shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r912654 - in /incubator/shiro/trunk: core/pom.xml pom.xml web/pom.xml web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
Date Mon, 22 Feb 2010 16:58:27 GMT
Author: lhazlewood
Date: Mon Feb 22 16:58:26 2010
New Revision: 912654

URL: http://svn.apache.org/viewvc?rev=912654&view=rev
Log:
SHIRO-142: ensured only the error code or the redirect occured.  Added accompanying test cases
for verification.

Added:
    incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
Modified:
    incubator/shiro/trunk/core/pom.xml
    incubator/shiro/trunk/pom.xml
    incubator/shiro/trunk/web/pom.xml
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java

Modified: incubator/shiro/trunk/core/pom.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/pom.xml?rev=912654&r1=912653&r2=912654&view=diff
==============================================================================
--- incubator/shiro/trunk/core/pom.xml (original)
+++ incubator/shiro/trunk/core/pom.xml Mon Feb 22 16:58:26 2010
@@ -32,6 +32,23 @@
     <name>Apache Shiro :: Core</name>
     <packaging>jar</packaging>
 
+    <build>
+        <plugins>
+            <!-- bundle up the test classes to be referenced by other modules -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
     <dependencies>
         <dependency>
             <groupId>org.slf4j</groupId>

Modified: incubator/shiro/trunk/pom.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/pom.xml?rev=912654&r1=912653&r2=912654&view=diff
==============================================================================
--- incubator/shiro/trunk/pom.xml (original)
+++ incubator/shiro/trunk/pom.xml Mon Feb 22 16:58:26 2010
@@ -150,6 +150,15 @@
                 <version>${project.version}</version>
             </dependency>
 
+            <!-- Intra project test dependencies: -->
+            <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-core</artifactId>
+                <version>${project.version}</version>
+                <type>test-jar</type>
+                <scope>test</scope>
+            </dependency>
+
             <!-- 3rd party dependencies -->
             <dependency>
                 <groupId>org.slf4j</groupId>
@@ -379,7 +388,7 @@
             </dependency>
         </dependencies>
     </dependencyManagement>
-    
+
     <!-- Note that reporting may fail with lower settings than something like: MAVEN_OPTS="-X512m
-XX:MaxPermSize=128m" -->
     <reporting>
         <plugins>

Modified: incubator/shiro/trunk/web/pom.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/pom.xml?rev=912654&r1=912653&r2=912654&view=diff
==============================================================================
--- incubator/shiro/trunk/web/pom.xml (original)
+++ incubator/shiro/trunk/web/pom.xml Mon Feb 22 16:58:26 2010
@@ -51,6 +51,12 @@
         </dependency>
         <!-- Test dependencies - scope set appropriately already in the parent pom-->
         <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
         </dependency>

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java?rev=912654&r1=912653&r2=912654&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java
(original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/AuthorizationFilter.java
Mon Feb 22 16:58:26 2010
@@ -115,11 +115,13 @@
         } else {
             // If subject is known but not authorized, redirect to the unauthorized URL if
there is one
             // If no unauthorized URL is specified, just return an unauthorized HTTP status
code
-            WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-            if (StringUtils.hasText(getUnauthorizedUrl())) {
-                WebUtils.issueRedirect(request, response, getUnauthorizedUrl());
+            String unauthorizedUrl = getUnauthorizedUrl();
+            //SHIRO-142 - ensure that redirect _or_ error code occurs - both cannot happen
due to response commit:
+            if ( StringUtils.hasText(unauthorizedUrl) ) {
+                WebUtils.issueRedirect(request, response, unauthorizedUrl);
+            } else {
+                WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
             }
-
         }
         return false;
     }

Added: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java?rev=912654&view=auto
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
(added)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/filter/authz/AuthorizationFilterTest.java
Mon Feb 22 16:58:26 2010
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web.filter.authz;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.test.SecurityManagerTestSupport;
+import org.junit.Test;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+import static org.easymock.EasyMock.*;
+
+/**
+ * Test cases for the {@link AuthorizationFilter} class.
+ */
+public class AuthorizationFilterTest extends SecurityManagerTestSupport {
+
+    @Test
+    public void testUserOnAccessDeniedWithResponseError() throws IOException {
+        // Tests when a user (known identity) is denied access and no unauthorizedUrl has
been configured.
+        // This should trigger an HTTP response error code.
+
+        //log in the user using the account provided by the superclass for tests:
+        SecurityUtils.getSubject().login(new UsernamePasswordToken("test", "test"));
+        
+        AuthorizationFilter filter = new AuthorizationFilter() {
+            @Override
+            protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
Object mappedValue)
+                    throws Exception {
+                return false; //for this test case
+            }
+        };
+
+        HttpServletRequest request = createNiceMock(HttpServletRequest.class);
+        HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+        replay(response);
+        filter.onAccessDenied(request, response);
+        verify(response);
+    }
+
+    @Test
+    public void testUserOnAccessDeniedWithRedirect() throws IOException {
+        // Tests when a user (known identity) is denied access and an unauthorizedUrl *has*
been configured.
+        // This should trigger an HTTP redirect
+
+        //log in the user using the account provided by the superclass for tests:
+        SecurityUtils.getSubject().login(new UsernamePasswordToken("test", "test"));
+
+        String unauthorizedUrl = "unauthorized.jsp";
+
+        AuthorizationFilter filter = new AuthorizationFilter() {
+            @Override
+            protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
Object mappedValue)
+                    throws Exception {
+                return false; //for this test case
+            }
+        };
+        filter.setUnauthorizedUrl(unauthorizedUrl);
+
+        HttpServletRequest request = createNiceMock(HttpServletRequest.class);
+        HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+
+        expect(request.getContextPath()).andReturn("/").anyTimes();
+
+        String encoded = "/" + unauthorizedUrl;
+        expect(response.encodeRedirectURL(unauthorizedUrl)).andReturn(encoded);
+        response.sendRedirect(encoded);
+        replay(request);
+        replay(response);
+
+        filter.onAccessDenied(request, response);
+
+        verify(request);
+        verify(response);
+    }
+}



Mime
View raw message