/*
* JBoss, Home of Professional Open Source.
* Copyright 2017, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.wildfly.test.integration.elytron.audit;
import java.net.URL;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.TimeUnit;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.test.integration.security.common.Utils;
import org.jboss.as.test.syslogserver.BlockedSyslogServerEventHandler;
import org.junit.Ignore;
import org.junit.Test;
import org.productivity.java.syslog4j.server.SyslogServer;
import org.productivity.java.syslog4j.server.SyslogServerConfigIF;
import org.productivity.java.syslog4j.server.SyslogServerEventIF;
import static javax.servlet.http.HttpServletResponse.SC_OK;
import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
import static org.junit.Assert.assertTrue;
import static org.wildfly.test.integration.elytron.audit.AbstractAuditLogTestCase.SUCCESSFUL_AUTH_EVENT;
/**
* Abstract class for Elytron Audit Logging tests. Tests are placed here as well as a couple of syslog-specific helper methods.
*
* @author Jan Tymel
*/
public abstract class AbstractSyslogAuditLogTestCase extends AbstractAuditLogTestCase {
/**
* Tests whether successful authentication was logged.
*/
@Test
@OperateOnDeployment(SD_DEFAULT)
public void testSuccessfulAuth(@ArquillianResource URL url) throws Exception {
final URL servletUrl = new URL(url.toExternalForm() + "role1");
final BlockingQueue<SyslogServerEventIF> queue = BlockedSyslogServerEventHandler.getQueue();
queue.clear();
Utils.makeCallWithBasicAuthn(servletUrl, USER, PASSWORD, SC_OK);
assertTrue("Successful authentication was not logged", loggedSuccessfulAuth(queue, USER));
}
/**
* Tests whether failed authentication was logged.
*/
@Test
@OperateOnDeployment(SD_DEFAULT)
public void testFailedAuth(@ArquillianResource URL url) throws Exception {
final URL servletUrl = new URL(url.toExternalForm() + "role1");
final BlockingQueue<SyslogServerEventIF> queue = BlockedSyslogServerEventHandler.getQueue();
queue.clear();
Utils.makeCallWithBasicAuthn(servletUrl, UNKNOWN_USER, PASSWORD, SC_UNAUTHORIZED);
assertTrue("Failed authentication was not logged", loggedFailedAuth(queue, UNKNOWN_USER));
}
/**
* Tests whether authentication with empty username was logged.
*/
@Ignore("https://issues.jboss.org/browse/ELY-1171")
@Test
@OperateOnDeployment(SD_DEFAULT)
public void testAuthWithEmptyName() throws Exception {
final URL servletUrl = new URL(url.toExternalForm() + "role1");
final BlockingQueue<SyslogServerEventIF> queue = BlockedSyslogServerEventHandler.getQueue();
queue.clear();
Utils.makeCallWithBasicAuthn(servletUrl, "", PASSWORD, SC_UNAUTHORIZED);
assertTrue("Authentication with empty username was not logged", loggedFailedAuth(queue, USER));
}
/**
* Tests whether successful permission check was logged.
*/
@Test
@OperateOnDeployment(SD_DEFAULT)
public void testSuccessfulPermissionCheck() throws Exception {
final URL servletUrl = new URL(url.toExternalForm() + "role1");
final BlockingQueue<SyslogServerEventIF> queue = BlockedSyslogServerEventHandler.getQueue();
queue.clear();
Utils.makeCallWithBasicAuthn(servletUrl, USER, PASSWORD, SC_OK);
assertTrue("Successful permission check was not logged", loggedSuccessfulPermissionCheck(queue, USER));
}
/**
* Tests whether failed permission check was logged.
*/
@Test
@OperateOnDeployment(SD_WITHOUT_LOGIN_PERMISSION)
public void testFailedPermissionCheck() throws Exception {
final URL servletUrl = new URL(url.toExternalForm() + "role1");
final BlockingQueue<SyslogServerEventIF> queue = BlockedSyslogServerEventHandler.getQueue();
queue.clear();
Utils.makeCallWithBasicAuthn(servletUrl, USER, PASSWORD, SC_UNAUTHORIZED);
assertTrue("Failed permission check was not logged", loggedFailedPermissionCheck(queue, USER));
}
protected static boolean loggedSuccessfulAuth(BlockingQueue<SyslogServerEventIF> queue, String user) throws Exception {
return loggedAuthResult(queue, user, SUCCESSFUL_AUTH_EVENT);
}
protected static boolean loggedFailedAuth(BlockingQueue<SyslogServerEventIF> queue, String user) throws Exception {
return loggedAuthResult(queue, user, UNSUCCESSFUL_AUTH_EVENT);
}
protected static boolean loggedSuccessfulPermissionCheck(BlockingQueue<SyslogServerEventIF> queue, String user) throws Exception {
return loggedAuthResult(queue, user, SUCCESSFUL_PERMISSION_CHECK_EVENT);
}
protected static boolean loggedFailedPermissionCheck(BlockingQueue<SyslogServerEventIF> queue, String user) throws Exception {
return loggedAuthResult(queue, user, UNSUCCESSFUL_PERMISSION_CHECK_EVENT);
}
protected static boolean loggedAuthResult(BlockingQueue<SyslogServerEventIF> queue, String user, String expectedEvent) throws Exception {
SyslogServerEventIF log = queue.poll(15L, TimeUnit.SECONDS);
if (log == null) {
return false;
}
String logString = log.getMessage();
return (logString.contains(expectedEvent) && logString.contains(user));
}
protected static void setupAndStartSyslogServer(SyslogServerConfigIF config, String host, int port, String protocol) throws Exception {
// clear created server instances (TCP/UDP)
SyslogServer.shutdown();
config.setPort(port);
config.setHost(host);
config.setUseStructuredData(true);
config.addEventHandler(new BlockedSyslogServerEventHandler());
SyslogServer.createInstance(protocol, config);
// start syslog server
SyslogServer.getThreadedInstance(protocol);
}
protected static void stopSyslogServer() throws Exception {
SyslogServer.shutdown();
}
}