From 40ea7191a3713404d46892bea8c77dea473a1c30 Mon Sep 17 00:00:00 2001 From: Sanjay Dalal Date: Tue, 23 Feb 2010 21:22:07 +0000 Subject: [PATCH] CSPACE-1032 anonymous access is disabled. Developers need to change $JBOSS_HOME/server/cspace/conf/login-config.xml to add the CSpace JAAS LoginModule from /services/authentication/service/src/main/resources/config/jboss-login-config.xml. See wiki/email for more details. Service client properties are changed to use auth mode by default so that mvn test could still be used. test: mvn test at service layer M services/JaxRsServiceProvider/src/main/resources/log4j.properties M services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml M services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java M services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java M services/client/src/test/java/org/collectionspace/services/client/test/ServiceLayerTest.java M services/client/src/main/resources/collectionspace-client.properties --- .../src/main/resources/log4j.properties | 2 +- .../WEB-INF/applicationContext-security.xml | 3 +- .../client/test/AccountServiceTest.java | 1 + .../collectionspace-client.properties | 2 +- .../client/test/ServiceLayerTest.java | 8 +--- .../test/AuthenticationServiceTest.java | 44 ++++--------------- 6 files changed, 15 insertions(+), 45 deletions(-) diff --git a/services/JaxRsServiceProvider/src/main/resources/log4j.properties b/services/JaxRsServiceProvider/src/main/resources/log4j.properties index 01d5b6faf..c82533ca6 100644 --- a/services/JaxRsServiceProvider/src/main/resources/log4j.properties +++ b/services/JaxRsServiceProvider/src/main/resources/log4j.properties @@ -7,7 +7,7 @@ log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d %-5p [%t] [%c:%L] %m%n log4j.appender.R=org.apache.log4j.RollingFileAppender -log4j.appender.R.File=${jboss.server.log.dir}/server.log +log4j.appender.R.File=$jboss.home.dir/server/cspace/log/server.log log4j.appender.R.MaxFileSize=100KB # Keep one backup file diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml index 9570d1c97..71be7d13c 100644 --- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -11,10 +11,11 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> - + + diff --git a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java index 55e47bfe9..c5b510e2f 100644 --- a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java +++ b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java @@ -874,6 +874,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl { } + // --------------------------------------------------------------- // Utility methods used by tests above // --------------------------------------------------------------- diff --git a/services/client/src/main/resources/collectionspace-client.properties b/services/client/src/main/resources/collectionspace-client.properties index 429b9f6fe..28b7c103e 100644 --- a/services/client/src/main/resources/collectionspace-client.properties +++ b/services/client/src/main/resources/collectionspace-client.properties @@ -1,6 +1,6 @@ #url of the collectionspace server cspace.url=http://localhost:8180/cspace-services/ cspace.ssl=false -cspace.auth=false +cspace.auth=true cspace.user=test cspace.password=test \ No newline at end of file diff --git a/services/client/src/test/java/org/collectionspace/services/client/test/ServiceLayerTest.java b/services/client/src/test/java/org/collectionspace/services/client/test/ServiceLayerTest.java index 4aa420951..162e7875f 100644 --- a/services/client/src/test/java/org/collectionspace/services/client/test/ServiceLayerTest.java +++ b/services/client/src/test/java/org/collectionspace/services/client/test/ServiceLayerTest.java @@ -145,10 +145,6 @@ public class ServiceLayerTest { @Test public void serviceSecure() { - if (!serviceClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } String url = serviceClient.getBaseURL() + "collectionobjects"; GetMethod method = new GetMethod(url); // This vanilla HTTP client does not contain credentials or any other @@ -162,8 +158,8 @@ public class ServiceLayerTest { //due to anonymous support, the service returns 200 instead of 401 // Assert.assertEquals(statusCode, HttpStatus.SC_UNAUTHORIZED, // "expected " + HttpStatus.SC_UNAUTHORIZED); - Assert.assertEquals(statusCode, HttpStatus.SC_OK, - "expected " + HttpStatus.SC_OK); + Assert.assertEquals(statusCode, HttpStatus.SC_UNAUTHORIZED, + "expected " + HttpStatus.SC_UNAUTHORIZED); } catch (HttpException e) { logger.error("Fatal protocol violation: ", e); } catch (IOException e) { diff --git a/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java b/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java index 36a8687ed..0e393e71a 100644 --- a/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java +++ b/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java @@ -76,10 +76,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { // its associated HTTP method name (e.g. POST, DELETE). setupCreate(testName); AccountClient accountClient = new AccountClient(); - if (!accountClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + accountClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); accountClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -133,10 +130,6 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -171,10 +164,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { String identifier = this.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -204,10 +194,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { String identifier = this.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -238,10 +225,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { String identifier = this.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -272,10 +256,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { String identifier = this.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -307,10 +288,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { String identifier = this.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( collectionObjectClient.getCommonPartName(), identifier); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -342,10 +320,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { setupDelete(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); collectionObjectClient = new CollectionObjectClient(); - if (!collectionObjectClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, @@ -377,10 +352,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { // Perform setup. setupDelete(testName); AccountClient accountClient = new AccountClient(); - if (!accountClient.isServerSecure()) { - logger.warn("set -Dcspace.server.secure=true to run security tests"); - return; - } + accountClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); accountClient.setProperty(CollectionSpaceClient.USER_PROPERTY, -- 2.47.3