DefaultServletTestCase.java example

Explorer
wildfly-master
package org.jboss.as.test.integration.web.response;

import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

import javax.servlet.http.HttpServletResponse;
import java.net.URL;

/**
 * Tests the "default servlet" of the web container
 *
 * @author Jaikiran Pai
 */
@RunWith(Arquillian.class)
@RunAsClient
public class DefaultServletTestCase {

    private static final String WEB_APP_CONTEXT = "default-servlet-test";
    private static final String APP_XHTML_FILE_NAME = "app.xhtml";
    private static final Logger logger = Logger.getLogger(DefaultServletTestCase.class);

    @ArquillianResource
    URL url;

    private HttpClient httpclient;

    @Deployment
    public static WebArchive deployment() {
        final WebArchive war = ShrinkWrap.create(WebArchive.class, WEB_APP_CONTEXT + ".war");
        war.addAsWebResource(DefaultServletTestCase.class.getPackage(), APP_XHTML_FILE_NAME, APP_XHTML_FILE_NAME);
        return war;
    }

    @Before
    public void setup() {
        this.httpclient = HttpClientBuilder.create().build();
    }

    /**
     * Tests that the default servlet doesn't show the source (code) of a resource when an incorrect URL is used to access that resource.
     *
     * @throws Exception
     * @see https://developer.jboss.org/thread/266805 for more details
     */
    @Test
    public void testForbidSourceFileAccess() throws Exception {
        // first try accessing the valid URL and expect it to serve the right content
        final String correctURL = url.toString() + APP_XHTML_FILE_NAME;
        final HttpGet httpGetCorrectURL = new HttpGet(correctURL);
        final HttpResponse response = this.httpclient.execute(httpGetCorrectURL);
        Assert.assertEquals("Unexpected response code for URL " + correctURL, HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
        final String content = EntityUtils.toString(response.getEntity());
        Assert.assertTrue("Unexpected content served at " + correctURL, content.contains("Hello World"));

        // now try accessing the same URL with a "." at the end of the resource name.
        // This should throw a 404 error and NOT show up the "source" content of the resource
        final String nonExistentURL = url.toString() + APP_XHTML_FILE_NAME + ".";
        final HttpGet httpGetNonExistentURL = new HttpGet(nonExistentURL);
        final HttpResponse responseForNonExistentURL = this.httpclient.execute(httpGetNonExistentURL);
        Assert.assertEquals("Unexpected response code for URL " + nonExistentURL, HttpServletResponse.SC_NOT_FOUND, responseForNonExistentURL.getStatusLine().getStatusCode());
    }
}