HelloSecurityTestNG.java revision ada1678a4262b208a7b87391f520a7767d25287c
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package test.security.hellojsp;
import org.testng.annotations.Configuration;
import org.testng.annotations.ExpectedExceptions;
import org.testng.annotations.Test;
import org.testng.annotations.*;
import org.testng.Assert;
import java.io.*;
import java.net.*;
import java.util.*;
/**
* Simple TestNG client for basic WAR containing one JSP,one Servlet and one static
*HTML resource.Each resources (HTML,JSP,Servlet) is invoked as a separate test.
*
*/
public class HelloSecurityTestNG {
private static final String TEST_NAME =
"simple-webapp-jspservlet-noresource";
private String strContextRoot="hellojspsecure";
static String result = "";
String host=System.getProperty("http.host");
String port=System.getProperty("http.port");
/*
*If two asserts are mentioned in one method, then last assert is taken in
*to account.
*Each method can act as one test within one test suite
*/
//@Parameters({ "host", "port", "contextroot" })
@Test(groups ={ "pulse"} ) // test method
//public void webtest(String host, String port, String contextroot) throws Exception{
public void simpleJSPTestPage() throws Exception{
try{
String testurl = "http://" + host + ":" + port + "/"+ strContextRoot + "/hello.jsp";
//System.out.println("URL is: "+testurl);
URL url = new URL(testurl);
//echo("Connecting to: " + url.toString());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
int responseCode = conn.getResponseCode();
if (responseCode == 401) {
//security constraint enforced
Assert.assertEquals(true, true, "Anonymous Client access Denied");
//echo("Anonymous Client access Denied");
} else {
echo("ERROR: Anonymous Client access was Allowed, security-constraint not Enforced correctly");
Assert.assertEquals(false, true,"Anonymous Client acess was Allowed, security-constraint not Enforced");
}
// InputStream is = conn.getInputStream();
// BufferedReader input = new BufferedReader(new InputStreamReader(is));
//
// String line = null;
// boolean result=false;
// String testLine = null;
// String EXPECTED_RESPONSE ="JSP Test Page";
// while ((line = input.readLine()) != null) {
// if(line.indexOf(EXPECTED_RESPONSE)!=-1){
// result=true;
// testLine = line;
// System.out.println(testLine);
// }
//
// }
//
// Assert.assertEquals(result, true,"Unexpected HTML");
//
}catch(Exception e){
e.printStackTrace();
throw new Exception(e);
}
}
/*
@Test(groups={"pulse"}) //test method for server
public void testServerRunning() throws Exception{
//Your server is up and running!
//
String testurl = "http://" + host + ":" + port;
//System.out.println("URL is: "+testurl);
URL url = new URL(testurl);
//echo("Connecting to: " + url.toString());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
int responseCode = conn.getResponseCode();
InputStream is = conn.getInputStream();
BufferedReader input = new BufferedReader(new InputStreamReader(is));
String line = null;
boolean result=false;
String testLine = null;
while ((line = input.readLine()) != null) {
if(line.indexOf("Your Application Server is now running")!=-1){
result=true;
testLine = line;
//echo(testLine);
}
}
Assert.assertEquals(result, true,"Unexpected HTML");
}
*/
@Test(groups ={ "pulse"} ) // test method
public void staticHTMLPageTest() throws Exception{
try{
String testurl = "http://" + host + ":" + port + "/"+ strContextRoot + "/first.html";
//System.out.println("URL is: "+testurl);
URL url = new URL(testurl);
//echo("Connecting to: " + url.toString());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
int responseCode = conn.getResponseCode();
if (responseCode == 401) {
//security constraint enforced
Assert.assertEquals(true, true, "Anonymous Client access Denied");
//echo("Anonymous Client access Denied");
} else {
echo("ERROR: Anonymous Client access was Allowed, security-constraint not Enforced correctly");
Assert.assertEquals(false, true,"Anonymous Client acess was Allowed, security-constraint not Enforced");
}
//Assert.assertEquals(responseCode, 200);
// InputStream is = conn.getInputStream();
// BufferedReader input = new BufferedReader(new InputStreamReader(is));
//
// String line = null;
// boolean result=false;
// String testLine = null;
// while ((line = input.readLine()) != null) {
// if(line.indexOf("Welcome to HTML Test Program")!=-1){
// result=true;
// testLine = line;
// System.out.println(testLine);
// }
//
// }
//
// Assert.assertEquals(result, true,"Unexpected HTML");
}catch(Exception e){
e.printStackTrace();
throw new Exception(e);
}
}
@Test(groups ={ "pulse"} ) // test method
public void simpleServletTest() throws Exception{
try{
String testurl = "http://" + host + ":" + port + "/"+ strContextRoot + "/simpleservlet";
//System.out.println("URL is: "+testurl);
URL url = new URL(testurl);
//echo("Connecting to: " + url.toString());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
int responseCode = conn.getResponseCode();
if (responseCode == 401) {
//security constraint enforced
Assert.assertEquals(true, true, "Anonymous Client access Denied");
//echo("Anonymous Client access Denied");
} else {
echo("ERROR: Anonymous Client access was Allowed, security-constraint not Enforced correctly");
Assert.assertEquals(false, true,"Anonymous Client acess was Allowed, security-constraint not Enforced");
}
// InputStream is = conn.getInputStream();
// BufferedReader input = new BufferedReader(new InputStreamReader(is));
//
// String line = null;
// boolean result=false;
// String testLine = null;
// while ((line = input.readLine()) != null) {
// if(line.indexOf("Sample Application Servlet")!=-1){
// result=true;
// testLine = line;
// echo(testLine);
// }
//
// }
//
// Assert.assertEquals(result, true,"Unexpected HTML");
}catch(Exception e){
e.printStackTrace();
throw new Exception(e);
}
}
public static void echo(String msg) {
System.out.println(msg);
}
}