blob: 48b23e32b1ebaf1c4bbb06c3d3a2a2a3b104fa08 [file] [log] [blame]
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
import static;
import static;
import static;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static;
import static org.ops4j.pax.exam.CoreOptions.when;
import static;
import static;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthCache;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.junit.After;
import org.junit.Before;
import org.ops4j.pax.exam.Option;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceRegistration;
* base class for tests doing http requests to verify calls to the usermanager
* servlets
public abstract class UserManagerClientTestSupport extends UserManagerTestSupport {
protected static final int SC_UNPROCESSABLE_ENTITY = 422; // http status code for 422 Unprocessable Entity
protected static final String TEST_FOLDER_JSON = "{'jcr:primaryType': 'nt:unstructured'}";
protected static final String CONTENT_TYPE_JSON = "application/json";
protected static final String CONTENT_TYPE_HTML = "text/html";
protected static long randomId = System.currentTimeMillis();
protected static synchronized long getNextInt() {
final long val = randomId;
return val;
protected ConfigurationAdmin cm;
protected ServiceRegistration<PostResponseCreator> serviceReg;
protected static final String COOKIE_SLING_FORMAUTH = "sling.formauth";
protected static final String COOKIE_SLING_FORMAUTH_DOMAIN = "sling.formauth.cookie.domain";
protected static final String HEADER_SET_COOKIE = "Set-Cookie";
protected URI baseServerUri;
protected HttpClientContext httpContext;
protected CloseableHttpClient httpClient;
protected String testUserId = null;
protected String testUserId2 = null;
protected String testUserId3 = null;
protected String testGroupId = null;
protected String testGroupId2 = null;
protected String testFolderUrl = null;
protected Option[] additionalOptions() {
// optionally create a tinybundle that contains a test script
final Option bundle = buildBundleResourcesBundle();
return new Option[]{
// for usermanager support
// add javascript support for the test script
when(bundle != null).useOptions(slingScriptingJavascript()),
// add the test script tinybundle
when(bundle != null).useOptions(bundle),
// enable the healthcheck configuration for checking when the server is ready to
// receive http requests. (adapted from the starter healthcheck.json configuration)
.put("hc.tags", new String[] {"systemalive"})
.put("targetStartLevel", 5)
.put("hc.tags", new String[] {"systemalive"})
.put("services.list", new String[] {
.put("hc.tags", new String[] {"bundles"})
.put("hc.tags", new String[] {"bundles"})
// SLING-10902 configure principal name hint
.put("principalNameHints", new String[] {"displayName"})
public void before() throws IOException, URISyntaxException {
Bundle bundle = FrameworkUtil.getBundle(getClass());
Dictionary<String, Object> props = new Hashtable<>(); // NOSONAR
serviceReg = bundle.getBundleContext().registerService(PostResponseCreator.class,
new CustomPostResponseCreatorImpl(), props);
// wait for the health checks to be OK
waitForServerReady(Duration.ofMinutes(1).toMillis(), 500);
// calculate the address of the http server
baseServerUri = getBaseServerUri();
HttpHost targetHost = new HttpHost(baseServerUri.getHost(), baseServerUri.getPort(), baseServerUri.getScheme());
AuthCache authCache = new BasicAuthCache();
authCache.put(targetHost, new BasicScheme());
// prepare the http client for the test user
httpContext = HttpClientContext.create();
httpContext.setCookieStore(new BasicCookieStore());
httpContext.setCredentialsProvider(new BasicCredentialsProvider());
RequestConfig requestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD_STRICT).build();
httpClient = HttpClients.custom()
public void after() throws IOException {
if (serviceReg != null) {
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
if (testFolderUrl != null) {
//remove the test user if it exists.
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":operation", "delete"));
assertAuthenticatedPostStatus(creds, testFolderUrl, HttpServletResponse.SC_OK, postParams, null);
if (testGroupId != null) {
//remove the test user if it exists.
String postUrl = String.format("%s/system/userManager/group/%s.delete.html", baseServerUri, testGroupId);
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, Collections.emptyList(), null);
if (testGroupId2 != null) {
//remove the test user if it exists.
String postUrl = String.format("%s/system/userManager/group/%s.delete.html", baseServerUri, testGroupId2);
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, Collections.emptyList(), null);
if (testUserId != null) {
//remove the test user if it exists.
String postUrl = String.format("%s/system/userManager/user/%s.delete.html", baseServerUri, testUserId);
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, Collections.emptyList(), null);
if (testUserId2 != null) {
//remove the test user if it exists.
String postUrl = String.format("%s/system/userManager/user/%s.delete.html", baseServerUri, testUserId2);
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, Collections.emptyList(), null);
if (testUserId3 != null) {
//remove the test user if it exists.
String postUrl = String.format("%s/system/userManager/user/%s.delete.html", baseServerUri, testUserId3);
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, Collections.emptyList(), null);
// close/cleanup the test user http client
if (httpClient != null) {
httpClient = null;
// clear out other state
httpContext = null;
baseServerUri = null;
* Calculate the base server URI from the current configuration of the
* httpservice
protected URI getBaseServerUri() throws IOException, URISyntaxException {
Configuration httpServiceConfiguration = cm.getConfiguration("org.apache.felix.http");
Dictionary<String, Object> properties = httpServiceConfiguration.getProperties();
String host;
Object hostObj = properties.get("");
if (hostObj == null) {
host = "localhost";
} else {
assertTrue(hostObj instanceof String);
host = (String)hostObj;
String scheme = null;
Object portObj = null;
Object httpsEnableObj = properties.get("org.apache.felix.https.enable");
if ("true".equals(httpsEnableObj)) {
scheme = "https";
portObj = properties.get("");
} else {
Object httpEnableObj = properties.get("org.apache.felix.http.enable");
if (httpEnableObj == null || "true".equals(httpEnableObj)) {
scheme = "http";
portObj = properties.get("org.osgi.service.http.port");
} else {
fail("Expected either http or https to be enabled");
int port = -1;
if (portObj instanceof Number) {
port = ((Number)portObj).intValue();
assertTrue(port > 0);
return new URI(String.format("%s://%s:%d", scheme, host, port));
protected void assertPrivilege(Collection<String> privileges, boolean expected, String privilegeName) {
if(expected != privileges.contains(privilegeName)) {
fail("Expected privilege " + privilegeName + " to be "
+ (expected ? "included" : "NOT INCLUDED")
+ " in supplied list: " + privileges + ")");
protected Object doAuthenticatedWork(Credentials creds, AuthenticatedWorker worker) throws IOException {
Object result = null;
AuthScope authScope = new AuthScope(baseServerUri.getHost(), baseServerUri.getPort(), baseServerUri.getScheme());
CredentialsProvider oldCredentialsProvider = httpContext.getCredentialsProvider();
try {
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
if (creds != null) {
credentialsProvider.setCredentials(authScope, creds);
result = worker.doWork();
} finally {
return result;
protected void assertAuthenticatedAdminPostStatus(String url, int expectedStatusCode, List<NameValuePair> postParams, String assertMessage) throws IOException {
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
assertAuthenticatedPostStatus(creds, url, expectedStatusCode, postParams, assertMessage);
protected void assertAuthenticatedPostStatus(Credentials creds, String url, int expectedStatusCode, List<NameValuePair> postParams, String assertMessage) throws IOException {
assertAuthenticatedPostStatus(creds, url, expectedStatusCode, postParams, assertMessage, null);
protected void assertAuthenticatedPostStatus(Credentials creds, String url, int expectedStatusCode, List<NameValuePair> postParams, String assertMessage, ValidateResponse validate) throws IOException {
doAuthenticatedWork(creds, () -> {
HttpPost postRequest = new HttpPost(url);
postRequest.setEntity(new UrlEncodedFormEntity(postParams));
try (CloseableHttpResponse response = httpClient.execute(postRequest, httpContext)) {
assertEquals(assertMessage, expectedStatusCode, response.getStatusLine().getStatusCode());
if (validate != null) {
return null;
protected void assertAuthenticatedHttpStatus(Credentials creds, String urlString, int expectedStatusCode, String assertMessage) throws IOException {
doAuthenticatedWork(creds, () -> {
HttpGet getRequest = new HttpGet(urlString);
try (CloseableHttpResponse response = httpClient.execute(getRequest, httpContext)) {
assertEquals(assertMessage, expectedStatusCode, response.getStatusLine().getStatusCode());
return null;
protected String getAuthenticatedContent(Credentials creds, String url, String expectedContentType, int expectedStatusCode) throws IOException {
return (String)doAuthenticatedWork(creds, () -> {
HttpGet getRequest = new HttpGet(url);
try (CloseableHttpResponse response = httpClient.execute(getRequest, httpContext)) {
assertEquals(expectedStatusCode, response.getStatusLine().getStatusCode());
final Header h = response.getFirstHeader("Content-Type");
if (expectedContentType == null) {
if (h != null) {
fail("Expected null Content-Type, got " + h.getValue());
} else if (h == null) {
"Expected Content-Type that starts with '" + expectedContentType
+" but got no Content-Type header at " + url
} else {
"Expected Content-Type that starts with '" + expectedContentType
+ "' for " + url + ", got '" + h.getValue() + "'",
return EntityUtils.toString(response.getEntity());
protected String getAuthenticatedPostContent(Credentials creds, String url, String expectedContentType, List<NameValuePair> postParams, int expectedStatusCode) throws IOException {
return (String)doAuthenticatedWork(creds, () -> {
HttpPost postRequest = new HttpPost(url);
postRequest.setEntity(new UrlEncodedFormEntity(postParams));
try (CloseableHttpResponse response = httpClient.execute(postRequest, httpContext)) {
assertEquals(expectedStatusCode, response.getStatusLine().getStatusCode());
final Header h = response.getFirstHeader("Content-Type");
if (expectedContentType == null) {
if (h != null) {
fail("Expected null Content-Type, got " + h.getValue());
} else if (h == null) {
"Expected Content-Type that starts with '" + expectedContentType
+" but got no Content-Type header at " + url
} else {
"Expected Content-Type that starts with '" + expectedContentType
+ "' for " + url + ", got '" + h.getValue() + "'",
return EntityUtils.toString(response.getEntity());
protected String createTestUser() throws IOException {
String postUrl = String.format("%s/system/userManager/user.create.html", baseServerUri);
String userId = "testUser" + getNextInt();
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":name", userId));
postParams.add(new BasicNameValuePair("pwd", "testPwd"));
postParams.add(new BasicNameValuePair("pwdConfirm", "testPwd"));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
final String msg = "Unexpected status while attempting to create test user at " + postUrl;
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, msg);
final String sessionInfoUrl = String.format("%s/system/sling/info.sessionInfo.json", baseServerUri);
assertAuthenticatedHttpStatus(creds, sessionInfoUrl, HttpServletResponse.SC_OK,
"session info failed for user " + userId);
return userId;
protected String createTestGroup() throws IOException {
String postUrl = String.format("%s/system/userManager/group.create.html", baseServerUri);
String groupId = "testGroup" + getNextInt();
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":name", groupId));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
final String msg = "Unexpected status while attempting to create test group at " + postUrl;
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, msg);
return groupId;
protected String createTestFolder() throws IOException {
return createTestFolder(null, "sling-tests");
protected String createTestFolder(String parentPath, String nameHint) throws IOException {
return createTestFolder(parentPath, nameHint, TEST_FOLDER_JSON);
protected String createTestFolder(String parentPath, String nameHint, String jsonImport) throws IOException {
JsonObject json = importJSON(parentPath, nameHint, jsonImport);
return String.format("%s%s", baseServerUri, json.getString("path"));
protected JsonObject importJSON(String nameHint, String jsonImport) throws IOException {
return importJSON(null, nameHint, jsonImport);
protected JsonObject importJSON(String parentPath, String nameHint, String jsonImport) throws IOException {
JsonObject result = null;
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
result = (JsonObject)doAuthenticatedWork(creds, () -> {
List<NameValuePair> parameters = new ArrayList<>();
parameters.add(new BasicNameValuePair(":operation", "import"));
if (nameHint != null) {
parameters.add(new BasicNameValuePair(":nameHint", nameHint));
parameters.add(new BasicNameValuePair(":content", jsonImport));
parameters.add(new BasicNameValuePair(":contentType", "json"));
parameters.add(new BasicNameValuePair(":replaceProperties", "true"));
String postUrl = String.format("%s%s", baseServerUri, parentPath != null ? parentPath : "/content");
HttpPost postRequest = new HttpPost(postUrl);
postRequest.setEntity(new UrlEncodedFormEntity(parameters));
postRequest.addHeader(new BasicHeader("Accept", "application/json,*/*;q=0.9"));
JsonObject jsonObj = null;
try (CloseableHttpResponse response = httpClient.execute(postRequest, httpContext)) {
assertEquals(HttpServletResponse.SC_CREATED, response.getStatusLine().getStatusCode());
jsonObj = parseJson(EntityUtils.toString(response.getEntity()));
return jsonObj;
return result;
* Grant the minimum privilges neede for oak User Management
* @param principalId the principal
protected void grantUserManagementRights(String principalId) throws IOException {
String postUrl = String.format("%s/home.modifyAce.html", baseServerUri);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("principalId", principalId));
postParams.add(new BasicNameValuePair("privilege@jcr:read", "granted"));
postParams.add(new BasicNameValuePair("privilege@rep:write", "granted"));
postParams.add(new BasicNameValuePair("privilege@jcr:readAccessControl", "granted"));
postParams.add(new BasicNameValuePair("privilege@jcr:modifyAccessControl", "granted"));
postParams.add(new BasicNameValuePair("privilege@rep:userManagement", "granted"));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
final String info = "Granting principal " + principalId + " user management rights via " + postUrl;
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, info);
* @param json the json string to parse
* @return the parsed JsonObject
protected JsonObject parseJson(String json) {
JsonObject jsonObj = null;
try (JsonReader reader = Json.createReader(new StringReader(json))) {
jsonObj = reader.readObject();
return jsonObj;
protected static interface AuthenticatedWorker {
public Object doWork() throws IOException;
protected static interface ValidateResponse {
public void validate(CloseableHttpResponse response) throws IOException;