/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.security;
import java.net.MalformedURLException;
import junit.framework.TestCase;
import org.apache.wicket.Page;
import org.apache.wicket.RequestCycle;
import org.apache.wicket.Session;
import org.apache.wicket.protocol.http.WebApplication;
import org.apache.wicket.protocol.http.WebRequestCycle;
import org.apache.wicket.request.target.component.BookmarkablePageRequestTarget;
import org.apache.wicket.security.authentication.LoginException;
import org.apache.wicket.security.hive.HiveMind;
import org.apache.wicket.security.hive.authentication.PrimaryLoginContext;
import org.apache.wicket.security.hive.config.PolicyFileHiveFactory;
import org.apache.wicket.security.hive.config.SwarmPolicyFileHiveFactory;
import org.apache.wicket.security.pages.MockHomePage;
import org.apache.wicket.security.pages.MockLoginPage;
import org.apache.wicket.security.strategies.WaspAuthorizationStrategy;
import org.apache.wicket.security.swarm.SwarmWebApplication;
import org.apache.wicket.util.tester.SwarmFormTester;
import org.apache.wicket.util.tester.SwarmWicketTester;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @author marrink
*/
public class SessionBindTest extends TestCase
{
private final class MyWebApplication extends SwarmWebApplication
{
@Override
protected Object getHiveKey()
{
// if we were using servlet-api 2.5 we could get the contextpath
// from the servletcontext
return "test";
}
@Override
protected void setUpHive()
{
PolicyFileHiveFactory factory = new SwarmPolicyFileHiveFactory(getActionFactory());
try
{
factory.addPolicyFile(getServletContext().getResource("WEB-INF/policy.hive"));
factory.setAlias("SimplePrincipal",
"org.apache.wicket.security.hive.authorization.SimplePrincipal");
factory.setAlias("myPackage", "org.apache.wicket.security.pages");
}
catch (MalformedURLException e)
{
log.error(e.getMessage(), e);
}
HiveMind.registerHive(getHiveKey(), factory);
}
@Override
public Class< ? extends Page> getHomePage()
{
return MockHomePage.class;
}
public Class< ? extends Page> getLoginPage()
{
return MockLoginPage.class;
}
}
private static final Logger log = LoggerFactory.getLogger(SessionBindTest.class);
/**
* The swarm application used for the test.
*/
protected WebApplication application;
/**
* Handle to the mock environment.
*/
protected SwarmWicketTester mock;
/**
* @see junit.framework.TestCase#setUp()
*/
@Override
protected void setUp()
{
mock =
new SwarmWicketTester(application = new MyWebApplication(), "src/test/java/"
+ getClass().getPackage().getName().replace('.', '/'));
}
/**
* @see junit.framework.TestCase#tearDown()
*/
@Override
protected void tearDown()
{
mock.setupRequestAndResponse();
mock.getWicketSession().invalidate();
mock.processRequestCycle();
mock.destroy();
mock = null;
application = null;
HiveMind.unregisterHive("test");
}
/**
* Test if the session is correctly bound if we login through the session.
*/
public void testSessionLogin()
{
mock.startPage(MockLoginPage.class);
mock.setupRequestAndResponse();
assertTrue(mock.getWicketSession().isTemporary());
mock.processRequestCycle(MockLoginPage.class);
// loginpage, else the homepage will be used which will trigger a bind
// because a throw restartResponseAtInterceptPageexception will trigger
// a session.bind
SwarmFormTester form = mock.newFormTester("form");
form.setValue("username", "test");
form.submit();
mock.assertRenderedPage(MockHomePage.class);
mock.setupRequestAndResponse();
assertFalse(Session.get().isTemporary());
mock.processRequestCycle(MockLoginPage.class);
}
/**
* Test if the session is correctly bound even if we do not use the session to login.
*/
public void testStrategyLogin()
{
mock.startPage(MockLoginPage.class);
mock.setupRequestAndResponse();
assertTrue(mock.getWicketSession().isTemporary());
mock.processRequestCycle(MockLoginPage.class);
// loginpage, else the homepage will be used which will trigger a bind
// because a throw restartResponseAtInterceptPageexception will trigger
// a session.bind
mock.setupRequestAndResponse();
try
{
((WaspAuthorizationStrategy) mock.getWicketSession().getAuthorizationStrategy())
.login(new PrimaryLoginContext());
}
catch (LoginException e)
{
fail(e.getMessage());
}
// hack to prevent mock from throwing away the requestcycle with our
// subject
WebRequestCycle cycle = ((WebRequestCycle) RequestCycle.get());
assertNotNull(cycle);
try
{
cycle.request(new BookmarkablePageRequestTarget(MockLoginPage.class, null));
}
finally
{
cycle.getResponse().close();
}
mock.postProcessRequestCycle(cycle);
// mock.processRequestCycle(MockLoginPage.class);
mock.setupRequestAndResponse();
assertFalse(Session.get().isTemporary());
mock.processRequestCycle(MockLoginPage.class);
}
}