git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright © 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.authentication.client;
  24
  25 import javax.ws.rs.core.MediaType;
  26 import javax.ws.rs.core.Response;
  27 import org.jboss.resteasy.client.ClientResponse;
  28 import org.testng.Assert;
  29 import org.testng.annotations.Test;
  30
  31 import org.collectionspace.services.collectionobject.CollectionobjectsCommon;
  32 import org.collectionspace.services.client.CollectionObjectClient;
  33 import org.collectionspace.services.client.CollectionSpaceClient;
  34 import org.collectionspace.services.client.test.AbstractServiceTest;
  35 import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
  36 import org.jboss.resteasy.plugins.providers.multipart.OutputPart;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39
  40 /**
  41  * AuthenticationServiceTest uses CollectionObject service to test authentication
  42  *
  43  * $LastChangedRevision: 434 $
  44  * $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue, 28 Jul 2009) $
  45  */
  46 public class AuthenticationServiceTest extends AbstractServiceTest {
  47
  48     final String SERVICE_PATH_COMPONENT = "collectionobjects";
  49     private String knownResourceId = null;
  50     final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  51
  52     @Override
  53     public String getServicePathComponent() {
  54         // @TODO Determine if it is possible to obtain this
  55         // value programmatically.
  56         //
  57         // We set this in an annotation in the CollectionObjectProxy
  58         // interface, for instance.  We also set service-specific
  59         // constants in each service module, which might also
  60         // return this value.
  61         return SERVICE_PATH_COMPONENT;
  62     }
  63
  64     @Test
  65     @Override
  66     public void create() {
  67         String identifier = this.createIdentifier();
  68         MultipartOutput multipart = createCollectionObjectInstance(identifier);
  69         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  70         if(!collectionObjectClient.isServerSecure()){
  71             logger.warn("set -Dcspace.server.secure=true to run security tests");
  72             return;
  73         }
  74         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
  75         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
  76         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
  77         try{
  78             collectionObjectClient.setupHttpClient();
  79             collectionObjectClient.setProxy();
  80         }catch(Exception e){
  81             logger.error("create: caught " + e.getMessage());
  82             return;
  83         }
  84         ClientResponse<Response> res = collectionObjectClient.create(multipart);
  85         verbose("create: status = " + res.getStatus());
  86         Assert.assertEquals(res.getStatus(), Response.Status.CREATED.getStatusCode(),
  87                 "expected " + Response.Status.CREATED.getStatusCode());
  88
  89         // Store the ID returned from this create operation for additional tests below.
  90         knownResourceId = extractId(res);
  91     }
  92
  93     @Test(dependsOnMethods = {"create"})
  94     public void createWithoutUser() {
  95         String identifier = this.createIdentifier();
  96         MultipartOutput multipart = createCollectionObjectInstance(identifier);
  97         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  98         if(!collectionObjectClient.isServerSecure()){
  99             logger.warn("set -Dcspace.server.secure=true to run security tests");
 100             return;
 101         }
 102         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 103         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
 104         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
 105         try{
 106             collectionObjectClient.setupHttpClient();
 107             collectionObjectClient.setProxy();
 108         }catch(Exception e){
 109             logger.error("createWithoutUser: caught " + e.getMessage());
 110             return;
 111         }
 112         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 113         verbose("createWithoutUser: status = " + res.getStatus());
 114         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 115                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 116     }
 117
 118     @Test(dependsOnMethods = {"createWithoutUser"})
 119     public void createWithoutPassword() {
 120         String identifier = this.createIdentifier();
 121         MultipartOutput multipart = createCollectionObjectInstance(identifier);
 122         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 123         if(!collectionObjectClient.isServerSecure()){
 124             logger.warn("set -Dcspace.server.secure=true to run security tests");
 125             return;
 126         }
 127         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 128         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 129         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 130         try{
 131             collectionObjectClient.setupHttpClient();
 132             collectionObjectClient.setProxy();
 133         }catch(Exception e){
 134             logger.error("createWithoutPassword: caught " + e.getMessage());
 135             return;
 136         }
 137         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 138         verbose("createWithoutPassword: status = " + res.getStatus());
 139         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 140                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 141     }
 142
 143     @Test(dependsOnMethods = {"createWithoutPassword"})
 144     public void createWithIncorrectPassword() {
 145         String identifier = this.createIdentifier();
 146         MultipartOutput multipart = createCollectionObjectInstance(identifier);
 147         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 148         if(!collectionObjectClient.isServerSecure()){
 149             logger.warn("set -Dcspace.server.secure=true to run security tests");
 150             return;
 151         }
 152         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 153         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 154         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 155         try{
 156             collectionObjectClient.setupHttpClient();
 157             collectionObjectClient.setProxy();
 158         }catch(Exception e){
 159             logger.error("createWithIncorrectPassword: caught " + e.getMessage());
 160             return;
 161         }
 162         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 163         verbose("createWithIncorrectPassword: status = " + res.getStatus());
 164         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 165                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 166     }
 167
 168     @Test(dependsOnMethods = {"createWithoutPassword"})
 169     public void createWithoutUserPassword() {
 170         String identifier = this.createIdentifier();
 171         MultipartOutput multipart = createCollectionObjectInstance(identifier);
 172         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 173         if(!collectionObjectClient.isServerSecure()){
 174             logger.warn("set -Dcspace.server.secure=true to run security tests");
 175             return;
 176         }
 177         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 178         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
 179         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 180         try{
 181             collectionObjectClient.setupHttpClient();
 182             collectionObjectClient.setProxy();
 183         }catch(Exception e){
 184             logger.error("createWithoutUserPassword: caught " + e.getMessage());
 185             return;
 186         }
 187         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 188         verbose("createWithoutUserPassword: status = " + res.getStatus());
 189         Assert.assertEquals(res.getStatus(), Response.Status.FORBIDDEN.getStatusCode(),
 190                 "expected " + Response.Status.FORBIDDEN.getStatusCode());
 191     }
 192
 193     @Test(dependsOnMethods = {"createWithoutPassword"})
 194     public void createWithIncorrectUserPassword() {
 195         String identifier = this.createIdentifier();
 196         MultipartOutput multipart = createCollectionObjectInstance(identifier);
 197         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 198         if(!collectionObjectClient.isServerSecure()){
 199             logger.warn("set -Dcspace.server.secure=true to run security tests");
 200             return;
 201         }
 202         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 203         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "foo");
 204         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 205         try{
 206             collectionObjectClient.setupHttpClient();
 207             collectionObjectClient.setProxy();
 208         }catch(Exception e){
 209             logger.error("createWithIncorrectUserPassword: caught " + e.getMessage());
 210             return;
 211         }
 212         ClientResponse<Response> res = collectionObjectClient.create(multipart);
 213         verbose("createWithIncorrectUserPassword: status = " + res.getStatus());
 214         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 215                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 216     }
 217
 218     @Override
 219     @Test(dependsOnMethods = {"createWithIncorrectUserPassword"})
 220     public void delete() {
 221         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 222         collectionObjectClient = new CollectionObjectClient();
 223         if(!collectionObjectClient.isServerSecure()){
 224             logger.warn("set -Dcspace.server.secure=true to run security tests");
 225             return;
 226         }
 227         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 228         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 229         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
 230         try{
 231             collectionObjectClient.setupHttpClient();
 232             collectionObjectClient.setProxy();
 233         }catch(Exception e){
 234             logger.error("deleteCollectionObject: caught " + e.getMessage());
 235             return;
 236         }
 237         verbose("Calling deleteCollectionObject:" + knownResourceId);
 238         ClientResponse<Response> res = collectionObjectClient.delete(knownResourceId);
 239         verbose("deleteCollectionObject: status = " + res.getStatus());
 240         Assert.assertEquals(res.getStatus(), Response.Status.OK.getStatusCode(),
 241                 "expected " + Response.Status.OK.getStatusCode());
 242     }
 243
 244     // ---------------------------------------------------------------
 245     // Utility methods used by tests above
 246     // ---------------------------------------------------------------
 247     private MultipartOutput createCollectionObjectInstance(String identifier) {
 248         return createCollectionObjectInstance("objectNumber-" + identifier,
 249                 "objectName-" + identifier);
 250     }
 251
 252     private MultipartOutput createCollectionObjectInstance(String objectNumber, String objectName) {
 253         CollectionobjectsCommon collectionObject = new CollectionobjectsCommon();
 254
 255         collectionObject.setObjectNumber(objectNumber);
 256         collectionObject.setObjectName(objectName);
 257         MultipartOutput multipart = new MultipartOutput();
 258         OutputPart commonPart = multipart.addPart(collectionObject, MediaType.APPLICATION_XML_TYPE);
 259         commonPart.getHeaders().add("label", getCommonPartName());
 260
 261         verbose("to be created, collectionobject common ", collectionObject, CollectionobjectsCommon.class);
 262         return multipart;
 263     }
 264
 265     @Override
 266     public void createList() {
 267     }
 268
 269     @Override
 270     public void createWithEmptyEntityBody() {
 271     }
 272
 273     @Override
 274     public void createWithMalformedXml() {
 275     }
 276
 277     @Override
 278     public void createWithWrongXmlSchema() {
 279     }
 280
 281     @Override
 282     public void read() {
 283     }
 284
 285     @Override
 286     public void readNonExistent() {
 287     }
 288
 289     @Override
 290     public void readList() {
 291     }
 292
 293     @Override
 294     public void update() {
 295     }
 296
 297     @Override
 298     public void updateWithEmptyEntityBody() {
 299     }
 300
 301     @Override
 302     public void updateWithMalformedXml() {
 303     }
 304
 305     @Override
 306     public void updateWithWrongXmlSchema() {
 307     }
 308
 309     @Override
 310     public void updateNonExistent() {
 311     }
 312
 313     @Override
 314     public void deleteNonExistent() {
 315     }
 316 }