Google Git
Sign in
apache / commons-jelly / 647e75a27372a75472d56916c235a2426aa20172 / . / jelly-tags / jetty / src / test / org / apache / commons / jelly / jetty / securityHandler.jelly
blob: ce82dd627d8b9dbdd944094ce0da4bad0b42f64d [file] [log] [blame]
<?xml version="1.0"?>
<!--
Copyright 2002,2004 The Apache Software Foundation.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<j:jelly
xmlns:j="jelly:core"
xmlns="jelly:jetty"
xmlns:http="jelly:http"
trim="false">
<j:set var="contextPathVar" value="/resourceHandlerTest"/>
<j:set var="testPort1" value="8100"/>
<j:set var="testPort2" value="8200"/>
<j:set var="testUri1" value="http://localhost:${testPort1}${contextPathVar}/resourceHandlerTest.txt"/>
<j:set var="testUri2" value="http://localhost:${testPort2}${contextPathVar}/resourceHandlerTest.txt"/>
<jettyHttpServer var="httpServerNoAccess">
<socketListener port="${testPort1}"/>
<realm name="Demo Realm" config="setup/demoRealm.properties"/>
<httpContext contextPath="${contextPathVar}" resourceBase="./docRoot/resourceHandlerTest" realmName="Demo Realm">
<securityHandler>
<constraints>
<security-constraint>
<web-resource-collection>
<web-resource-name>Default</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Demo Realm</realm-name>
</login-config>
</constraints>
</securityHandler>
<resourceHandler/>
</httpContext>
</jettyHttpServer>
<jettyHttpServer var="httpServerAllowAccess">
<socketListener port="${testPort2}"/>
<httpContext contextPath="${contextPathVar}" resourceBase="./docRoot/resourceHandlerTest">
<securityHandler>
<constraints>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Handler Test</web-resource-name>
<url-pattern>/resourceHandlerTest/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Default</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
</constraints>
</securityHandler>
<resourceHandler/>
</httpContext>
</jettyHttpServer>
<!-- get with no authentication should fail-->
<http:get var="mtc1" uri="${testUri1}"/>
<j:choose>
<j:when test="${mtc1.statusCode == 403}">
<!-- get with no authentication in allowed area should work-->
<http:get var="mtc2" uri="${testUri2}"/>
<j:choose>
<j:when test="${mtc2.statusCode == 200}">
<!-- get with authentication in controlled area should work-->
<http:get var="mtc3" uri="${testUri1}">
<http:header name="Authorization" value="Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="/>
</http:get>
<j:choose>
<j:when test="${mtc3.statusCode == 200}">
It works!
</j:when>
<j:otherwise>
Results for mtc3 url are:
http return code = ${mtc3.statusCode}
http status text = '${mtc3.statusText}'
</j:otherwise>
</j:choose>
</j:when>
<j:otherwise>
Results for mtc2 url are:
http return code = ${mtc2.statusCode}
http status text = '${mtc2.statusText}'
</j:otherwise>
</j:choose>
</j:when>
<j:otherwise>
Results for mtc1 url are:
http return code = ${mtc1.statusCode}
http status text = '${mtc1.statusText}'
</j:otherwise>
</j:choose>
${httpServerAllowAccess.stop(false)}
${httpServerNoAccess.stop(false)}
</j:jelly>