git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright © 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.authentication.client;
  24
  25 import java.util.ArrayList;
  26 import javax.ws.rs.core.MultivaluedMap;
  27 import javax.ws.rs.core.Response;
  28 import javax.xml.bind.JAXBContext;
  29 import javax.xml.bind.Marshaller;
  30 import org.jboss.resteasy.client.ClientResponse;
  31 import org.testng.Assert;
  32 import org.testng.annotations.Test;
  33
  34 import org.collectionspace.services.collectionobject.CollectionObject;
  35 import org.collectionspace.services.client.CollectionObjectClient;
  36 import org.collectionspace.services.client.CollectionSpaceClient;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39
  40 /**
  41  * AuthenticationServiceTest uses CollectionObject service to test authentication
  42  *
  43  * $LastChangedRevision: 434 $
  44  * $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue, 28 Jul 2009) $
  45  */
  46 public class AuthenticationServiceTest {
  47
  48     private String knownCollectionObjectId = null;
  49     final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  50
  51     @Test
  52     public void auth_createCollectionObject() {
  53         if(!isServerSecure()){
  54             return;
  55         }
  56         String identifier = this.createIdentifier();
  57         CollectionObject collectionObject = createCollectionObject(identifier);
  58         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  59         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
  60         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
  61         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
  62         try{
  63             collectionObjectClient.setupHttpClient();
  64             collectionObjectClient.setProxy();
  65         }catch(Exception e){
  66             logger.error("auth_createCollectionObject: caught " + e.getMessage());
  67             return;
  68         }
  69         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
  70         verbose("auth_createCollectionObject: status = " + res.getStatus());
  71         Assert.assertEquals(res.getStatus(), Response.Status.CREATED.getStatusCode(),
  72                 "expected " + Response.Status.CREATED.getStatusCode());
  73
  74         // Store the ID returned from this create operation for additional tests below.
  75         knownCollectionObjectId = extractId(res);
  76     }
  77
  78     @Test(dependsOnMethods = {"auth_createCollectionObject"})
  79     public void auth_createCollectionObjectWithoutUser() {
  80         if(!isServerSecure()){
  81             return;
  82         }
  83         String identifier = this.createIdentifier();
  84         CollectionObject collectionObject = createCollectionObject(identifier);
  85         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  86         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
  87         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
  88         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
  89         try{
  90             collectionObjectClient.setupHttpClient();
  91             collectionObjectClient.setProxy();
  92         }catch(Exception e){
  93             logger.error("auth_createCollectionObjectWithoutUser: caught " + e.getMessage());
  94             return;
  95         }
  96         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
  97         verbose("auth_createCollectionObjectWithoutUser: status = " + res.getStatus());
  98         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
  99                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 100     }
 101
 102     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutUser"})
 103     public void auth_createCollectionObjectWithoutPassword() {
 104         if(!isServerSecure()){
 105             logger.warn("set -Dcspace.server.secure=true to run security tests");
 106             return;
 107         }
 108         String identifier = this.createIdentifier();
 109         CollectionObject collectionObject = createCollectionObject(identifier);
 110         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 111         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 112         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 113         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 114         try{
 115             collectionObjectClient.setupHttpClient();
 116             collectionObjectClient.setProxy();
 117         }catch(Exception e){
 118             logger.error("auth_createCollectionObjectWithoutPassword: caught " + e.getMessage());
 119             return;
 120         }
 121         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 122         verbose("auth_createCollectionObjectWithoutPassword: status = " + res.getStatus());
 123         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 124                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 125     }
 126
 127     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 128     public void auth_createCollectionObjectWithIncorrectPassword() {
 129         if(!isServerSecure()){
 130             logger.warn("set -Dcspace.server.secure=true to run security tests");
 131             return;
 132         }
 133         String identifier = this.createIdentifier();
 134         CollectionObject collectionObject = createCollectionObject(identifier);
 135         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 136         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 137         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 138         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 139         try{
 140             collectionObjectClient.setupHttpClient();
 141             collectionObjectClient.setProxy();
 142         }catch(Exception e){
 143             logger.error("auth_createCollectionObjectWithIncorrectPassword: caught " + e.getMessage());
 144             return;
 145         }
 146         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 147         verbose("auth_createCollectionObjectWithIncorrectPassword: status = " + res.getStatus());
 148         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 149                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 150     }
 151
 152     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 153     public void auth_createCollectionObjectWithoutUserPassword() {
 154         if(!isServerSecure()){
 155             logger.warn("set -Dcspace.server.secure=true to run security tests");
 156             return;
 157         }
 158         String identifier = this.createIdentifier();
 159         CollectionObject collectionObject = createCollectionObject(identifier);
 160         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 161         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 162         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
 163         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 164         try{
 165             collectionObjectClient.setupHttpClient();
 166             collectionObjectClient.setProxy();
 167         }catch(Exception e){
 168             logger.error("auth_createCollectionObjectWithoutUserPassword: caught " + e.getMessage());
 169             return;
 170         }
 171         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 172         verbose("auth_createCollectionObjectWithoutUserPassword: status = " + res.getStatus());
 173         Assert.assertEquals(res.getStatus(), Response.Status.FORBIDDEN.getStatusCode(),
 174                 "expected " + Response.Status.FORBIDDEN.getStatusCode());
 175     }
 176
 177     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 178     public void auth_createCollectionObjectWithIncorrectUserPassword() {
 179         if(!isServerSecure()){
 180             logger.warn("set -Dcspace.server.secure=true to run security tests");
 181             return;
 182         }
 183         String identifier = this.createIdentifier();
 184         CollectionObject collectionObject = createCollectionObject(identifier);
 185         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 186         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 187         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "foo");
 188         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 189         try{
 190             collectionObjectClient.setupHttpClient();
 191             collectionObjectClient.setProxy();
 192         }catch(Exception e){
 193             logger.error("auth_createCollectionObjectWithIncorrectUserPassword: caught " + e.getMessage());
 194             return;
 195         }
 196         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 197         verbose("auth_createCollectionObjectWithIncorrectUserPassword: status = " + res.getStatus());
 198         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 199                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 200     }
 201
 202
 203     @Test(dependsOnMethods = {"auth_createCollectionObjectWithIncorrectUserPassword"})
 204     public void auth_deleteCollectionObject() {
 205         if(!isServerSecure()){
 206             logger.warn("set -Dcspace.server.secure=true to run security tests");
 207             return;
 208         }
 209         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 210         collectionObjectClient = new CollectionObjectClient();
 211         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 212         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 213         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
 214         try{
 215             collectionObjectClient.setupHttpClient();
 216             collectionObjectClient.setProxy();
 217         }catch(Exception e){
 218             logger.error("auth_deleteCollectionObject: caught " + e.getMessage());
 219             return;
 220         }
 221         verbose("Calling deleteCollectionObject:" + knownCollectionObjectId);
 222         ClientResponse<Response> res = collectionObjectClient.deleteCollectionObject(knownCollectionObjectId);
 223         verbose("auth_deleteCollectionObject: status = " + res.getStatus());
 224         Assert.assertEquals(res.getStatus(), Response.Status.OK.getStatusCode(),
 225                 "expected " + Response.Status.OK.getStatusCode());
 226     }
 227
 228     // ---------------------------------------------------------------
 229     // Utility methods used by tests above
 230     // ---------------------------------------------------------------
 231     private CollectionObject createCollectionObject(String identifier) {
 232         CollectionObject collectionObject = createCollectionObject("objectNumber-" + identifier,
 233                 "objectName-" + identifier);
 234
 235         return collectionObject;
 236     }
 237
 238     private CollectionObject createCollectionObject(String objectNumber, String objectName) {
 239         CollectionObject collectionObject = new CollectionObject();
 240
 241         collectionObject.setObjectNumber(objectNumber);
 242         collectionObject.setObjectName(objectName);
 243
 244         return collectionObject;
 245     }
 246
 247     private String extractId(ClientResponse<Response> res) {
 248         MultivaluedMap mvm = res.getMetadata();
 249         String uri = (String) ((ArrayList) mvm.get("Location")).get(0);
 250         verbose("extractId:uri=" + uri);
 251         String[] segments = uri.split("/");
 252         String id = segments[segments.length - 1];
 253         verbose("id=" + id);
 254         return id;
 255     }
 256
 257     private void verbose(String msg) {
 258         if(logger.isInfoEnabled()){
 259             logger.debug(msg);
 260         }
 261     }
 262
 263     private void verbose(String msg, Object o, Class clazz) {
 264         try{
 265             verbose(msg);
 266             JAXBContext jc = JAXBContext.newInstance(clazz);
 267             Marshaller m = jc.createMarshaller();
 268             m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
 269                     Boolean.TRUE);
 270             m.marshal(o, System.out);
 271         }catch(Exception e){
 272             e.printStackTrace();
 273         }
 274     }
 275
 276     private String createIdentifier() {
 277         long identifier = System.currentTimeMillis();
 278         return Long.toString(identifier);
 279     }
 280
 281     private boolean isServerSecure() {
 282         return Boolean.getBoolean("cspace.server.secure");
 283     }
 284 }