|
From: Christopher S. <chr...@us...> - 2007-11-07 17:27:30
|
Update of /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv30079/src/test/org/securityfilter/test/http/form Added Files: TransportGuaranteeTest.java Log Message: Added support for <user-data-constraint>, specifically <transport-guarantee>. --- NEW FILE: TransportGuaranteeTest.java --- /* * $Header: /cvsroot/securityfilter/securityfilter/src/test/org/securityfilter/test/http/form/TransportGuaranteeTest.java,v 1.1 2007/11/07 17:22:39 chris_schultz Exp $ * $Revision: 1.1 $ * $Date: 2007/11/07 17:22:39 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 * * (this license is derived and fully compatible with the Apache Software * License - see http://www.apache.org/LICENSE.txt) * * Copyright (c) 2007 SecurityFilter.org. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by * SecurityFilter.org (http://www.securityfilter.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The name "SecurityFilter" must not be used to endorse or promote * products derived from this software without prior written permission. * For written permission, please contact li...@se... . * * 5. Products derived from this software may not be called "SecurityFilter", * nor may "SecurityFilter" appear in their name, without prior written * permission of SecurityFilter.org. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE SECURITY FILTER PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ package org.securityfilter.test.http.form; import com.meterware.httpunit.*; import junit.framework.Assert; import org.securityfilter.example.Constants; import org.securityfilter.test.http.TestBase; import org.securityfilter.authenticator.FormAuthenticator; /** * ForwardAfterLoginTest - test forward-afterlogin behavior. * * @author Chris Schultz (ch...@ch...) * @version $Revision: 1.1 $ $Date: 2007/11/07 17:22:39 $ */ public class TransportGuaranteeTest extends TestBase { public TransportGuaranteeTest(String name) { super(name); } public void testNoSSLUpgrade() throws Exception { // request the login page WebConversation session = new WebConversation(); // Disable automatic redirection so we can detect it ourselves. session.getClientProperties().setAutoRedirect(false); WebRequest request = new GetMethodWebRequest(baseUrl + "/regularPage.jsp"); WebResponse response = session.getResponse(request); String location = response.getHeaderField("Location"); Assert.assertNull(location); } public void testIntegralRequirement() throws Exception { // request the login page WebConversation session = new WebConversation(); // Disable automatic redirection so we can detect it ourselves. session.getClientProperties().setAutoRedirect(false); WebRequest request = new GetMethodWebRequest(baseUrl + "/integral.jsp"); WebResponse response = session.getResponse(request); String location = response.getHeaderField("Location"); Assert.assertNotNull(location); // Remove any ";jsessionid" parameter. if(0 <= location.indexOf(";jsessionid=")) location = location.replaceAll(";jsessionid=[a-fA-F0-9]+", ""); // Check for correct redirect (fully-qualified URL) String url = baseUrl.replace("http://", "https://").replaceAll(":[0-9]+", ""); Assert.assertEquals(url + "/integral.jsp", location); } public void testConfidentialRequirement() throws Exception { // request the login page WebConversation session = new WebConversation(); // Disable automatic redirection so we can detect it ourselves. session.getClientProperties().setAutoRedirect(false); WebRequest request = new GetMethodWebRequest(baseUrl + "/confidential.html"); WebResponse response = session.getResponse(request); String location = response.getHeaderField("Location"); Assert.assertNotNull(location); // Remove any ";jsessionid" parameter. if(0 <= location.indexOf(";jsessionid=")) location = location.replaceAll(";jsessionid=[a-fA-F0-9]+", ""); // Check for correct redirect (fully-qualified URL) String url = baseUrl.replace("http://", "https://").replaceAll(":[0-9]+", ""); Assert.assertEquals(url + "/confidential.html", location); } } |
