001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.wicket.request.target.coding;
018:
019: import javax.servlet.http.HttpServletResponse;
020:
021: import junit.framework.TestCase;
022:
023: import org.apache.wicket.IRequestTarget;
024: import org.apache.wicket.RequestCycle;
025: import org.apache.wicket.protocol.http.WebRequestCycle;
026: import org.apache.wicket.protocol.http.WebRequestCycleProcessor;
027: import org.apache.wicket.protocol.http.request.WebErrorCodeResponseTarget;
028: import org.apache.wicket.settings.ISecuritySettings;
029: import org.apache.wicket.util.lang.PackageName;
030: import org.apache.wicket.util.tester.WicketTester;
031:
032: /**
033: * Tests package resources.
034: *
035: * @author <a href="mailto:jbq@apache.org">Jean-Baptiste Quenot</a>
036: */
037: public class UrlMountingTest extends TestCase {
038: private WicketTester tester;
039:
040: /**
041: * @see junit.framework.TestCase#setUp()
042: */
043: protected void setUp() throws Exception {
044: tester = new WicketTester();
045: tester.getApplication().mount("/mount/point",
046: PackageName.forClass(TestPage.class));
047: tester.setupRequestAndResponse();
048: }
049:
050: /**
051: * @see junit.framework.TestCase#tearDown()
052: */
053: protected void tearDown() throws Exception {
054: tester.destroy();
055: }
056:
057: /**
058: * Tests mounting.
059: */
060: public void testBadRequest1() {
061: tester.getServletRequest().setPath("/mount/XXXpoint");
062: assertNull(getRequestCodingStrategy());
063: }
064:
065: /**
066: * Tests mounting.
067: */
068: public void testBadRequest2() {
069: tester.getServletRequest().setPath("/mount/pointXXX");
070: assertNull(getRequestCodingStrategy());
071: }
072:
073: /**
074: * Tests mounting.
075: */
076: public void testBadRequest3() {
077: tester
078: .getServletRequest()
079: .setURL(
080: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication/mount/point/nonexistent.TestPage");
081: WebRequestCycle requestCycle = tester.createRequestCycle();
082: tester.processRequestCycle(requestCycle);
083: assertEquals(HttpServletResponse.SC_NOT_FOUND,
084: getErrorCode(requestCycle));
085: }
086:
087: /**
088: * Test direct access (with wicket parameters) to a mounted page that should
089: * be allowed. By default, enforcement is not turned on, so we don't set it
090: * as a setting here.
091: */
092: public void testDirectAccessToMountedPageAllowed() {
093: tester.setupRequestAndResponse();
094: tester
095: .getServletRequest()
096: .setURL(
097: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication?wicket:bookmarkablePage=:"
098: + TestPage.class.getName() + "");
099: tester.processRequestCycle();
100: tester.assertRenderedPage(TestPage.class);
101: }
102:
103: int getErrorCode(RequestCycle requestCycle) {
104: IRequestTarget requestTarget = requestCycle.getRequestTarget();
105: assertTrue(requestTarget instanceof WebErrorCodeResponseTarget);
106: WebErrorCodeResponseTarget error = (WebErrorCodeResponseTarget) requestTarget;
107: return error.getErrorCode();
108: }
109:
110: /**
111: * Test direct access (with wicket parameters) to a mounted page that should
112: * NOT be allowed due to the {@link ISecuritySettings#getEnforceMounts()}
113: * setting being set to true.
114: */
115: public void testDirectAccessToMountedPageNotAllowed() {
116: tester.getApplication().getSecuritySettings().setEnforceMounts(
117: true);
118:
119: tester.setupRequestAndResponse();
120: tester.getServletRequest().setURL(
121: "?wicket:bookmarkablePage=:" + TestPage.class.getName()
122: + "");
123: try {
124: WebRequestCycle requestCycle = tester.createRequestCycle();
125: tester.processRequestCycle(requestCycle);
126: assertEquals(HttpServletResponse.SC_FORBIDDEN,
127: getErrorCode(requestCycle));
128: } finally {
129: tester.getApplication().getSecuritySettings()
130: .setEnforceMounts(false);
131: }
132: }
133:
134: /**
135: * Test direct access (with wicket parameters) to a mounted page including
136: * (part of the) mount path.
137: *
138: * @see WebRequestCycleProcessor#resolve(org.apache.wicket.RequestCycle,
139: * org.apache.wicket.request.RequestParameters) for an explanation of
140: * this test
141: */
142: public void testDirectAccessToMountedPageWithExtraPath() {
143: tester.setupRequestAndResponse();
144: tester
145: .getServletRequest()
146: .setURL(
147: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication/foo/bar/?wicket:bookmarkablePage=:"
148: + TestPage.class.getName() + "");
149: tester.processRequestCycle();
150: tester.assertRenderedPage(TestPage.class);
151: }
152:
153: /**
154: * Test mount access to a mounted page that should be allowed.
155: */
156: public void testMountAccessToMountedPageAllowed() {
157: tester.getApplication().getSecuritySettings().setEnforceMounts(
158: false);
159:
160: tester.setupRequestAndResponse();
161: tester
162: .getServletRequest()
163: .setURL(
164: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication/mount/point/TestPage");
165: tester.processRequestCycle();
166: tester.assertRenderedPage(TestPage.class);
167: }
168:
169: /**
170: * Tests mounting.
171: */
172: public void testValidMount1() {
173: tester
174: .getServletRequest()
175: .setURL(
176: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication/mount/point");
177: IRequestTargetUrlCodingStrategy ucs = getRequestCodingStrategy();
178: assertNotNull(ucs);
179: assertNull(ucs.decode(tester.getWicketRequest()
180: .getRequestParameters()));
181: }
182:
183: /**
184: * Tests mounting.
185: */
186: public void testValidMount2() {
187: tester
188: .getServletRequest()
189: .setURL(
190: "/WicketTester$DummyWebApplication/WicketTester$DummyWebApplication/mount/point/TestPage");
191: IRequestTargetUrlCodingStrategy ucs = getRequestCodingStrategy();
192: assertNotNull(ucs);
193: assertNotNull(ucs.decode(tester.getWicketRequest()
194: .getRequestParameters()));
195: }
196:
197: /**
198: * @return request coding strategy for this test.
199: */
200: private IRequestTargetUrlCodingStrategy getRequestCodingStrategy() {
201: String relativePath = tester.getApplication().getWicketFilter()
202: .getRelativePath(tester.getServletRequest());
203: return tester.getApplication().getRequestCycleProcessor()
204: .getRequestCodingStrategy().urlCodingStrategyForPath(
205: relativePath);
206: }
207: }
|