/*
* JBoss, Home of Professional Open Source.
* Copyright 2014, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.as.test.clustering.cluster.web.authentication;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.container.test.api.TargetsContainer;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.test.clustering.cluster.ClusterAbstractTestCase;
import org.jboss.as.test.http.util.TestHttpClientUtils;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
/**
* Validates that a user remains authenticated following failover when using FORM authentication.
* @author Paul Ferraro
*/
@RunWith(Arquillian.class)
@RunAsClient
@ServerSetup(WebSecurityDomainSetup.class)
public class FormAuthenticationWebFailoverTestCase extends ClusterAbstractTestCase {
@Deployment(name = DEPLOYMENT_1, managed = false)
@TargetsContainer(CONTAINER_1)
public static Archive<?> deployment0() {
return getDeployment();
}
@Deployment(name = DEPLOYMENT_2, managed = false)
@TargetsContainer(CONTAINER_2)
public static Archive<?> deployment1() {
return getDeployment();
}
private static Archive<?> getDeployment() {
WebArchive war = ShrinkWrap.create(WebArchive.class, "form-authentication.war");
war.addClass(SecureServlet.class);
war.setWebXML(SecureServlet.class.getPackage(), "web-form.xml");
war.addAsWebInfResource(SecureServlet.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
war.addAsResource(SecureServlet.class.getPackage(), "users.properties", "users.properties");
war.addAsResource(SecureServlet.class.getPackage(), "roles.properties", "roles.properties");
war.addAsWebResource(SecureServlet.class.getPackage(), "login.html", "login.html");
war.addAsWebResource(SecureServlet.class.getPackage(), "error.html", "error.html");
return war;
}
@Test
public void test(
@ArquillianResource(SecureServlet.class) @OperateOnDeployment(DEPLOYMENT_1) URL baseURL1,
@ArquillianResource(SecureServlet.class) @OperateOnDeployment(DEPLOYMENT_2) URL baseURL2)
throws IOException, URISyntaxException {
URI uri1 = SecureServlet.createURI(baseURL1);
URI uri2 = SecureServlet.createURI(baseURL2);
try (CloseableHttpClient client = TestHttpClientUtils.promiscuousCookieHttpClient()) {
HttpResponse response = client.execute(new HttpGet(uri1));
try {
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
Assert.assertNull(response.getFirstHeader(SecureServlet.SESSION_ID_HEADER));
} finally {
HttpClientUtils.closeQuietly(response);
}
HttpPost login = new HttpPost(baseURL1.toURI().resolve("j_security_check"));
List<NameValuePair> pairs = new ArrayList<>(2);
pairs.add(new BasicNameValuePair("j_username", "allowed"));
pairs.add(new BasicNameValuePair("j_password", "password"));
login.setEntity(new UrlEncodedFormEntity(pairs, "UTF-8"));
response = client.execute(login);
try {
Assert.assertEquals(HttpServletResponse.SC_FOUND, response.getStatusLine().getStatusCode());
} finally {
HttpClientUtils.closeQuietly(response);
}
String sessionId = null;
response = client.execute(new HttpGet(uri1));
try {
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
Assert.assertNotNull(response.getFirstHeader(SecureServlet.SESSION_ID_HEADER));
sessionId = response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue();
} finally {
HttpClientUtils.closeQuietly(response);
}
undeploy(DEPLOYMENT_1);
response = client.execute(new HttpGet(uri2));
try {
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
Assert.assertEquals(sessionId, response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue());
} finally {
HttpClientUtils.closeQuietly(response);
}
deploy(DEPLOYMENT_1);
response = client.execute(new HttpGet(uri1));
try {
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
Assert.assertEquals(sessionId, response.getFirstHeader(SecureServlet.SESSION_ID_HEADER).getValue());
} finally {
HttpClientUtils.closeQuietly(response);
}
}
}
}