From 1b956fbd459303392d4a0a14087ef1ad6c2506ec Mon Sep 17 00:00:00 2001 From: Robert von Burg Date: Mon, 4 Aug 2014 00:41:35 +0200 Subject: [PATCH] [Major] cleaned up stupid use of forms for POST and added proper sec fixed broken tests --- .../rest/endpoint/AuthenticationService.java | 23 ++----- .../java/li/strolch/rest/model/Logout.java | 68 ------------------- .../inspector/test/AuthenticationTest.java | 50 ++++++-------- 3 files changed, 28 insertions(+), 113 deletions(-) delete mode 100644 src/main/java/li/strolch/rest/model/Logout.java diff --git a/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index bfd8c00e5..3f3594ea0 100644 --- a/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -20,6 +20,7 @@ import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.GenericEntity; @@ -32,7 +33,6 @@ import li.strolch.rest.RestfulStrolchComponent; import li.strolch.rest.StrolchSessionHandler; import li.strolch.rest.model.Login; import li.strolch.rest.model.LoginResult; -import li.strolch.rest.model.Logout; import li.strolch.rest.model.LogoutResult; import org.slf4j.Logger; @@ -79,7 +79,7 @@ public class AuthenticationService { StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent( StrolchSessionHandler.class); - String origin = request.getRemoteAddr(); + String origin = request == null ? "test" : request.getRemoteAddr(); Certificate certificate = sessionHandler.authenticate(origin, login.getUsername(), login.getPassword() .getBytes()); @@ -105,7 +105,8 @@ public class AuthenticationService { @DELETE @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response logout(Logout logout) { + @Path("{authToken}") + public Response logout(@PathParam("authToken") String authToken) { LogoutResult logoutResult = new LogoutResult(); @@ -113,22 +114,10 @@ public class AuthenticationService { }; try { - StringBuilder sb = new StringBuilder(); - if (StringHelper.isEmpty(logout.getUsername())) { - sb.append("Username was not given."); - } - if (StringHelper.isEmpty(logout.getSessionId())) { - sb.append("SessionId was not given."); - } - if (sb.length() != 0) { - logoutResult.setMsg("Could not logout due to: " + sb.toString()); - return Response.status(Status.UNAUTHORIZED).entity(logoutResult).build(); - } - StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance().getComponent( StrolchSessionHandler.class); - String origin = request.getRemoteAddr(); - Certificate certificate = sessionHandlerHandler.validate(origin, logout.getSessionId()); + String origin = request == null ? "test" : request.getRemoteAddr(); + Certificate certificate = sessionHandlerHandler.validate(origin, authToken); sessionHandlerHandler.invalidateSession(origin, certificate); return Response.ok().entity(entity).build(); diff --git a/src/main/java/li/strolch/rest/model/Logout.java b/src/main/java/li/strolch/rest/model/Logout.java deleted file mode 100644 index 8fdcc8866..000000000 --- a/src/main/java/li/strolch/rest/model/Logout.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2013 Robert von Burg - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package li.strolch.rest.model; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlRootElement; - -/** - * @author Robert von Burg - */ -@XmlAccessorType(XmlAccessType.NONE) -@XmlRootElement(name = "Logout") -public class Logout { - - @XmlAttribute - private String username; - @XmlAttribute - private String sessionId; - - public Logout() { - // no-arg constructor for JAXB - } - - /** - * @return the username - */ - public String getUsername() { - return this.username; - } - - /** - * @param username - * the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - /** - * @return the sessionId - */ - public String getSessionId() { - return this.sessionId; - } - - /** - * @param sessionId - * the sessionId to set - */ - public void setSessionId(String sessionId) { - this.sessionId = sessionId; - } -} diff --git a/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java b/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java index 09501eee3..327772550 100644 --- a/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java +++ b/src/test/java/li/strolch/rest/inspector/test/AuthenticationTest.java @@ -15,16 +15,18 @@ */ package li.strolch.rest.inspector.test; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsString; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import javax.ws.rs.client.Entity; -import javax.ws.rs.core.Form; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; +import li.strolch.rest.model.Login; import li.strolch.rest.model.LoginResult; import li.strolch.rest.model.LogoutResult; @@ -44,11 +46,11 @@ public class AuthenticationTest extends AbstractRestfulTest { public void shouldAuthenticate() { // login - Form loginForm = new Form(); - loginForm.param("username", "jill"); - loginForm.param("password", "jill"); - Entity
entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED); - Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity); + Login login = new Login(); + login.setUsername("jill"); + login.setPassword("jill"); + Entity loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON); + Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity); assertEquals(Status.OK.getStatusCode(), result.getStatus()); LoginResult loginResult = result.readEntity(LoginResult.class); assertNotNull(loginResult); @@ -57,11 +59,8 @@ public class AuthenticationTest extends AbstractRestfulTest { assertNull(loginResult.getMsg()); // logout - Form logoutForm = new Form(); - logoutForm.param("username", "jill"); - logoutForm.param("sessionId", loginResult.getSessionId()); - entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED); - result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity); + result = target().path(ROOT_PATH + "/" + loginResult.getSessionId()).request(MediaType.APPLICATION_JSON) + .delete(); assertEquals(Status.OK.getStatusCode(), result.getStatus()); assertNotNull(loginResult); LogoutResult logoutResult = result.readEntity(LogoutResult.class); @@ -73,11 +72,11 @@ public class AuthenticationTest extends AbstractRestfulTest { public void shouldNotAuthenticate() { // login - Form loginForm = new Form(); - loginForm.param("username", "admin"); - loginForm.param("password", "blalba"); - Entity entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED); - Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity); + Login login = new Login(); + login.setUsername("admin"); + login.setPassword("blalba"); + Entity loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON); + Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity); assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus()); LogoutResult logoutResult = result.readEntity(LogoutResult.class); assertNotNull(logoutResult); @@ -88,11 +87,11 @@ public class AuthenticationTest extends AbstractRestfulTest { public void shouldFailLogoutIllegalSession() { // login - Form loginForm = new Form(); - loginForm.param("username", "jill"); - loginForm.param("password", "jill"); - Entity entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED); - Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity); + Login login = new Login(); + login.setUsername("jill"); + login.setPassword("jill"); + Entity loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON); + Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity); assertEquals(Status.OK.getStatusCode(), result.getStatus()); LoginResult loginResult = result.readEntity(LoginResult.class); assertNotNull(loginResult); @@ -101,15 +100,10 @@ public class AuthenticationTest extends AbstractRestfulTest { assertNull(loginResult.getMsg()); // logout - Form logoutForm = new Form(); - logoutForm.param("username", "jill"); - logoutForm.param("sessionId", "blabla"); - entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED); - result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity); + result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete(); assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus()); LogoutResult logoutResult = result.readEntity(LogoutResult.class); assertNotNull(logoutResult); - assertEquals("Could not logout due to: Illegal request for username jill and sessionId blabla", - logoutResult.getMsg()); + assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla")); } }