level="WARNING"
enabled="false">
+ <inspection_tool class="ContinueOrBreakFromFinallyBlock"
enabled="false" level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="EmptyCatchBlock" enabled="false"
level="WARNING" enabled_by_default="false">
<option name="m_includeComments" value="true" />
<option name="m_ignoreTestCases" value="true" />
<option name="m_ignoreIgnoreParameter" value="true" />
</inspection_tool>
- <inspection_tool
class="UnnecessaryTemporaryOnConversionFromString" level="WARNING"
enabled="false" />
- <inspection_tool class="UnusedAssignment" level="WARNING"
enabled="false">
- <option name="REPORT_PREFIX_EXPRESSIONS" value="false" />
- <option name="REPORT_POSTFIX_EXPRESSIONS" value="true" />
- <option name="REPORT_REDUNDANT_INITIALIZER" value="true" />
+ <inspection_tool class="EmptyFinallyBlock" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="EmptyStatementBody" enabled="false"
level="WARNING" enabled_by_default="false">
+ <option name="m_reportEmptyBlocks" value="false" />
</inspection_tool>
- <inspection_tool class="ForCanBeForeach" level="WARNING"
enabled="false">
- <option name="REPORT_INDEXED_LOOP" value="true" />
- </inspection_tool>
- <inspection_tool class="FinalizeCallsSuperFinalize"
level="WARNING" enabled="false">
+ <inspection_tool class="EmptyTryBlock" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="ExtendsObject" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="FinalPrivateMethod" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="FinalStaticMethod" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="FinalizeCallsSuperFinalize"
enabled="false" level="WARNING" enabled_by_default="false">
<option name="m_ignoreForObjectSubclasses" value="false" />
</inspection_tool>
- <inspection_tool class="UnnecessarySemicolon" level="WARNING"
enabled="false" />
- <inspection_tool class="PointlessArithmeticExpression"
level="WARNING" enabled="false">
+ <inspection_tool class="ForCanBeForeach" enabled="false"
level="WARNING" enabled_by_default="false">
+ <option name="REPORT_INDEXED_LOOP" value="true" />
+ </inspection_tool>
+ <inspection_tool class="InfiniteLoopStatement" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="InfiniteRecursion" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="LoopStatementsThatDontLoop"
enabled="false" level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="ManualArrayCopy" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="NoExplicitFinalizeCalls" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="PointlessArithmeticExpression"
enabled="false" level="WARNING" enabled_by_default="false">
<option name="m_ignoreExpressionsContainingConstants"
value="false" />
</inspection_tool>
- <inspection_tool class="UnnecessaryTemporaryOnConversionToString"
level="WARNING" enabled="false" />
- <inspection_tool class="UnusedLabel" level="WARNING"
enabled="false" />
- <inspection_tool class="BooleanConstructor" level="WARNING"
enabled="false" />
- <inspection_tool class="ExtendsObject" level="WARNING"
enabled="false" />
- <inspection_tool class="UnnecessaryBoxing" level="WARNING"
enabled="false" />
- <inspection_tool class="CloneCallsSuperClone" level="WARNING"
enabled="false" />
- <inspection_tool class="ReturnFromFinallyBlock" level="WARNING"
enabled="false" />
- <inspection_tool class="EmptyTryBlock" level="WARNING"
enabled="false" />
- <inspection_tool class="ManualArrayCopy" level="WARNING"
enabled="false" />
- <inspection_tool class="ThrowFromFinallyBlock" level="WARNING"
enabled="false" />
- <inspection_tool class="CloneDeclaresCloneNotSupported"
level="WARNING" enabled="false" />
- <inspection_tool class="RedundantCast" level="WARNING"
enabled="false" />
- <inspection_tool class="StringConstructor" level="WARNING"
enabled="false">
+ <inspection_tool class="RedundantCast" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="ReturnFromFinallyBlock" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="StringConstructor" enabled="false"
level="WARNING" enabled_by_default="false">
<option name="ignoreSubstringArguments" value="false" />
</inspection_tool>
- <inspection_tool class="UnnecessaryReturn" level="WARNING"
enabled="false" />
- <inspection_tool class="FinalStaticMethod" level="WARNING"
enabled="false" />
- <inspection_tool class="UnnecessaryUnboxing" level="WARNING"
enabled="false" />
- <inspection_tool class="NoExplicitFinalizeCalls" level="WARNING"
enabled="false" />
- <inspection_tool class="FinalPrivateMethod" level="WARNING"
enabled="false" />
- <inspection_tool class="ContinueOrBreakFromFinallyBlock"
level="WARNING" enabled="false" />
- <inspection_tool class="SynchronizeOnNonFinalField"
level="WARNING" enabled="false" />
+ <inspection_tool class="StringEquality" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="StringToString" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="SynchronizeOnNonFinalField"
enabled="false" level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="ThrowFromFinallyBlock" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="TrivialIf" enabled="false" level="WARNING"
enabled_by_default="false" />
+ <inspection_tool class="UnnecessaryBoxing" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="UnnecessaryReturn" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="UnnecessarySemicolon" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool
class="UnnecessaryTemporaryOnConversionFromString" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="UnnecessaryTemporaryOnConversionToString"
enabled="false" level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="UnnecessaryUnboxing" enabled="false"
level="WARNING" enabled_by_default="false" />
+ <inspection_tool class="UnusedAssignment" enabled="false"
level="WARNING" enabled_by_default="false">
+ <option name="REPORT_PREFIX_EXPRESSIONS" value="false" />
+ <option name="REPORT_POSTFIX_EXPRESSIONS" value="true" />
+ <option name="REPORT_REDUNDANT_INITIALIZER" value="true" />
+ </inspection_tool>
+ <inspection_tool class="UnusedLabel" enabled="false"
level="WARNING" enabled_by_default="false" />
</profile>
</profiles>
<list size="0" />
@@ -324,7 +324,9 @@
<component name="ProjectDetails">
<option name="projectName" value="jcatapult-security" />
</component>
- <component name="ProjectFileVersion" converted="true" />
+ <component name="ProjectDictionaryState">
+ <dictionary name="bpontarelli" />
+ </component>
<component name="ProjectKey">
<option name="state"
value="https://jcatapult.googlecode.com/svn/jcatapult-security/trunk/jcatapult-security.ipr"
/>
</component>
=======================================
--- /jcatapult-security/trunk/project.xml Tue Jun 9 13:46:47 2009
+++ /jcatapult-security/trunk/project.xml Wed Oct 14 17:10:55 2009
@@ -1,7 +1,7 @@
-<project xmlns="http://www.inversoft.com/schemas/savant-2.0/project"
+<project xmlns="http://www.inversoft.com/schemas/savant-1.5/project"
name="jcatapult-security"
group="jcatapult.org"
- version="1.0.1">
+ version="1.0.2">

- <property name="version.jcatapult" value="1.0"/>
+ <property name="version.jcatapult" value="1.0.2"/>

<dependencies>
<artifact-group type="compile-only">
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/auth/ConfiguredAuthorizer.java
Tue Apr 7 15:12:57 2009
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/auth/ConfiguredAuthorizer.java
Wed Oct 14 17:10:55 2009
@@ -20,6 +20,7 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.logging.Level;
import java.util.logging.Logger;

import org.jcatapult.security.UserAdapter;
@@ -108,7 +109,10 @@

public void authorize(Object user, String resource) throws
AuthorizationException, NotLoggedInException {
Set<String> roles = user != null ? userAdapter.getRoles(user) :
null;
- logger.finest("Authorizing user for roles [" + roles + "]");
+ if (logger.isLoggable(Level.FINEST)) {
+ logger.finest("Authorizing user for roles [" + roles + "]");
+ }
+
for (ResourceAuth resourceAuth : resourceAuths) {
boolean equal = resource.equals(resourceAuth.resource);
if (equal || (resource.startsWith(resourceAuth.resource) &&
(resourceAuth.dirWildcard || resourceAuth.subDirWildcard))) {
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/saved/DefaultSavedRequestService.java
Tue Jun 9 15:26:00 2009
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/saved/DefaultSavedRequestService.java
Wed Oct 14 17:10:55 2009
@@ -117,7 +117,11 @@
*/
public HttpServletRequest mockSavedRequest(HttpServletRequest request)
{
// See if there is a saved request
- HttpSession session = request.getSession(true);
+ HttpSession session = request.getSession(false);
+ if (session == null) {
+ return request;
+ }
+
SavedHttpRequest saved = (SavedHttpRequest)
session.getAttribute(POST_LOGIN_KEY);
if (saved != null && SecurityContext.getCurrentUser() != null) {
session.removeAttribute(POST_LOGIN_KEY);
@@ -131,7 +135,11 @@
* {@inheritDoc}
*/
public SavedHttpRequest getSavedRequest(HttpServletRequest request) {
- HttpSession session = request.getSession(true);
+ HttpSession session = request.getSession(false);
+ if (session == null) {
+ return null;
+ }
+
return (SavedHttpRequest) session.getAttribute(LOGIN_KEY);
}
}
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/FacadeHttpServletRequest.java
Wed Jul 9 15:53:44 2008
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/FacadeHttpServletRequest.java
Wed Oct 14 17:10:55 2009
@@ -46,18 +46,26 @@
/**
* Constructs a new request facade.
*
- * @param httpServletRequest The request to wrap.
- * @param uri The new URI.
+ * @param request The request to wrap.
+ * @param uri The new URI within the current context. You can't
facade out a URI to another
+ * context here. This URI should NOT include the context
path. It is appended inside
+ * this method.
* @param parameters Any additional parameters.
* @param proxy Determines if the parameter lookups are proxied to
the wrapped request. When
* this is true, they are proxied to the wrapped request if
the parameter map passed to
* the constructor doesn't contain the parameter. If this is
false, only the parameter
* map passed to the constructor is used.
*/
- public FacadeHttpServletRequest(HttpServletRequest httpServletRequest,
String uri,
- Map<String, String[]> parameters, boolean proxy) {
- super(httpServletRequest);
- this.uri = uri;
+ public FacadeHttpServletRequest(HttpServletRequest request, String
uri, Map<String, String[]> parameters,
+ boolean proxy) {
+ super(request);
+
+ if (uri != null) {
+ this.uri = request.getContextPath() + uri;
+ } else {
+ this.uri = null;
+ }
+
this.parameters = parameters;
this.proxy = proxy;
}
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflow.java
Sun Aug 17 14:45:04 2008
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflow.java
Wed Oct 14 17:10:55 2009
@@ -23,6 +23,7 @@
import org.jcatapult.security.auth.AuthorizationException;
import org.jcatapult.security.auth.Authorizer;
import org.jcatapult.security.auth.NotLoggedInException;
+import org.jcatapult.servlet.ServletTools;
import org.jcatapult.servlet.WorkflowChain;

import com.google.inject.Inject;
@@ -88,7 +89,7 @@
* @throws ServletException If the chain throws.
*/
public void perform(WorkflowChain workflowChain) throws IOException,
ServletException {
- String uri = request.getRequestURI();
+ String uri = ServletTools.getRequestURI(request);
Object user = EnhancedSecurityContext.getCurrentUser();

try {
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/login/DefaultLoginWorkflow.java
Sun Aug 17 15:04:01 2008
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/login/DefaultLoginWorkflow.java
Wed Oct 14 17:10:55 2009
@@ -22,6 +22,7 @@
import org.jcatapult.security.JCatapultSecurityException;
import org.jcatapult.security.config.SecurityConfiguration;
import org.jcatapult.security.login.LoginService;
+import org.jcatapult.servlet.ServletTools;
import org.jcatapult.servlet.WorkflowChain;

import com.google.inject.Inject;
@@ -60,7 +61,8 @@
public void perform(WorkflowChain chain) throws IOException,
ServletException {
String username = request.getParameter(userNameParameter);
String password = request.getParameter(passwordParameter);
- if (request.getRequestURI().equals(loginURI)) {
+ String uri = ServletTools.getRequestURI(request);
+ if (uri.equals(loginURI)) {
if (username == null || password == null) {
throw new ServletException("The login form must have a
username and password field named " +
"[" + userNameParameter + "] and [" +
passwordParameter + "] respectively.");
=======================================
---
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflow.java
Sun Aug 17 14:45:04 2008
+++
/jcatapult-security/trunk/src/java/main/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflow.java
Wed Oct 14 17:10:55 2009
@@ -25,7 +25,6 @@
import org.jcatapult.security.config.SecurityConfiguration;
import org.jcatapult.security.saved.SavedRequestService;
import org.jcatapult.security.servlet.FacadeHttpServletRequest;
-import static org.jcatapult.security.servlet.ServletTools.*;
import org.jcatapult.security.servlet.auth.NotLoggedInHandler;
import org.jcatapult.security.servlet.login.PostLoginHandler;
import org.jcatapult.servlet.WorkflowChain;
@@ -120,7 +119,7 @@
public void handle(WorkflowChain workflowChain) throws
ServletException, IOException {
String uri = savedRequestService.processSavedRequest(request);
if (uri != null) {
- response.sendRedirect(getContextURI(request, uri));
+ response.sendRedirect(uri);
} else {
HttpServletRequestWrapper wrapper =
(HttpServletRequestWrapper) request;
HttpServletRequest previous = (HttpServletRequest)
wrapper.getRequest();
=======================================
---
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationExceptionHandlerTest.java
Sun Jul 6 17:20:45 2008
+++
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationExceptionHandlerTest.java
Wed Oct 14 17:10:55 2009
@@ -47,6 +47,7 @@
AuthorizationException exception = new AuthorizationException();

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getContextPath()).andReturn("");
request.setAttribute("jcatapult_authorization_exception",
exception);
EasyMock.replay(request);

@@ -59,6 +60,39 @@
}
};

+ HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
+ ServletObjectsHolder.clearServletRequest();
+ ServletObjectsHolder.setServletRequest(wrapper);
+
+ DefaultAuthorizationExceptionHandler dleh = new
DefaultAuthorizationExceptionHandler(
+ wrapper, new DefaultSecurityConfiguration(c));
+ dleh.handle(exception, wc);
+ assertTrue(called.get());
+ EasyMock.verify(c, request);
+ }
+
+ @Test
+ public void testHandleContext() throws IOException, ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.authorization.restricted-uri", "/not-authorized")).andReturn("/not-authorized");
+ EasyMock.replay(c);
+
+ AuthorizationException exception = new AuthorizationException();
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ request.setAttribute("jcatapult_authorization_exception",
exception);
+ EasyMock.replay(request);
+
+ final AtomicBoolean called = new AtomicBoolean(false);
+ WorkflowChain wc = new WorkflowChain() {
+ public void continueWorkflow() throws IOException,
ServletException {
+ assertTrue(ServletObjectsHolder.getServletRequest()
instanceof HttpServletRequestWrapper);
+ assertEquals("/context/not-authorized",
ServletObjectsHolder.getServletRequest().getRequestURI());
+ called.set(true);
+ }
+ };
+
HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
ServletObjectsHolder.clearServletRequest();
ServletObjectsHolder.setServletRequest(wrapper);
=======================================
---
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflowTest.java
Sun Aug 17 14:45:04 2008
+++
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/auth/DefaultAuthorizationWorkflowTest.java
Wed Oct 14 17:10:55 2009
@@ -48,6 +48,7 @@

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
EasyMock.expect(request.getRequestURI()).andReturn("/foo");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.replay(request);

EnhancedSecurityContext.setProvider(new
JCatapultSecurityContextProvider(null));
@@ -61,6 +62,33 @@
aw.perform(null);
EasyMock.verify(a, request, aeh);
}
+
+ @Test
+ public void testUnauthorizedContext() throws IOException,
ServletException {
+ Object user = new Object();
+
+ AuthorizationException ue = new AuthorizationException();
+ Authorizer a = EasyMock.createStrictMock(Authorizer.class);
+ a.authorize(user, "/foo");
+ EasyMock.expectLastCall().andThrow(ue);
+ EasyMock.replay(a);
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getRequestURI()).andReturn("/context/foo");
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ EasyMock.replay(request);
+
+ EnhancedSecurityContext.setProvider(new
JCatapultSecurityContextProvider(null));
+ EnhancedSecurityContext.login(user);
+
+ AuthorizationExceptionHandler aeh =
EasyMock.createStrictMock(AuthorizationExceptionHandler.class);
+ aeh.handle(ue, null);
+ EasyMock.replay(aeh);
+
+ DefaultAuthorizationWorkflow aw = new
DefaultAuthorizationWorkflow(request, a, null, aeh);
+ aw.perform(null);
+ EasyMock.verify(a, request, aeh);
+ }

@Test
public void testNotLoggedIn() throws IOException, ServletException {
@@ -74,6 +102,7 @@

EnhancedSecurityContext.setProvider(new
JCatapultSecurityContextProvider(null));
@@ -98,6 +127,7 @@

WorkflowChain wc = EasyMock.createStrictMock(WorkflowChain.class);
=======================================
---
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginExceptionHandlerTest.java
Sun Jul 6 17:20:45 2008
+++
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginExceptionHandlerTest.java
Wed Oct 14 17:10:55 2009
@@ -47,6 +47,7 @@
InvalidUsernameException exception = new
InvalidUsernameException();

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getContextPath()).andReturn("");
request.setAttribute("jcatapult_security_login_exception",
exception);
EasyMock.replay(request);

@@ -63,6 +64,38 @@
ServletObjectsHolder.clearServletRequest();
ServletObjectsHolder.setServletRequest(wrapper);

+ DefaultLoginExceptionHandler dleh = new
DefaultLoginExceptionHandler(wrapper, new DefaultSecurityConfiguration(c));
+ dleh.handle(exception, wc);
+ assertTrue(called.get());
+ EasyMock.verify(c, request);
+ }
+
+ @Test
+ public void testHandleContext() throws IOException, ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.login.failed-uri", "/login-failed")).andReturn("/login-failed");
+ EasyMock.replay(c);
+
+ InvalidUsernameException exception = new
InvalidUsernameException();
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ request.setAttribute("jcatapult_security_login_exception",
exception);
+ EasyMock.replay(request);
+
+ final AtomicBoolean called = new AtomicBoolean(false);
+ WorkflowChain wc = new WorkflowChain() {
+ public void continueWorkflow() throws IOException,
ServletException {
+ assertTrue(ServletObjectsHolder.getServletRequest()
instanceof HttpServletRequestWrapper);
+ assertEquals("/context/login-failed",
ServletObjectsHolder.getServletRequest().getRequestURI());
+ called.set(true);
+ }
+ };
+
+ HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
+ ServletObjectsHolder.clearServletRequest();
+ ServletObjectsHolder.setServletRequest(wrapper);
+
DefaultLoginExceptionHandler dleh = new
DefaultLoginExceptionHandler(wrapper, new DefaultSecurityConfiguration(c));
dleh.handle(exception, wc);
assertTrue(called.get());
=======================================
---
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginWorkflowTest.java
Sun Aug 17 15:04:01 2008
+++
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/login/DefaultLoginWorkflowTest.java
Wed Oct 14 17:10:55 2009
@@ -49,6 +49,7 @@

EasyMock.expect(request.getParameter("j_username")).andReturn(null);

EasyMock.expect(request.getParameter("j_password")).andReturn(null);
EasyMock.expect(request.getRequestURI()).andReturn("/not-login");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.replay(request);

WorkflowChain wc = EasyMock.createStrictMock(WorkflowChain.class);
@@ -74,6 +75,7 @@

EasyMock.expect(request.getParameter("j_username")).andReturn("test-username");

EasyMock.expect(request.getParameter("j_password")).andReturn("test-password");

EasyMock.expect(request.getRequestURI()).andReturn("/jcatapult-security-check");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.replay(request);

@@ -94,6 +96,41 @@

EasyMock.verify(c, request, wc, ls, plh);
}
+
+ @Test
+ public void testSuccessfulLoginContext() throws IOException,
ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.login.submit-uri", "/jcatapult-security-check")).andReturn("/jcatapult-security-check");
+
EasyMock.expect(c.getString("jcatapult.security.login.username-parameter", "j_username")).andReturn("j_username");
+
EasyMock.expect(c.getString("jcatapult.security.login.password-parameter", "j_password")).andReturn("j_password");
+ EasyMock.replay(c);
+
+ Map<String, Object> params = new HashMap<String, Object>();
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+
EasyMock.expect(request.getParameter("j_username")).andReturn("test-username");
+
EasyMock.expect(request.getParameter("j_password")).andReturn("test-password");
+
EasyMock.expect(request.getRequestURI()).andReturn("/context/jcatapult-security-check");
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ EasyMock.expect(request.getParameterMap()).andReturn(params);
+ EasyMock.replay(request);
+
+ WorkflowChain wc = EasyMock.createStrictMock(WorkflowChain.class);
+ EasyMock.replay(wc);
+
+ Object user = new Object();
+ LoginService ls = EasyMock.createStrictMock(LoginService.class);
+ EasyMock.expect(ls.login("test-username", "test-password",
params)).andReturn(user);
+ EasyMock.replay(ls);
+
+ PostLoginHandler plh =
EasyMock.createStrictMock(PostLoginHandler.class);
+ plh.handle(wc);
+ EasyMock.replay(plh);
+
+ DefaultLoginWorkflow lw = new DefaultLoginWorkflow(request, ls,
new DefaultSecurityConfiguration(c), null, plh);
+ lw.perform(wc);
+
+ EasyMock.verify(c, request, wc, ls, plh);
+ }

@Test
public void testFailedLogin() throws IOException, ServletException {
@@ -108,6 +145,7 @@

EasyMock.expect(request.getParameter("j_username")).andReturn("test-username");

EasyMock.expect(request.getParameter("j_password")).andReturn("test-password");

EasyMock.expect(request.getRequestURI()).andReturn("/jcatapult-security-check");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.replay(request);

@@ -141,6 +179,7 @@

EasyMock.expect(request.getParameter("j_username")).andReturn("test-username");

EasyMock.expect(request.getParameter("j_password")).andReturn("test-password");
EasyMock.expect(request.getRequestURI()).andReturn("/not-login");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.replay(request);

@@ -172,6 +211,7 @@

EasyMock.expect(request.getParameter("j_username")).andReturn("test-username");

EasyMock.expect(request.getParameter("j_password")).andReturn("test-password");
EasyMock.expect(request.getRequestURI()).andReturn("/not-login");
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.replay(request);

=======================================
---
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflowTest.java
Sun Aug 17 14:45:04 2008
+++
/jcatapult-security/trunk/src/java/test/unit/org/jcatapult/security/servlet/saved/DefaultSavedRequestWorkflowTest.java
Wed Oct 14 17:10:55 2009
@@ -21,10 +21,12 @@
import java.util.concurrent.atomic.AtomicBoolean;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.servlet.http.HttpServletRequestWrapper;
-
+
+import static net.java.util.CollectionTools.*;
+import static net.java.util.Pair.*;
import org.apache.commons.configuration.Configuration;
import org.easymock.EasyMock;
import org.jcatapult.security.SecurityContext;
@@ -39,9 +41,6 @@
import static org.junit.Assert.*;
import org.junit.Test;

-import static net.java.util.CollectionTools.*;
-import static net.java.util.Pair.*;
-
/**
* <p>
* This tests the default login exception handler.
@@ -62,7 +61,7 @@
EasyMock.replay(session);

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
- EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getSession(false)).andReturn(session);
EasyMock.replay(request);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -91,7 +90,7 @@
EasyMock.replay(session);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -122,7 +121,7 @@

EasyMock.expect(c.getString("jcatapult.security.login.success-uri", "/login-success")).andReturn("/login-success");
EasyMock.replay(c);

- SavedHttpRequest sr = new SavedHttpRequest("/foo", map(p("id", new
String[]{"1"})));
+ SavedHttpRequest sr = new SavedHttpRequest("/context/foo",
map(p("id", new String[]{"1"})));
HttpSession session = EasyMock.createStrictMock(HttpSession.class);

EasyMock.expect(session.getAttribute(DefaultSavedRequestWorkflow.LOGIN_KEY)).andReturn(sr);
session.removeAttribute(DefaultSavedRequestWorkflow.LOGIN_KEY);
@@ -131,7 +130,6 @@

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
EasyMock.expect(request.getSession(true)).andReturn(session);
- EasyMock.expect(request.getContextPath()).andReturn("/context");
EasyMock.replay(request);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -156,6 +154,7 @@

HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.replay(request);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -179,6 +178,44 @@
assertTrue(called.get());
EasyMock.verify(c, request, response, session);
}
+
+ @Test
+ public void testPostLoginHandleWithNoSavedRequestContext() throws
IOException, ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.authorization.not-logged-in-uri", "/not-logged-in")).andReturn("/not-logged-in");
+
EasyMock.expect(c.getString("jcatapult.security.login.success-uri", "/login-success")).andReturn("/login-success");
+ EasyMock.replay(c);
+
+ HttpSession session = EasyMock.createStrictMock(HttpSession.class);
+
EasyMock.expect(session.getAttribute(DefaultSavedRequestWorkflow.LOGIN_KEY)).andReturn(null);
+ EasyMock.replay(session);
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ EasyMock.replay(request);
+
+ HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
+ EasyMock.replay(response);
+
+ final AtomicBoolean called = new AtomicBoolean(false);
+ WorkflowChain wc = new WorkflowChain() {
+ public void continueWorkflow() throws IOException,
ServletException {
+
assertTrue(ServletObjectsHolder.getServletRequest().getRequest() instanceof
FacadeHttpServletRequest);
+ assertEquals("/context/login-success",
ServletObjectsHolder.getServletRequest().getRequestURI());
+ called.set(true);
+ }
+ };
+
+ HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
+ ServletObjectsHolder.clearServletRequest();
+ ServletObjectsHolder.setServletRequest(wrapper);
+
+ DefaultSavedRequestWorkflow srw = new
DefaultSavedRequestWorkflow(wrapper, response, new
DefaultSecurityConfiguration(c), new DefaultSavedRequestService());
+ srw.handle(wc);
+ assertTrue(called.get());
+ EasyMock.verify(c, request, response, session);
+ }

@Test
public void testPostLoginHandleWithSavedRequestAfterGet() throws
IOException, ServletException {
@@ -195,9 +232,34 @@

+ HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
+ response.sendRedirect("/foo");
+ EasyMock.replay(response);
+
+ DefaultSavedRequestWorkflow srw = new
DefaultSavedRequestWorkflow(new HttpServletRequestWrapper(request),
response, new DefaultSecurityConfiguration(c), new
DefaultSavedRequestService());
+ srw.handle(null);
+ EasyMock.verify(c, request, response, session);
+ }
+
+ @Test
+ public void testPostLoginHandleWithSavedRequestAfterGetContext()
throws IOException, ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.authorization.not-logged-in-uri", "/not-logged-in")).andReturn("/not-logged-in");
+
EasyMock.expect(c.getString("jcatapult.security.login.success-uri", "/login-success")).andReturn("/login-success");
+ EasyMock.replay(c);
+
+ SavedHttpRequest sr = new SavedHttpRequest("/context/foo", null);
+ HttpSession session = EasyMock.createStrictMock(HttpSession.class);
+
EasyMock.expect(session.getAttribute(DefaultSavedRequestWorkflow.LOGIN_KEY)).andReturn(sr);
+ session.removeAttribute(DefaultSavedRequestWorkflow.LOGIN_KEY);
+ EasyMock.replay(session);
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.replay(request);
+
HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
response.sendRedirect("/context/foo");
EasyMock.replay(response);
@@ -224,6 +286,7 @@
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.expect(request.getRequestURL()).andReturn(new
StringBuffer("http://www.example.com/foo/bar"));
EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.replay(request);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -247,6 +310,48 @@
EasyMock.verify(c, request, response, session);
assertTrue(called.get());
}
+
+ @Test
+ public void testNotLoggedInHandleContext() throws IOException,
ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.authorization.not-logged-in-uri", "/not-logged-in")).andReturn("/not-logged-in");
+
EasyMock.expect(c.getString("jcatapult.security.login.success-uri", "/login-success")).andReturn("/login-success");
+ EasyMock.replay(c);
+
+ HttpSession session = EasyMock.createStrictMock(HttpSession.class);
+
session.setAttribute(EasyMock.eq(DefaultSavedRequestWorkflow.LOGIN_KEY),
EasyMock.eq(new SavedHttpRequest("/context/foo/bar?id=1", null)));
+ EasyMock.replay(session);
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getMethod()).andReturn("GET");
+ Map<String, String[]> params = map(p("id", new String[]{"1"}));
+ EasyMock.expect(request.getParameterMap()).andReturn(params);
+ EasyMock.expect(request.getRequestURL()).andReturn(new
StringBuffer("http://www.example.com/context/foo/bar"));
+ EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ EasyMock.replay(request);
+
+ HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
+ EasyMock.replay(response);
+
+ final AtomicBoolean called = new AtomicBoolean(false);
+ WorkflowChain wc = new WorkflowChain() {
+ public void continueWorkflow() throws IOException,
ServletException {
+
assertTrue(ServletObjectsHolder.getServletRequest().getRequest() instanceof
FacadeHttpServletRequest);
+ assertEquals("/context/not-logged-in",
ServletObjectsHolder.getServletRequest().getRequestURI());
+ called.set(true);
+ }
+ };
+
+ HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
+ ServletObjectsHolder.clearServletRequest();
+ ServletObjectsHolder.setServletRequest(wrapper);
+
+ DefaultSavedRequestWorkflow srw = new
DefaultSavedRequestWorkflow(wrapper, response, new
DefaultSecurityConfiguration(c), new DefaultSavedRequestService());
+ srw.handle(new NotLoggedInException(), wc);
+ EasyMock.verify(c, request, response, session);
+ assertTrue(called.get());
+ }

@Test
public void testNotLoggedInHandlePost() throws IOException,
ServletException {
@@ -265,6 +370,7 @@
EasyMock.expect(request.getParameterMap()).andReturn(params);
EasyMock.expect(request.getRequestURI()).andReturn("/foo/bar");
EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("");
EasyMock.replay(request);

HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
@@ -279,6 +385,48 @@
}
};

+ HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
+ ServletObjectsHolder.clearServletRequest();
+ ServletObjectsHolder.setServletRequest(wrapper);
+
+ DefaultSavedRequestWorkflow srw = new
DefaultSavedRequestWorkflow(wrapper, response, new
DefaultSecurityConfiguration(c), new DefaultSavedRequestService());
+ srw.handle(new NotLoggedInException(), wc);
+ EasyMock.verify(c, request, response, session);
+ assertTrue(called.get());
+ }
+
+ @Test
+ public void testNotLoggedInHandlePostContext() throws IOException,
ServletException {
+ Configuration c = EasyMock.createStrictMock(Configuration.class);
+
EasyMock.expect(c.getString("jcatapult.security.authorization.not-logged-in-uri", "/not-logged-in")).andReturn("/not-logged-in");
+
EasyMock.expect(c.getString("jcatapult.security.login.success-uri", "/login-success")).andReturn("/login-success");
+ EasyMock.replay(c);
+
+ Map<String, String[]> params = map(p("id", new String[]{"1"}));
+ HttpSession session = EasyMock.createStrictMock(HttpSession.class);
+
session.setAttribute(EasyMock.eq(DefaultSavedRequestWorkflow.LOGIN_KEY),
EasyMock.eq(new SavedHttpRequest("/context/foo/bar", params)));
+ EasyMock.replay(session);
+
+ HttpServletRequest request =
EasyMock.createStrictMock(HttpServletRequest.class);
+ EasyMock.expect(request.getMethod()).andReturn("POST");
+ EasyMock.expect(request.getParameterMap()).andReturn(params);
+
EasyMock.expect(request.getRequestURI()).andReturn("/context/foo/bar");
+ EasyMock.expect(request.getSession(true)).andReturn(session);
+ EasyMock.expect(request.getContextPath()).andReturn("/context");
+ EasyMock.replay(request);
+
+ HttpServletResponse response =
EasyMock.createStrictMock(HttpServletResponse.class);
+ EasyMock.replay(response);
+
+ final AtomicBoolean called = new AtomicBoolean(false);
+ WorkflowChain wc = new WorkflowChain() {
+ public void continueWorkflow() throws IOException,
ServletException {
+
assertTrue(ServletObjectsHolder.getServletRequest().getRequest() instanceof
FacadeHttpServletRequest);
+ assertEquals("/context/not-logged-in",
ServletObjectsHolder.getServletRequest().getRequestURI());
+ called.set(true);
+ }
+ };
+
HttpServletRequestWrapper wrapper = new
HttpServletRequestWrapper(request);
ServletObjectsHolder.clearServletRequest();
ServletObjectsHolder.setServletRequest(wrapper);

Reply all

Reply to author

Forward

0 new messages