[Major] cleaned up stupid use of forms for POST and added proper sec

fixed broken tests
2014-08-04 00:41:35 +02:00 · 2014-08-04 00:41:35 +02:00 · 1b956fbd45
parent b6828be09b
commit 1b956fbd45
3 changed files with 28 additions and 113 deletions
--- a/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@ -20,6 +20,7 @@ import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.GenericEntity;
@ -32,7 +33,6 @@ import li.strolch.rest.RestfulStrolchComponent;
 import li.strolch.rest.StrolchSessionHandler;
 import li.strolch.rest.model.Login;
 import li.strolch.rest.model.LoginResult;
-import li.strolch.rest.model.Logout;
 import li.strolch.rest.model.LogoutResult;

 import org.slf4j.Logger;
@ -79,7 +79,7 @@ public class AuthenticationService {

 			StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
 					StrolchSessionHandler.class);
-			String origin = request.getRemoteAddr();
+			String origin = request == null ? "test" : request.getRemoteAddr();
 			Certificate certificate = sessionHandler.authenticate(origin, login.getUsername(), login.getPassword()
 					.getBytes());

@ -105,7 +105,8 @@ public class AuthenticationService {
 	@DELETE
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Produces(MediaType.APPLICATION_JSON)
-	public Response logout(Logout logout) {
+	@Path("{authToken}")
+	public Response logout(@PathParam("authToken") String authToken) {

 		LogoutResult logoutResult = new LogoutResult();

@ -113,22 +114,10 @@ public class AuthenticationService {
 		};
 		try {

-			StringBuilder sb = new StringBuilder();
-			if (StringHelper.isEmpty(logout.getUsername())) {
-				sb.append("Username was not given.");
-			}
-			if (StringHelper.isEmpty(logout.getSessionId())) {
-				sb.append("SessionId was not given.");
-			}
-			if (sb.length() != 0) {
-				logoutResult.setMsg("Could not logout due to: " + sb.toString());
-				return Response.status(Status.UNAUTHORIZED).entity(logoutResult).build();
-			}
-
 			StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance().getComponent(
 					StrolchSessionHandler.class);
-			String origin = request.getRemoteAddr();
-			Certificate certificate = sessionHandlerHandler.validate(origin, logout.getSessionId());
+			String origin = request == null ? "test" : request.getRemoteAddr();
+			Certificate certificate = sessionHandlerHandler.validate(origin, authToken);
 			sessionHandlerHandler.invalidateSession(origin, certificate);

 			return Response.ok().entity(entity).build();
--- a/src/main/java/li/strolch/rest/model/Logout.java
+++ b/src/main/java/li/strolch/rest/model/Logout.java
@ -1,68 +0,0 @@
-/*
- * Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package li.strolch.rest.model;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- * @author Robert von Burg <eitch@eitchnet.ch>
- */
-@XmlAccessorType(XmlAccessType.NONE)
-@XmlRootElement(name = "Logout")
-public class Logout {
-
-	@XmlAttribute
-	private String username;
-	@XmlAttribute
-	private String sessionId;
-
-	public Logout() {
-		// no-arg constructor for JAXB
-	}
-
-	/**
-	 * @return the username
-	 */
-	public String getUsername() {
-		return this.username;
-	}
-
-	/**
-	 * @param username
-	 *            the username to set
-	 */
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
-	/**
-	 * @return the sessionId
-	 */
-	public String getSessionId() {
-		return this.sessionId;
-	}
-
-	/**
-	 * @param sessionId
-	 *            the sessionId to set
-	 */
-	public void setSessionId(String sessionId) {
-		this.sessionId = sessionId;
-	}
-}
--- a/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java
+++ b/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java
@ -15,16 +15,18 @@
 */
 package li.strolch.rest.inspector.test;

+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;

 import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.Form;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;

+import li.strolch.rest.model.Login;
 import li.strolch.rest.model.LoginResult;
 import li.strolch.rest.model.LogoutResult;

@ -44,11 +46,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
 	public void shouldAuthenticate() {

 		// login
-		Form loginForm = new Form();
-		loginForm.param("username", "jill");
-		loginForm.param("password", "jill");
-		Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
-		Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
+		Login login = new Login();
+		login.setUsername("jill");
+		login.setPassword("jill");
+		Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
+		Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
 		assertEquals(Status.OK.getStatusCode(), result.getStatus());
 		LoginResult loginResult = result.readEntity(LoginResult.class);
 		assertNotNull(loginResult);
@ -57,11 +59,8 @@ public class AuthenticationTest extends AbstractRestfulTest {
 		assertNull(loginResult.getMsg());

 		// logout
-		Form logoutForm = new Form();
-		logoutForm.param("username", "jill");
-		logoutForm.param("sessionId", loginResult.getSessionId());
-		entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
-		result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
+		result = target().path(ROOT_PATH + "/" + loginResult.getSessionId()).request(MediaType.APPLICATION_JSON)
+				.delete();
 		assertEquals(Status.OK.getStatusCode(), result.getStatus());
 		assertNotNull(loginResult);
 		LogoutResult logoutResult = result.readEntity(LogoutResult.class);
@ -73,11 +72,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
 	public void shouldNotAuthenticate() {

 		// login
-		Form loginForm = new Form();
-		loginForm.param("username", "admin");
-		loginForm.param("password", "blalba");
-		Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
-		Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
+		Login login = new Login();
+		login.setUsername("admin");
+		login.setPassword("blalba");
+		Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
+		Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
 		assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
 		LogoutResult logoutResult = result.readEntity(LogoutResult.class);
 		assertNotNull(logoutResult);
@ -88,11 +87,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
 	public void shouldFailLogoutIllegalSession() {

 		// login
-		Form loginForm = new Form();
-		loginForm.param("username", "jill");
-		loginForm.param("password", "jill");
-		Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
-		Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
+		Login login = new Login();
+		login.setUsername("jill");
+		login.setPassword("jill");
+		Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
+		Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
 		assertEquals(Status.OK.getStatusCode(), result.getStatus());
 		LoginResult loginResult = result.readEntity(LoginResult.class);
 		assertNotNull(loginResult);
@ -101,15 +100,10 @@ public class AuthenticationTest extends AbstractRestfulTest {
 		assertNull(loginResult.getMsg());

 		// logout
-		Form logoutForm = new Form();
-		logoutForm.param("username", "jill");
-		logoutForm.param("sessionId", "blabla");
-		entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
-		result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
+		result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
 		assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
 		LogoutResult logoutResult = result.readEntity(LogoutResult.class);
 		assertNotNull(logoutResult);
-		assertEquals("Could not logout due to: Illegal request for username jill and sessionId blabla",
-				logoutResult.getMsg());
+		assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
 	}
 }