Package org.hdiv.config.annotation

Source Code of org.hdiv.config.annotation.HdivWebSecurityConfigurationSupportTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/**
* Copyright 2005-2013 hdiv.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.hdiv.config.annotation;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

import org.hdiv.config.HDIVConfig;
import org.hdiv.config.Strategy;
import org.hdiv.config.annotation.builders.SecurityConfigBuilder;
import org.hdiv.state.scope.StateScopeType;
import org.junit.Before;
import org.junit.Test;

public class HdivWebSecurityConfigurationSupportTest {

  private HdivWebSecurityConfigurationSupport configuration;
 
  @Before
  public void setUp() {
    configuration = new HdivWebSecurityConfigurationSupport() {
     
      @Override
      public void addExclusions(ExclusionRegistry registry) {

        registry.addUrlExclusions("/", "/login.html", "/logout.html").method("GET");
        registry.addUrlExclusions("/j_spring_security_check").method("POST");
        registry.addUrlExclusions("/attacks/.*");
       
        registry.addParamExclusions("param1.*", "param2").forUrls("/attacks/.*");
        registry.addParamExclusions("param3.*", "param4");
      }
     
      @Override
      void addLongLivingPages(LongLivingPagesRegistry registry) {
       
        registry.addLongLivingPages("/longLivingPage.html", "/longLiving/.*").scope(StateScopeType.APP);
        registry.addLongLivingPages("/longLivingPageApp.html");
      }

      @Override
      public void addRules(RuleRegistry registry) {

        registry.addRule("safeText").acceptedPattern("^[a-zA-Z0-9@.\\-_]*$");
      }

      @Override
      public void configureEditableValidation(ValidationConfigurer validationConfigurer) {

        validationConfigurer.addValidation("/secure/.*").rules("safeText").disableDefaults();
        validationConfigurer.addValidation("/safetext/.*");
      }

      @Override
      public void configure(SecurityConfigBuilder builder) {

        builder
          .sessionExpired()
            .homePage("/").loginPage("/login.html").and()
          .cipher()
            .keySize(128).and()
          .debugMode(true)
          .confidentiality(false)
          .errorPage("/customErrorPage.html")
          .randomName(true)
          .strategy(Strategy.CIPHER)
          .validateUrlsWithoutParams(false);
      }
    };
  }

  @Test
  public void config() {
    HDIVConfig config = configuration.hdivConfig();
    assertNotNull(config);
   
    assertEquals(true, config.isDebugMode());
    assertEquals(false, config.getConfidentiality());
    assertEquals("/customErrorPage.html", config.getErrorPage());
    assertEquals(true, config.isRandomName());
    assertEquals(Strategy.CIPHER, config.getStrategy());
    assertEquals(false, config.isValidationInUrlsWithoutParamsActivated());
  }
 
  @Test
  public void exclusions() {
    HDIVConfig config = configuration.hdivConfig();
    assertNotNull(config);
   
    assertEquals(true, config.isStartPage("/attacks/view.html", null));
    assertEquals(false, config.isStartPage("/j_spring_security_check", "GET"));
    assertEquals(true, config.isStartPage("/", "GET"));
   
    assertEquals(true, config.isParameterWithoutValidation("/attacks/home.html", "param1"));
    assertEquals(true, config.isParameterWithoutValidation("/attacks/home.html", "param1234"));
    assertEquals(true, config.isParameterWithoutValidation("/attacks/home.html", "param2"));
    assertEquals(false, config.isParameterWithoutValidation("/attacks/home.html", "param234"));
    assertEquals(false, config.isParameterWithoutValidation("/out/home.html", "param2"));
   
    assertEquals(true, config.isStartParameter("param3"));
    assertEquals(true, config.isStartParameter("param34"));
    assertEquals(true, config.isStartParameter("param4"));
    assertEquals(false, config.isStartParameter("param456"));
  }
 
  @Test
  public void longLivingPages(){
    HDIVConfig config = configuration.hdivConfig();
    assertNotNull(config);
   
    assertEquals("app", config.isLongLivingPages("/longLiving/sample.html"));
    assertEquals("user-session", config.isLongLivingPages("/longLivingPageApp.html"));
    assertEquals(null, config.isLongLivingPages("/noLongLiving.html"));
  }
 
}
TOP

Related Classes of org.hdiv.config.annotation.HdivWebSecurityConfigurationSupportTest

  • org.hdiv.config.HDIVConfig
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.