[Major] cleaned up stupid use of forms for POST and added proper sec
fixed broken tests
This commit is contained in:
parent
b6828be09b
commit
1b956fbd45
|
@ -20,6 +20,7 @@ import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.DELETE;
|
import javax.ws.rs.DELETE;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.GenericEntity;
|
import javax.ws.rs.core.GenericEntity;
|
||||||
|
@ -32,7 +33,6 @@ import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchSessionHandler;
|
import li.strolch.rest.StrolchSessionHandler;
|
||||||
import li.strolch.rest.model.Login;
|
import li.strolch.rest.model.Login;
|
||||||
import li.strolch.rest.model.LoginResult;
|
import li.strolch.rest.model.LoginResult;
|
||||||
import li.strolch.rest.model.Logout;
|
|
||||||
import li.strolch.rest.model.LogoutResult;
|
import li.strolch.rest.model.LogoutResult;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
@ -79,7 +79,7 @@ public class AuthenticationService {
|
||||||
|
|
||||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||||
StrolchSessionHandler.class);
|
StrolchSessionHandler.class);
|
||||||
String origin = request.getRemoteAddr();
|
String origin = request == null ? "test" : request.getRemoteAddr();
|
||||||
Certificate certificate = sessionHandler.authenticate(origin, login.getUsername(), login.getPassword()
|
Certificate certificate = sessionHandler.authenticate(origin, login.getUsername(), login.getPassword()
|
||||||
.getBytes());
|
.getBytes());
|
||||||
|
|
||||||
|
@ -105,7 +105,8 @@ public class AuthenticationService {
|
||||||
@DELETE
|
@DELETE
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response logout(Logout logout) {
|
@Path("{authToken}")
|
||||||
|
public Response logout(@PathParam("authToken") String authToken) {
|
||||||
|
|
||||||
LogoutResult logoutResult = new LogoutResult();
|
LogoutResult logoutResult = new LogoutResult();
|
||||||
|
|
||||||
|
@ -113,22 +114,10 @@ public class AuthenticationService {
|
||||||
};
|
};
|
||||||
try {
|
try {
|
||||||
|
|
||||||
StringBuilder sb = new StringBuilder();
|
|
||||||
if (StringHelper.isEmpty(logout.getUsername())) {
|
|
||||||
sb.append("Username was not given.");
|
|
||||||
}
|
|
||||||
if (StringHelper.isEmpty(logout.getSessionId())) {
|
|
||||||
sb.append("SessionId was not given.");
|
|
||||||
}
|
|
||||||
if (sb.length() != 0) {
|
|
||||||
logoutResult.setMsg("Could not logout due to: " + sb.toString());
|
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(logoutResult).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance().getComponent(
|
StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||||
StrolchSessionHandler.class);
|
StrolchSessionHandler.class);
|
||||||
String origin = request.getRemoteAddr();
|
String origin = request == null ? "test" : request.getRemoteAddr();
|
||||||
Certificate certificate = sessionHandlerHandler.validate(origin, logout.getSessionId());
|
Certificate certificate = sessionHandlerHandler.validate(origin, authToken);
|
||||||
sessionHandlerHandler.invalidateSession(origin, certificate);
|
sessionHandlerHandler.invalidateSession(origin, certificate);
|
||||||
|
|
||||||
return Response.ok().entity(entity).build();
|
return Response.ok().entity(entity).build();
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package li.strolch.rest.model;
|
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlAccessType;
|
|
||||||
import javax.xml.bind.annotation.XmlAccessorType;
|
|
||||||
import javax.xml.bind.annotation.XmlAttribute;
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
|
||||||
*/
|
|
||||||
@XmlAccessorType(XmlAccessType.NONE)
|
|
||||||
@XmlRootElement(name = "Logout")
|
|
||||||
public class Logout {
|
|
||||||
|
|
||||||
@XmlAttribute
|
|
||||||
private String username;
|
|
||||||
@XmlAttribute
|
|
||||||
private String sessionId;
|
|
||||||
|
|
||||||
public Logout() {
|
|
||||||
// no-arg constructor for JAXB
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the username
|
|
||||||
*/
|
|
||||||
public String getUsername() {
|
|
||||||
return this.username;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param username
|
|
||||||
* the username to set
|
|
||||||
*/
|
|
||||||
public void setUsername(String username) {
|
|
||||||
this.username = username;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the sessionId
|
|
||||||
*/
|
|
||||||
public String getSessionId() {
|
|
||||||
return this.sessionId;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param sessionId
|
|
||||||
* the sessionId to set
|
|
||||||
*/
|
|
||||||
public void setSessionId(String sessionId) {
|
|
||||||
this.sessionId = sessionId;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -15,16 +15,18 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.rest.inspector.test;
|
package li.strolch.rest.inspector.test;
|
||||||
|
|
||||||
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
|
|
||||||
import javax.ws.rs.client.Entity;
|
import javax.ws.rs.client.Entity;
|
||||||
import javax.ws.rs.core.Form;
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
|
import li.strolch.rest.model.Login;
|
||||||
import li.strolch.rest.model.LoginResult;
|
import li.strolch.rest.model.LoginResult;
|
||||||
import li.strolch.rest.model.LogoutResult;
|
import li.strolch.rest.model.LogoutResult;
|
||||||
|
|
||||||
|
@ -44,11 +46,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
public void shouldAuthenticate() {
|
public void shouldAuthenticate() {
|
||||||
|
|
||||||
// login
|
// login
|
||||||
Form loginForm = new Form();
|
Login login = new Login();
|
||||||
loginForm.param("username", "jill");
|
login.setUsername("jill");
|
||||||
loginForm.param("password", "jill");
|
login.setPassword("jill");
|
||||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||||
LoginResult loginResult = result.readEntity(LoginResult.class);
|
LoginResult loginResult = result.readEntity(LoginResult.class);
|
||||||
assertNotNull(loginResult);
|
assertNotNull(loginResult);
|
||||||
|
@ -57,11 +59,8 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
assertNull(loginResult.getMsg());
|
assertNull(loginResult.getMsg());
|
||||||
|
|
||||||
// logout
|
// logout
|
||||||
Form logoutForm = new Form();
|
result = target().path(ROOT_PATH + "/" + loginResult.getSessionId()).request(MediaType.APPLICATION_JSON)
|
||||||
logoutForm.param("username", "jill");
|
.delete();
|
||||||
logoutForm.param("sessionId", loginResult.getSessionId());
|
|
||||||
entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
|
|
||||||
result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
|
|
||||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||||
assertNotNull(loginResult);
|
assertNotNull(loginResult);
|
||||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||||
|
@ -73,11 +72,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
public void shouldNotAuthenticate() {
|
public void shouldNotAuthenticate() {
|
||||||
|
|
||||||
// login
|
// login
|
||||||
Form loginForm = new Form();
|
Login login = new Login();
|
||||||
loginForm.param("username", "admin");
|
login.setUsername("admin");
|
||||||
loginForm.param("password", "blalba");
|
login.setPassword("blalba");
|
||||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
||||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||||
assertNotNull(logoutResult);
|
assertNotNull(logoutResult);
|
||||||
|
@ -88,11 +87,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
public void shouldFailLogoutIllegalSession() {
|
public void shouldFailLogoutIllegalSession() {
|
||||||
|
|
||||||
// login
|
// login
|
||||||
Form loginForm = new Form();
|
Login login = new Login();
|
||||||
loginForm.param("username", "jill");
|
login.setUsername("jill");
|
||||||
loginForm.param("password", "jill");
|
login.setPassword("jill");
|
||||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||||
LoginResult loginResult = result.readEntity(LoginResult.class);
|
LoginResult loginResult = result.readEntity(LoginResult.class);
|
||||||
assertNotNull(loginResult);
|
assertNotNull(loginResult);
|
||||||
|
@ -101,15 +100,10 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
assertNull(loginResult.getMsg());
|
assertNull(loginResult.getMsg());
|
||||||
|
|
||||||
// logout
|
// logout
|
||||||
Form logoutForm = new Form();
|
result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
|
||||||
logoutForm.param("username", "jill");
|
|
||||||
logoutForm.param("sessionId", "blabla");
|
|
||||||
entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
|
|
||||||
result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
|
|
||||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
||||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||||
assertNotNull(logoutResult);
|
assertNotNull(logoutResult);
|
||||||
assertEquals("Could not logout due to: Illegal request for username jill and sessionId blabla",
|
assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
|
||||||
logoutResult.getMsg());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue