[Major] cleaned up stupid use of forms for POST and added proper sec
fixed broken tests
This commit is contained in:
parent
b6828be09b
commit
1b956fbd45
|
@ -20,6 +20,7 @@ import javax.ws.rs.Consumes;
|
|||
import javax.ws.rs.DELETE;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.GenericEntity;
|
||||
|
@ -32,7 +33,6 @@ import li.strolch.rest.RestfulStrolchComponent;
|
|||
import li.strolch.rest.StrolchSessionHandler;
|
||||
import li.strolch.rest.model.Login;
|
||||
import li.strolch.rest.model.LoginResult;
|
||||
import li.strolch.rest.model.Logout;
|
||||
import li.strolch.rest.model.LogoutResult;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
|
@ -79,7 +79,7 @@ public class AuthenticationService {
|
|||
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||
StrolchSessionHandler.class);
|
||||
String origin = request.getRemoteAddr();
|
||||
String origin = request == null ? "test" : request.getRemoteAddr();
|
||||
Certificate certificate = sessionHandler.authenticate(origin, login.getUsername(), login.getPassword()
|
||||
.getBytes());
|
||||
|
||||
|
@ -105,7 +105,8 @@ public class AuthenticationService {
|
|||
@DELETE
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response logout(Logout logout) {
|
||||
@Path("{authToken}")
|
||||
public Response logout(@PathParam("authToken") String authToken) {
|
||||
|
||||
LogoutResult logoutResult = new LogoutResult();
|
||||
|
||||
|
@ -113,22 +114,10 @@ public class AuthenticationService {
|
|||
};
|
||||
try {
|
||||
|
||||
StringBuilder sb = new StringBuilder();
|
||||
if (StringHelper.isEmpty(logout.getUsername())) {
|
||||
sb.append("Username was not given.");
|
||||
}
|
||||
if (StringHelper.isEmpty(logout.getSessionId())) {
|
||||
sb.append("SessionId was not given.");
|
||||
}
|
||||
if (sb.length() != 0) {
|
||||
logoutResult.setMsg("Could not logout due to: " + sb.toString());
|
||||
return Response.status(Status.UNAUTHORIZED).entity(logoutResult).build();
|
||||
}
|
||||
|
||||
StrolchSessionHandler sessionHandlerHandler = RestfulStrolchComponent.getInstance().getComponent(
|
||||
StrolchSessionHandler.class);
|
||||
String origin = request.getRemoteAddr();
|
||||
Certificate certificate = sessionHandlerHandler.validate(origin, logout.getSessionId());
|
||||
String origin = request == null ? "test" : request.getRemoteAddr();
|
||||
Certificate certificate = sessionHandlerHandler.validate(origin, authToken);
|
||||
sessionHandlerHandler.invalidateSession(origin, certificate);
|
||||
|
||||
return Response.ok().entity(entity).build();
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.rest.model;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@XmlAccessorType(XmlAccessType.NONE)
|
||||
@XmlRootElement(name = "Logout")
|
||||
public class Logout {
|
||||
|
||||
@XmlAttribute
|
||||
private String username;
|
||||
@XmlAttribute
|
||||
private String sessionId;
|
||||
|
||||
public Logout() {
|
||||
// no-arg constructor for JAXB
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the username
|
||||
*/
|
||||
public String getUsername() {
|
||||
return this.username;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* the username to set
|
||||
*/
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the sessionId
|
||||
*/
|
||||
public String getSessionId() {
|
||||
return this.sessionId;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param sessionId
|
||||
* the sessionId to set
|
||||
*/
|
||||
public void setSessionId(String sessionId) {
|
||||
this.sessionId = sessionId;
|
||||
}
|
||||
}
|
|
@ -15,16 +15,18 @@
|
|||
*/
|
||||
package li.strolch.rest.inspector.test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
|
||||
import javax.ws.rs.client.Entity;
|
||||
import javax.ws.rs.core.Form;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.Response.Status;
|
||||
|
||||
import li.strolch.rest.model.Login;
|
||||
import li.strolch.rest.model.LoginResult;
|
||||
import li.strolch.rest.model.LogoutResult;
|
||||
|
||||
|
@ -44,11 +46,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
|||
public void shouldAuthenticate() {
|
||||
|
||||
// login
|
||||
Form loginForm = new Form();
|
||||
loginForm.param("username", "jill");
|
||||
loginForm.param("password", "jill");
|
||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
||||
Login login = new Login();
|
||||
login.setUsername("jill");
|
||||
login.setPassword("jill");
|
||||
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||
LoginResult loginResult = result.readEntity(LoginResult.class);
|
||||
assertNotNull(loginResult);
|
||||
|
@ -57,11 +59,8 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
|||
assertNull(loginResult.getMsg());
|
||||
|
||||
// logout
|
||||
Form logoutForm = new Form();
|
||||
logoutForm.param("username", "jill");
|
||||
logoutForm.param("sessionId", loginResult.getSessionId());
|
||||
entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
|
||||
result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
|
||||
result = target().path(ROOT_PATH + "/" + loginResult.getSessionId()).request(MediaType.APPLICATION_JSON)
|
||||
.delete();
|
||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||
assertNotNull(loginResult);
|
||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||
|
@ -73,11 +72,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
|||
public void shouldNotAuthenticate() {
|
||||
|
||||
// login
|
||||
Form loginForm = new Form();
|
||||
loginForm.param("username", "admin");
|
||||
loginForm.param("password", "blalba");
|
||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
||||
Login login = new Login();
|
||||
login.setUsername("admin");
|
||||
login.setPassword("blalba");
|
||||
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||
assertNotNull(logoutResult);
|
||||
|
@ -88,11 +87,11 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
|||
public void shouldFailLogoutIllegalSession() {
|
||||
|
||||
// login
|
||||
Form loginForm = new Form();
|
||||
loginForm.param("username", "jill");
|
||||
loginForm.param("password", "jill");
|
||||
Entity<Form> entity = Entity.entity(loginForm, MediaType.APPLICATION_FORM_URLENCODED);
|
||||
Response result = target().path(ROOT_PATH + "/login").request(MediaType.APPLICATION_JSON).post(entity);
|
||||
Login login = new Login();
|
||||
login.setUsername("jill");
|
||||
login.setPassword("jill");
|
||||
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||
assertEquals(Status.OK.getStatusCode(), result.getStatus());
|
||||
LoginResult loginResult = result.readEntity(LoginResult.class);
|
||||
assertNotNull(loginResult);
|
||||
|
@ -101,15 +100,10 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
|||
assertNull(loginResult.getMsg());
|
||||
|
||||
// logout
|
||||
Form logoutForm = new Form();
|
||||
logoutForm.param("username", "jill");
|
||||
logoutForm.param("sessionId", "blabla");
|
||||
entity = Entity.entity(logoutForm, MediaType.APPLICATION_FORM_URLENCODED);
|
||||
result = target().path(ROOT_PATH + "/logout").request(MediaType.APPLICATION_JSON).post(entity);
|
||||
result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
|
||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||
assertNotNull(logoutResult);
|
||||
assertEquals("Could not logout due to: Illegal request for username jill and sessionId blabla",
|
||||
logoutResult.getMsg());
|
||||
assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue