LogoutTest.java

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2011, Red Hat, Inc., and individual contributors
 * by the @authors tag. See the copyright.txt in the distribution for a
 * full listing of individual contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.jboss.seam.security.test.server.identity;

import java.io.IOException;
import java.net.URL;

import javax.inject.Inject;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.test.BasicArchiveBuilder;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.solder.servlet.http.HttpSessionStatus;
import org.junit.Test;
import org.junit.runner.RunWith;

import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;

/**
 * @author <a href="http://community.jboss.org/people/LightGuard">Jason Porter</a>
 */
@RunWith(Arquillian.class)
public class LogoutTest {

    @Inject
    private Identity identity;

    @Inject
    private Credentials credential;

    private HttpSessionStatus httpSessionStatus;

    @Deployment(testable = false)
    public static Archive<?> createTestArchive() {
        WebArchive war = BasicArchiveBuilder.baseArchive("logoutTest", true);

        war.addClasses(SimpleAuthenticator.class, LogoutServlet.class);
        war.addAsWebInfResource("WEB-INF/logouttest-seam-beans.xml", "classes/META-INF/seam-beans.xml");

        return war;
    }

    /**
     * Test for SEAMSECURITY-83
     */
    @Test
    public void assertLogoutInvalidatesSession(@ArquillianResource(LogoutServlet.class) URL baseUrl) throws IOException {
        final HttpClient client = new HttpClient();

        final PostMethod put = new PostMethod(baseUrl.toString() + "logout");
        client.executeMethod(put);

        assertThat(put.getResponseBodyAsString(), is("loggedIn"));

        final DeleteMethod delete = new DeleteMethod(baseUrl.toString() + "logout");
        client.executeMethod(delete);

        assertThat(delete.getResponseBodyAsString(), is("loggedOut and session invalidated"));
    }
}