git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  * This document is a part of the source code and related artifacts
   3  * for CollectionSpace, an open source collections management system
   4  * for museums and related institutions:
   5  *
   6  * http://www.collectionspace.org
   7  * http://wiki.collectionspace.org
   8  *
   9  * Copyright © 2009 Regents of the University of California
  10  *
  11  * Licensed under the Educational Community License (ECL), Version 2.0.
  12  * You may not use this file except in compliance with this License.
  13  *
  14  * You may obtain a copy of the ECL 2.0 License at
  15  * https://source.collectionspace.org/collection-space/LICENSE.txt
  16  *
  17  *  Unless required by applicable law or agreed to in writing, software
  18  *  distributed under the License is distributed on an "AS IS" BASIS,
  19  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20  *  See the License for the specific language governing permissions and
  21  *  limitations under the License.
  22  */
  23 package org.collectionspace.services.authentication.client;
  24
  25 import java.util.ArrayList;
  26 import javax.ws.rs.core.MultivaluedMap;
  27 import javax.ws.rs.core.Response;
  28 import javax.xml.bind.JAXBContext;
  29 import javax.xml.bind.Marshaller;
  30 import org.jboss.resteasy.client.ClientResponse;
  31 import org.testng.Assert;
  32 import org.testng.annotations.Test;
  33
  34 import org.collectionspace.services.collectionobject.CollectionObject;
  35 import org.collectionspace.services.client.CollectionObjectClient;
  36 import org.collectionspace.services.client.CollectionSpaceClient;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39
  40 /**
  41  * AuthenticationServiceTest uses CollectionObject service to test authentication
  42  *
  43  * $LastChangedRevision: 434 $
  44  * $LastChangedDate: 2009-07-28 14:34:15 -0700 (Tue, 28 Jul 2009) $
  45  */
  46 public class AuthenticationServiceTest {
  47
  48     private String knownCollectionObjectId = null;
  49     final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class);
  50
  51     @Test
  52     public void auth_createCollectionObject() {
  53         String identifier = this.createIdentifier();
  54         CollectionObject collectionObject = createCollectionObject(identifier);
  55         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  56         if(!collectionObjectClient.isServerSecure()){
  57             logger.warn("set -Dcspace.server.secure=true to run security tests");
  58             return;
  59         }
  60         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
  61         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
  62         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
  63         try{
  64             collectionObjectClient.setupHttpClient();
  65             collectionObjectClient.setProxy();
  66         }catch(Exception e){
  67             logger.error("auth_createCollectionObject: caught " + e.getMessage());
  68             return;
  69         }
  70         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
  71         verbose("auth_createCollectionObject: status = " + res.getStatus());
  72         Assert.assertEquals(res.getStatus(), Response.Status.CREATED.getStatusCode(),
  73                 "expected " + Response.Status.CREATED.getStatusCode());
  74
  75         // Store the ID returned from this create operation for additional tests below.
  76         knownCollectionObjectId = extractId(res);
  77     }
  78
  79     @Test(dependsOnMethods = {"auth_createCollectionObject"})
  80     public void auth_createCollectionObjectWithoutUser() {
  81         String identifier = this.createIdentifier();
  82         CollectionObject collectionObject = createCollectionObject(identifier);
  83         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
  84         if(!collectionObjectClient.isServerSecure()){
  85             logger.warn("set -Dcspace.server.secure=true to run security tests");
  86             return;
  87         }
  88         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
  89         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
  90         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
  91         try{
  92             collectionObjectClient.setupHttpClient();
  93             collectionObjectClient.setProxy();
  94         }catch(Exception e){
  95             logger.error("auth_createCollectionObjectWithoutUser: caught " + e.getMessage());
  96             return;
  97         }
  98         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
  99         verbose("auth_createCollectionObjectWithoutUser: status = " + res.getStatus());
 100         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 101                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 102     }
 103
 104     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutUser"})
 105     public void auth_createCollectionObjectWithoutPassword() {
 106         String identifier = this.createIdentifier();
 107         CollectionObject collectionObject = createCollectionObject(identifier);
 108         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 109         if(!collectionObjectClient.isServerSecure()){
 110             logger.warn("set -Dcspace.server.secure=true to run security tests");
 111             return;
 112         }
 113         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 114         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 115         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 116         try{
 117             collectionObjectClient.setupHttpClient();
 118             collectionObjectClient.setProxy();
 119         }catch(Exception e){
 120             logger.error("auth_createCollectionObjectWithoutPassword: caught " + e.getMessage());
 121             return;
 122         }
 123         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 124         verbose("auth_createCollectionObjectWithoutPassword: status = " + res.getStatus());
 125         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 126                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 127     }
 128
 129     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 130     public void auth_createCollectionObjectWithIncorrectPassword() {
 131         String identifier = this.createIdentifier();
 132         CollectionObject collectionObject = createCollectionObject(identifier);
 133         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 134         if(!collectionObjectClient.isServerSecure()){
 135             logger.warn("set -Dcspace.server.secure=true to run security tests");
 136             return;
 137         }
 138         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 139         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 140         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 141         try{
 142             collectionObjectClient.setupHttpClient();
 143             collectionObjectClient.setProxy();
 144         }catch(Exception e){
 145             logger.error("auth_createCollectionObjectWithIncorrectPassword: caught " + e.getMessage());
 146             return;
 147         }
 148         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 149         verbose("auth_createCollectionObjectWithIncorrectPassword: status = " + res.getStatus());
 150         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 151                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 152     }
 153
 154     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 155     public void auth_createCollectionObjectWithoutUserPassword() {
 156         String identifier = this.createIdentifier();
 157         CollectionObject collectionObject = createCollectionObject(identifier);
 158         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 159         if(!collectionObjectClient.isServerSecure()){
 160             logger.warn("set -Dcspace.server.secure=true to run security tests");
 161             return;
 162         }
 163         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 164         collectionObjectClient.removeProperty(CollectionSpaceClient.USER_PROPERTY);
 165         collectionObjectClient.removeProperty(CollectionSpaceClient.PASSWORD_PROPERTY);
 166         try{
 167             collectionObjectClient.setupHttpClient();
 168             collectionObjectClient.setProxy();
 169         }catch(Exception e){
 170             logger.error("auth_createCollectionObjectWithoutUserPassword: caught " + e.getMessage());
 171             return;
 172         }
 173         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 174         verbose("auth_createCollectionObjectWithoutUserPassword: status = " + res.getStatus());
 175         Assert.assertEquals(res.getStatus(), Response.Status.FORBIDDEN.getStatusCode(),
 176                 "expected " + Response.Status.FORBIDDEN.getStatusCode());
 177     }
 178
 179     @Test(dependsOnMethods = {"auth_createCollectionObjectWithoutPassword"})
 180     public void auth_createCollectionObjectWithIncorrectUserPassword() {
 181         String identifier = this.createIdentifier();
 182         CollectionObject collectionObject = createCollectionObject(identifier);
 183         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 184         if(!collectionObjectClient.isServerSecure()){
 185             logger.warn("set -Dcspace.server.secure=true to run security tests");
 186             return;
 187         }
 188         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 189         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "foo");
 190         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "bar");
 191         try{
 192             collectionObjectClient.setupHttpClient();
 193             collectionObjectClient.setProxy();
 194         }catch(Exception e){
 195             logger.error("auth_createCollectionObjectWithIncorrectUserPassword: caught " + e.getMessage());
 196             return;
 197         }
 198         ClientResponse<Response> res = collectionObjectClient.createCollectionObject(collectionObject);
 199         verbose("auth_createCollectionObjectWithIncorrectUserPassword: status = " + res.getStatus());
 200         Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(),
 201                 "expected " + Response.Status.UNAUTHORIZED.getStatusCode());
 202     }
 203
 204     @Test(dependsOnMethods = {"auth_createCollectionObjectWithIncorrectUserPassword"})
 205     public void auth_deleteCollectionObject() {
 206         CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
 207         collectionObjectClient = new CollectionObjectClient();
 208         if(!collectionObjectClient.isServerSecure()){
 209             logger.warn("set -Dcspace.server.secure=true to run security tests");
 210             return;
 211         }
 212         collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true");
 213         collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test");
 214         collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, "test");
 215         try{
 216             collectionObjectClient.setupHttpClient();
 217             collectionObjectClient.setProxy();
 218         }catch(Exception e){
 219             logger.error("auth_deleteCollectionObject: caught " + e.getMessage());
 220             return;
 221         }
 222         verbose("Calling deleteCollectionObject:" + knownCollectionObjectId);
 223         ClientResponse<Response> res = collectionObjectClient.deleteCollectionObject(knownCollectionObjectId);
 224         verbose("auth_deleteCollectionObject: status = " + res.getStatus());
 225         Assert.assertEquals(res.getStatus(), Response.Status.OK.getStatusCode(),
 226                 "expected " + Response.Status.OK.getStatusCode());
 227     }
 228
 229     // ---------------------------------------------------------------
 230     // Utility methods used by tests above
 231     // ---------------------------------------------------------------
 232     private CollectionObject createCollectionObject(String identifier) {
 233         CollectionObject collectionObject = createCollectionObject("objectNumber-" + identifier,
 234                 "objectName-" + identifier);
 235
 236         return collectionObject;
 237     }
 238
 239     private CollectionObject createCollectionObject(String objectNumber, String objectName) {
 240         CollectionObject collectionObject = new CollectionObject();
 241
 242         collectionObject.setObjectNumber(objectNumber);
 243         collectionObject.setObjectName(objectName);
 244
 245         return collectionObject;
 246     }
 247
 248     private String extractId(ClientResponse<Response> res) {
 249         MultivaluedMap mvm = res.getMetadata();
 250         String uri = (String) ((ArrayList) mvm.get("Location")).get(0);
 251         verbose("extractId:uri=" + uri);
 252         String[] segments = uri.split("/");
 253         String id = segments[segments.length - 1];
 254         verbose("id=" + id);
 255         return id;
 256     }
 257
 258     private void verbose(String msg) {
 259         if(logger.isInfoEnabled()){
 260             logger.debug(msg);
 261         }
 262     }
 263
 264     private void verbose(String msg, Object o, Class clazz) {
 265         try{
 266             verbose(msg);
 267             JAXBContext jc = JAXBContext.newInstance(clazz);
 268             Marshaller m = jc.createMarshaller();
 269             m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
 270                     Boolean.TRUE);
 271             m.marshal(o, System.out);
 272         }catch(Exception e){
 273             e.printStackTrace();
 274         }
 275     }
 276
 277     private String createIdentifier() {
 278         long identifier = System.currentTimeMillis();
 279         return Long.toString(identifier);
 280     }
 281 }