src/test/java/org/apache/sling/auth/form/it/SLING10290IT.java - sling-org-apache-sling-auth-form - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.sling.auth.form.it;

 import static org.apache.sling.testing.paxexam.SlingOptions.slingScriptingSightly;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.ops4j.pax.exam.cm.ConfigurationAdminOptions.factoryConfiguration;
 import static org.ops4j.pax.exam.cm.ConfigurationAdminOptions.newConfiguration;

 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Dictionary;
 import java.util.List;

 import javax.inject.Inject;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.http.Header;
 import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.protocol.HttpClientContext;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.cookie.CookieOrigin;
 import org.apache.http.cookie.CookieSpec;
 import org.apache.http.cookie.MalformedCookieException;
 import org.apache.http.impl.client.BasicCookieStore;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.cookie.DefaultCookieSpec;
 import org.apache.http.message.BasicNameValuePair;
 import org.apache.http.util.EntityUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.ops4j.pax.exam.Option;
 import org.ops4j.pax.exam.junit.PaxExam;
 import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
 import org.ops4j.pax.exam.spi.reactors.PerClass;
 import org.osgi.service.cm.Configuration;
 import org.osgi.service.cm.ConfigurationAdmin;

 /**
  * integration tests to verify fix for SLING-10290
  */
 @RunWith(PaxExam.class)
 @ExamReactorStrategy(PerClass.class)
 public class SLING10290IT extends AuthFormTestSupport {

     @Inject
     private ConfigurationAdmin cm;

     private static final String COOKIE_SLING_FORMAUTH = "sling.formauth";
     private static final String HEADER_SET_COOKIE = "Set-Cookie";

     private URI baseServerUri;
     private HttpClientContext httpContext;
     private CloseableHttpClient httpClient;

     @Override
     protected Option[] additionalOptions() throws IOException {
         // create a tinybundle that contains a test script
         final List<String> resourcePaths = Arrays.asList("/apps/sling/OrderedFolder/SLING10290IT.html");
         final String bundleResourcesHeader = String.join(",", resourcePaths);
         final Option bundle = buildBundleResourcesBundle(bundleResourcesHeader, resourcePaths);

         return new Option[]{
             // add sightly support for the test script
             slingScriptingSightly(),

             // add the test script tinybundle
             bundle,

             // change the formauth timeout to 1 minute so we don't have to wait a long
             //   time for the testRefreshCookieOnRequestAfterHalfExpirationDuration test
             newConfiguration("org.apache.sling.auth.form.FormAuthenticationHandler")
                 .put("form.auth.timeout", "1")
             .asOption(),

             // enable the healthcheck configuration for checking when the server is ready to
             //  receive http requests.  (adapted from the starter healthcheck.json configuration)
             factoryConfiguration("org.apache.felix.hc.generalchecks.FrameworkStartCheck")
                 .put("hc.tags", new String[] {"systemalive"})
                 .put("targetStartLevel", 5)
                 .asOption(),
             factoryConfiguration("org.apache.felix.hc.generalchecks.ServicesCheck")
                 .put("hc.tags", new String[] {"systemalive"})
                 .put("services.list", new String[] {
                         "org.apache.sling.jcr.api.SlingRepository",
                         "org.apache.sling.engine.auth.Authenticator",
                         "org.apache.sling.api.resource.ResourceResolverFactory",
                         "org.apache.sling.api.servlets.ServletResolver",
                         "javax.script.ScriptEngineManager"
                 })
                 .asOption(),
             factoryConfiguration("org.apache.felix.hc.generalchecks.BundlesStartedCheck")
                 .put("hc.tags", new String[] {"bundles"})
                 .asOption(),
             factoryConfiguration("org.apache.sling.jcr.contentloader.hc.BundleContentLoadedCheck")
                 .put("hc.tags", new String[] {"bundles"})
                 .asOption(),
         };
     }

     @Before
     public void before() throws IOException, URISyntaxException {
         // wait for the health checks to be OK
         waitForServerReady(Duration.ofMinutes(1).toMillis(), 500);

         // calculate the address of the http server
         baseServerUri = getBaseServerUri();
         assertNotNull(baseServerUri);

         // prepare the http client for the test user
         httpContext = HttpClientContext.create();
         httpContext.setCookieStore(new BasicCookieStore());
         httpClient = HttpClients.custom()
                 .disableRedirectHandling()
                 .build();
     }

     @After
     public void after() throws IOException {
         // close/cleanup the test user http client
         if (httpClient != null) {
             httpClient.close();
             httpClient = null;
         }

         // clear out other state
         httpContext = null;
         baseServerUri = null;
     }

     /**
      * Verify that the formauth cookie is sent appropriately after login
      */
     @Test
     public void testSetCookieOnFirstRequestAfterLogin() throws MalformedCookieException, IOException {
         doFormsLogin();
     }

     /**
      * Verify that the formauth cookie is not re-sent on each request after login
      */
     @Test
     public void testNoSetCookieOnSecondRequestAfterLogin() throws MalformedCookieException, IOException {
         // 1. login as the test user
         doFormsLogin();

         // 2. do another request
         HttpGet request = new HttpGet(whoamiUri());
         try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
             assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
             Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
             assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie);
         }
     }

     /**
      * Verify that the formauth cookie is refreshed on the first request after half the session duration
      * has occurred
      */
     @Test
     public void testRefreshCookieOnRequestAfterHalfExpirationDuration() throws InterruptedException, MalformedCookieException, IOException {
         // 1. login as the test user
         doFormsLogin();

         // 2. wait for half the session timeout expiration duration
         Thread.sleep((Duration.ofMinutes(1).toMillis() / 2) + 1); // NOSONAR

         // 3. do another request to trigger the cookie refresh
         HttpGet request = new HttpGet(whoamiUri());
         try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
             assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
             Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
             assertNotNull("Expected a refreshed formauth cookie in the response", parsedFormauthCookie);
         }

         // 4. do another request to verify that subsequent request after
         //    the cookie refresh do not send an additional formauth cookie
         try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
             assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
             Cookie parsedFormauthCookie2 = parseFormAuthCookieFromHeaders(response);
             assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie2);
         }
     }

     /**
      * Calculate the base server URI from the current configuration of the
      * httpservice
      */
     private URI getBaseServerUri() throws IOException, URISyntaxException {
         assertNotNull(cm);
         Configuration httpServiceConfiguration = cm.getConfiguration("org.apache.felix.http");
         Dictionary<String, Object> properties = httpServiceConfiguration.getProperties();

         String host;
         Object hostObj = properties.get("org.apache.felix.http.host");
         if (hostObj == null) {
             host = "localhost";
         } else {
             assertTrue(hostObj instanceof String);
             host = (String)hostObj;
         }
         assertNotNull(host);

         String scheme = null;
         Object portObj = null;
         Object httpsEnableObj = properties.get("org.apache.felix.https.enable");
         if ("true".equals(httpsEnableObj)) {
             scheme = "https";
             portObj = properties.get("org.osgi.service.http.port.secure");
         } else {
             Object httpEnableObj = properties.get("org.apache.felix.http.enable");
             if (httpEnableObj == null || "true".equals(httpEnableObj)) {
                 scheme = "http";
                 portObj = properties.get("org.osgi.service.http.port");
             } else {
                 fail("Expected either http or https to be enabled");
             }
         }
         int port = -1;
         if (portObj instanceof Number) {
             port = ((Number)portObj).intValue();
         }
         assertTrue(port > 0);

         return new URI(String.format("%s://%s:%d", scheme, host, port));
     }

     /**
      * @return the address of the whoami script
      */
     private String whoamiUri() {
         return String.format("%s/content.SLING10290IT.html", baseServerUri);
     }

     /**
      * Perform the http calls to login the test user via the forms based login
      */
     private void doFormsLogin() throws MalformedCookieException, IOException {
         // before login, there should be no formauth cookie in the cookie store
         Cookie formauthCookie = getFormAuthCookieFromCookieStore();
         assertNull("Did not expect formauth cookie in the cookie store", formauthCookie);

         // verify that the script shows us as not logged in
         HttpGet whoamiRequest = new HttpGet(whoamiUri());
         try (CloseableHttpResponse whoamiResponse = httpClient.execute(whoamiRequest, httpContext)) {
             assertEquals(HttpServletResponse.SC_OK, whoamiResponse.getStatusLine().getStatusCode());
             String content = EntityUtils.toString(whoamiResponse.getEntity());
             assertTrue(content.contains("whoAmI"));
             assertTrue(content.contains("anonymous"));
         }

         // send the form login request
         List<NameValuePair> parameters = new ArrayList<>();
         parameters.add(new BasicNameValuePair("j_username", FORM_AUTH_VERIFY_USER));
         parameters.add(new BasicNameValuePair("j_password", FORM_AUTH_VERIFY_PWD));
         parameters.add(new BasicNameValuePair("_charset_", StandardCharsets.UTF_8.name()));
         parameters.add(new BasicNameValuePair("resource", "/content.SLING10290IT.html"));
         HttpPost request = new HttpPost(String.format("%s/j_security_check", baseServerUri));
         request.setEntity(new UrlEncodedFormEntity(parameters));
         Header locationHeader = null;
         try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
             assertEquals(HttpServletResponse.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
             locationHeader = response.getFirstHeader("Location");

             // verify that the expected set-cookie header arrived
             Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
             assertNotNull("Expected a formauth cookie in the response", parsedFormauthCookie);
         }

         // after login, there should be now be a cookie in the cookie store
         Cookie formauthCookie2 = getFormAuthCookieFromCookieStore();
         assertNotNull("Expected a formauth cookie in the cookie store", formauthCookie2);

         // and then follow the redirect
         assertNotNull("Expected a 'Location' header", locationHeader);
         // verify that the script shows us logged in as the test user
         HttpGet followedRequest = new HttpGet(locationHeader.getValue());
         try (CloseableHttpResponse followedResponse = httpClient.execute(followedRequest, httpContext)) {
             assertEquals(HttpServletResponse.SC_OK, followedResponse.getStatusLine().getStatusCode());
             String content = EntityUtils.toString(followedResponse.getEntity());
             assertTrue(content.contains("whoAmI"));
             assertTrue(content.contains(FORM_AUTH_VERIFY_USER));

             // there should be no new formauth cookie on the followed response
             Cookie parsedFormauthCookie2 = parseFormAuthCookieFromHeaders(followedResponse);
             assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie2);
         }
     }

     /**
      * Retrieve the formauth cookie from the cookie store
      *
      * @return the formauth cookie or null if not found
      */
     private Cookie getFormAuthCookieFromCookieStore() {
         Cookie formauthCookie = null;
         List<Cookie> cookies = httpContext.getCookieStore().getCookies();
         if (cookies != null) {
             for (Cookie c : cookies) {
                 if (COOKIE_SLING_FORMAUTH.equals(c.getName())) {
                     formauthCookie = c;
                 }
             }
         }
         return formauthCookie;
     }

     /**
      * Parse the formauth cookie out of the headers sent on the response
      *
      * @param response the response from the http request
      * @return the found cookie or null if not found
      */
     private Cookie parseFormAuthCookieFromHeaders(HttpResponse response) throws MalformedCookieException {
         Header [] cookieHeaders = response.getHeaders(HEADER_SET_COOKIE);
         assertNotNull(cookieHeaders);

         Cookie parsedFormauthCookie = null;
         CookieSpec cookieSpec = new DefaultCookieSpec();
         CookieOrigin origin = new CookieOrigin(baseServerUri.getHost(), baseServerUri.getPort(),
                 baseServerUri.getPath(), "https".equals(baseServerUri.getScheme()));
         for (Header cookieHeader : cookieHeaders) {
             List<Cookie> parsedCookies = cookieSpec.parse(cookieHeader, origin);
             for (Cookie c : parsedCookies) {
                 if (COOKIE_SLING_FORMAUTH.equals(c.getName())) {
                     if (parsedFormauthCookie != null) {
                         fail(String.format("Did not expect more than one %s cookie", c.getName()));
                     }
                     parsedFormauthCookie = c;
                 }
             }
         }
         return parsedFormauthCookie;
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.sling.auth.form.it;

	import static org.apache.sling.testing.paxexam.SlingOptions.slingScriptingSightly;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertNull;
	import static org.junit.Assert.assertTrue;
	import static org.junit.Assert.fail;
	import static org.ops4j.pax.exam.cm.ConfigurationAdminOptions.factoryConfiguration;
	import static org.ops4j.pax.exam.cm.ConfigurationAdminOptions.newConfiguration;

	import java.io.IOException;
	import java.net.URI;
	import java.net.URISyntaxException;
	import java.nio.charset.StandardCharsets;
	import java.time.Duration;
	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Dictionary;
	import java.util.List;

	import javax.inject.Inject;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.http.Header;
	import org.apache.http.HttpResponse;
	import org.apache.http.NameValuePair;
	import org.apache.http.client.entity.UrlEncodedFormEntity;
	import org.apache.http.client.methods.CloseableHttpResponse;
	import org.apache.http.client.methods.HttpGet;
	import org.apache.http.client.methods.HttpPost;
	import org.apache.http.client.protocol.HttpClientContext;
	import org.apache.http.cookie.Cookie;
	import org.apache.http.cookie.CookieOrigin;
	import org.apache.http.cookie.CookieSpec;
	import org.apache.http.cookie.MalformedCookieException;
	import org.apache.http.impl.client.BasicCookieStore;
	import org.apache.http.impl.client.CloseableHttpClient;
	import org.apache.http.impl.client.HttpClients;
	import org.apache.http.impl.cookie.DefaultCookieSpec;
	import org.apache.http.message.BasicNameValuePair;
	import org.apache.http.util.EntityUtils;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.ops4j.pax.exam.Option;
	import org.ops4j.pax.exam.junit.PaxExam;
	import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
	import org.ops4j.pax.exam.spi.reactors.PerClass;
	import org.osgi.service.cm.Configuration;
	import org.osgi.service.cm.ConfigurationAdmin;

	/**
	* integration tests to verify fix for SLING-10290
	*/
	@RunWith(PaxExam.class)
	@ExamReactorStrategy(PerClass.class)
	public class SLING10290IT extends AuthFormTestSupport {

	@Inject
	private ConfigurationAdmin cm;

	private static final String COOKIE_SLING_FORMAUTH = "sling.formauth";
	private static final String HEADER_SET_COOKIE = "Set-Cookie";

	private URI baseServerUri;
	private HttpClientContext httpContext;
	private CloseableHttpClient httpClient;

	@Override
	protected Option[] additionalOptions() throws IOException {
	// create a tinybundle that contains a test script
	final List<String> resourcePaths = Arrays.asList("/apps/sling/OrderedFolder/SLING10290IT.html");
	final String bundleResourcesHeader = String.join(",", resourcePaths);
	final Option bundle = buildBundleResourcesBundle(bundleResourcesHeader, resourcePaths);

	return new Option[]{
	// add sightly support for the test script
	slingScriptingSightly(),

	// add the test script tinybundle
	bundle,

	// change the formauth timeout to 1 minute so we don't have to wait a long
	// time for the testRefreshCookieOnRequestAfterHalfExpirationDuration test
	newConfiguration("org.apache.sling.auth.form.FormAuthenticationHandler")
	.put("form.auth.timeout", "1")
	.asOption(),

	// enable the healthcheck configuration for checking when the server is ready to
	// receive http requests. (adapted from the starter healthcheck.json configuration)
	factoryConfiguration("org.apache.felix.hc.generalchecks.FrameworkStartCheck")
	.put("hc.tags", new String[] {"systemalive"})
	.put("targetStartLevel", 5)
	.asOption(),
	factoryConfiguration("org.apache.felix.hc.generalchecks.ServicesCheck")
	.put("hc.tags", new String[] {"systemalive"})
	.put("services.list", new String[] {
	"org.apache.sling.jcr.api.SlingRepository",
	"org.apache.sling.engine.auth.Authenticator",
	"org.apache.sling.api.resource.ResourceResolverFactory",
	"org.apache.sling.api.servlets.ServletResolver",
	"javax.script.ScriptEngineManager"
	})
	.asOption(),
	factoryConfiguration("org.apache.felix.hc.generalchecks.BundlesStartedCheck")
	.put("hc.tags", new String[] {"bundles"})
	.asOption(),
	factoryConfiguration("org.apache.sling.jcr.contentloader.hc.BundleContentLoadedCheck")
	.put("hc.tags", new String[] {"bundles"})
	.asOption(),
	};
	}

	@Before
	public void before() throws IOException, URISyntaxException {
	// wait for the health checks to be OK
	waitForServerReady(Duration.ofMinutes(1).toMillis(), 500);

	// calculate the address of the http server
	baseServerUri = getBaseServerUri();
	assertNotNull(baseServerUri);

	// prepare the http client for the test user
	httpContext = HttpClientContext.create();
	httpContext.setCookieStore(new BasicCookieStore());
	httpClient = HttpClients.custom()
	.disableRedirectHandling()
	.build();
	}

	@After
	public void after() throws IOException {
	// close/cleanup the test user http client
	if (httpClient != null) {
	httpClient.close();
	httpClient = null;
	}

	// clear out other state
	httpContext = null;
	baseServerUri = null;
	}

	/**
	* Verify that the formauth cookie is sent appropriately after login
	*/
	@Test
	public void testSetCookieOnFirstRequestAfterLogin() throws MalformedCookieException, IOException {
	doFormsLogin();
	}

	/**
	* Verify that the formauth cookie is not re-sent on each request after login
	*/
	@Test
	public void testNoSetCookieOnSecondRequestAfterLogin() throws MalformedCookieException, IOException {
	// 1. login as the test user
	doFormsLogin();

	// 2. do another request
	HttpGet request = new HttpGet(whoamiUri());
	try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
	assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
	Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
	assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie);
	}
	}

	/**
	* Verify that the formauth cookie is refreshed on the first request after half the session duration
	* has occurred
	*/
	@Test
	public void testRefreshCookieOnRequestAfterHalfExpirationDuration() throws InterruptedException, MalformedCookieException, IOException {
	// 1. login as the test user
	doFormsLogin();

	// 2. wait for half the session timeout expiration duration
	Thread.sleep((Duration.ofMinutes(1).toMillis() / 2) + 1); // NOSONAR

	// 3. do another request to trigger the cookie refresh
	HttpGet request = new HttpGet(whoamiUri());
	try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
	assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
	Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
	assertNotNull("Expected a refreshed formauth cookie in the response", parsedFormauthCookie);
	}

	// 4. do another request to verify that subsequent request after
	// the cookie refresh do not send an additional formauth cookie
	try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
	assertEquals(HttpServletResponse.SC_OK, response.getStatusLine().getStatusCode());
	Cookie parsedFormauthCookie2 = parseFormAuthCookieFromHeaders(response);
	assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie2);
	}
	}

	/**
	* Calculate the base server URI from the current configuration of the
	* httpservice
	*/
	private URI getBaseServerUri() throws IOException, URISyntaxException {
	assertNotNull(cm);
	Configuration httpServiceConfiguration = cm.getConfiguration("org.apache.felix.http");
	Dictionary<String, Object> properties = httpServiceConfiguration.getProperties();

	String host;
	Object hostObj = properties.get("org.apache.felix.http.host");
	if (hostObj == null) {
	host = "localhost";
	} else {
	assertTrue(hostObj instanceof String);
	host = (String)hostObj;
	}
	assertNotNull(host);

	String scheme = null;
	Object portObj = null;
	Object httpsEnableObj = properties.get("org.apache.felix.https.enable");
	if ("true".equals(httpsEnableObj)) {
	scheme = "https";
	portObj = properties.get("org.osgi.service.http.port.secure");
	} else {
	Object httpEnableObj = properties.get("org.apache.felix.http.enable");
	if (httpEnableObj == null \|\| "true".equals(httpEnableObj)) {
	scheme = "http";
	portObj = properties.get("org.osgi.service.http.port");
	} else {
	fail("Expected either http or https to be enabled");
	}
	}
	int port = -1;
	if (portObj instanceof Number) {
	port = ((Number)portObj).intValue();
	}
	assertTrue(port > 0);

	return new URI(String.format("%s://%s:%d", scheme, host, port));
	}

	/**
	* @return the address of the whoami script
	*/
	private String whoamiUri() {
	return String.format("%s/content.SLING10290IT.html", baseServerUri);
	}

	/**
	* Perform the http calls to login the test user via the forms based login
	*/
	private void doFormsLogin() throws MalformedCookieException, IOException {
	// before login, there should be no formauth cookie in the cookie store
	Cookie formauthCookie = getFormAuthCookieFromCookieStore();
	assertNull("Did not expect formauth cookie in the cookie store", formauthCookie);

	// verify that the script shows us as not logged in
	HttpGet whoamiRequest = new HttpGet(whoamiUri());
	try (CloseableHttpResponse whoamiResponse = httpClient.execute(whoamiRequest, httpContext)) {
	assertEquals(HttpServletResponse.SC_OK, whoamiResponse.getStatusLine().getStatusCode());
	String content = EntityUtils.toString(whoamiResponse.getEntity());
	assertTrue(content.contains("whoAmI"));
	assertTrue(content.contains("anonymous"));
	}

	// send the form login request
	List<NameValuePair> parameters = new ArrayList<>();
	parameters.add(new BasicNameValuePair("j_username", FORM_AUTH_VERIFY_USER));
	parameters.add(new BasicNameValuePair("j_password", FORM_AUTH_VERIFY_PWD));
	parameters.add(new BasicNameValuePair("_charset_", StandardCharsets.UTF_8.name()));
	parameters.add(new BasicNameValuePair("resource", "/content.SLING10290IT.html"));
	HttpPost request = new HttpPost(String.format("%s/j_security_check", baseServerUri));
	request.setEntity(new UrlEncodedFormEntity(parameters));
	Header locationHeader = null;
	try (CloseableHttpResponse response = httpClient.execute(request, httpContext)) {
	assertEquals(HttpServletResponse.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
	locationHeader = response.getFirstHeader("Location");

	// verify that the expected set-cookie header arrived
	Cookie parsedFormauthCookie = parseFormAuthCookieFromHeaders(response);
	assertNotNull("Expected a formauth cookie in the response", parsedFormauthCookie);
	}

	// after login, there should be now be a cookie in the cookie store
	Cookie formauthCookie2 = getFormAuthCookieFromCookieStore();
	assertNotNull("Expected a formauth cookie in the cookie store", formauthCookie2);

	// and then follow the redirect
	assertNotNull("Expected a 'Location' header", locationHeader);
	// verify that the script shows us logged in as the test user
	HttpGet followedRequest = new HttpGet(locationHeader.getValue());
	try (CloseableHttpResponse followedResponse = httpClient.execute(followedRequest, httpContext)) {
	assertEquals(HttpServletResponse.SC_OK, followedResponse.getStatusLine().getStatusCode());
	String content = EntityUtils.toString(followedResponse.getEntity());
	assertTrue(content.contains("whoAmI"));
	assertTrue(content.contains(FORM_AUTH_VERIFY_USER));

	// there should be no new formauth cookie on the followed response
	Cookie parsedFormauthCookie2 = parseFormAuthCookieFromHeaders(followedResponse);
	assertNull("Did not expect a formauth cookie in the response", parsedFormauthCookie2);
	}
	}

	/**
	* Retrieve the formauth cookie from the cookie store
	*
	* @return the formauth cookie or null if not found
	*/
	private Cookie getFormAuthCookieFromCookieStore() {
	Cookie formauthCookie = null;
	List<Cookie> cookies = httpContext.getCookieStore().getCookies();
	if (cookies != null) {
	for (Cookie c : cookies) {
	if (COOKIE_SLING_FORMAUTH.equals(c.getName())) {
	formauthCookie = c;
	}
	}
	}
	return formauthCookie;
	}

	/**
	* Parse the formauth cookie out of the headers sent on the response
	*
	* @param response the response from the http request
	* @return the found cookie or null if not found
	*/
	private Cookie parseFormAuthCookieFromHeaders(HttpResponse response) throws MalformedCookieException {
	Header [] cookieHeaders = response.getHeaders(HEADER_SET_COOKIE);
	assertNotNull(cookieHeaders);

	Cookie parsedFormauthCookie = null;
	CookieSpec cookieSpec = new DefaultCookieSpec();
	CookieOrigin origin = new CookieOrigin(baseServerUri.getHost(), baseServerUri.getPort(),
	baseServerUri.getPath(), "https".equals(baseServerUri.getScheme()));
	for (Header cookieHeader : cookieHeaders) {
	List<Cookie> parsedCookies = cookieSpec.parse(cookieHeader, origin);
	for (Cookie c : parsedCookies) {
	if (COOKIE_SLING_FORMAUTH.equals(c.getName())) {
	if (parsedFormauthCookie != null) {
	fail(String.format("Did not expect more than one %s cookie", c.getName()));
	}
	parsedFormauthCookie = c;
	}
	}
	}
	return parsedFormauthCookie;
	}

	}