Some reorganization of itest module

sandbox/itest/pom.xml

@@ -14,6 +14,7 @@
     <version>2.0.3-SNAPSHOT</version>
     <modules>
         <module>web</module>
+        <!-- module>webflow</module-->
         <!--module>context</module-->
     </modules>
     <dependencies>
@@ -42,7 +43,7 @@
                     <artifactId>commons-logging</artifactId>
                 </exclusion>
             </exclusions>
-        </dependency>        
+        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
@@ -92,12 +93,59 @@
             <artifactId>apacheds-core</artifactId>
             <version>1.0.2</version>
             <scope>runtime</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>            
         </dependency>
         <dependency>
             <groupId>org.apache.directory.server</groupId>
             <artifactId>apacheds-server-jndi</artifactId>
             <version>1.0.2</version>
             <scope>runtime</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>jwebunit</groupId>
+            <artifactId>jwebunit</artifactId>
+            <version>1.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mortbay.jetty</groupId>
+            <artifactId>jetty</artifactId>
+            <version>${jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mortbay.jetty</groupId>
+            <artifactId>jetty-naming</artifactId>
+            <version>${jetty.version}</version>
+            <scope>test</scope>
+        </dependency>        
+        <dependency>
+            <groupId>org.mortbay.jetty</groupId>
+            <artifactId>jetty-plus</artifactId>
+            <version>${jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mortbay.jetty</groupId>
+            <artifactId>jsp-2.1</artifactId>
+            <version>${jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mortbay.jetty</groupId>
+            <artifactId>jsp-api-2.1</artifactId>
+            <version>${jetty.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ldap</groupId>
@@ -112,7 +160,11 @@
                 <exclusion>
                     <groupId>org.springframework</groupId>
                     <artifactId>spring-beans</artifactId>
-                </exclusion>                
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>                             
             </exclusions>            
         </dependency>               
         <dependency>
@@ -125,7 +177,7 @@
             <groupId>org.slf4j</groupId>
             <artifactId>jcl104-over-slf4j</artifactId>
             <version>1.4.3</version>
-            <scope>provided</scope>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
@@ -144,6 +196,19 @@
                     <target>1.5</target>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.1</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                        <phase>package</phase>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
@@ -168,5 +233,8 @@
                 </configuration>
             </plugin>            
         </plugins>
-    </build>    
+    </build>
+    <properties>
+        <jetty.version>6.1.11</jetty.version>
+    </properties>  
 </project>

sandbox/itest/web/pom.xml

@@ -10,34 +10,41 @@
     <artifactId>spring-security-itest-web</artifactId>
     <name>Spring Security - Web Integration Tests</name>
     <packaging>war</packaging>
-
+<!--
     <dependencies>
         <dependency>
-            <groupId>jwebunit</groupId>
-            <artifactId>jwebunit</artifactId>
-            <version>1.2</version>
-            <scope>test</scope>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <scope>runtime</scope>
+            <version>1.1.2</version>
         </dependency>
         <dependency>
-            <groupId>org.mortbay.jetty</groupId>
-            <artifactId>jetty</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.mortbay.jetty</groupId>
-            <artifactId>jetty-naming</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.mortbay.jetty</groupId>
-            <artifactId>jetty-plus</artifactId>
-            <version>${jetty.version}</version>
-            <scope>test</scope>
+            <groupId>taglibs</groupId>
+            <artifactId>standard</artifactId>
+            <scope>runtime</scope>
+            <version>1.1.2</version>
         </dependency>
     </dependencies>
-    <properties>
-        <jetty.version>6.1.7</jetty.version>
-    </properties>
+-->
+<!-- 
+    <build>
+        <plugins>
+            <plugin>
+              <groupId>org.mortbay.jetty</groupId>
+              <artifactId>maven-jetty-jspc-plugin</artifactId>
+              <version>6.1.11</version>
+              <executions>
+                <execution>
+                  <id>jspc</id>
+                  <goals>
+                    <goal>jspc</goal>
+                  </goals>
+                  <configuration>
+                  </configuration>
+                </execution>
+              </executions>
+            </plugin>
+        </plugins>            
+    </build> 
+        -->
 </project>

sandbox/itest/web/src/main/resources/log4j.properties

@@ -1,8 +1,9 @@
-log4j.rootCategory=INFO, stdout
+log4j.rootCategory=DEBUG, stdout
 
 log4j.appender.stdout=org.apache.log4j.ConsoleAppender
 log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
 log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
 
-log4j.category.org.mortbay.log=INFO
+log4j.category.org.apache.jasper=DEBUG
+log4j.category.org.mortbay.log=DEBUG
 log4j.category.org.springframework.security=DEBUG

sandbox/itest/web/src/main/resources/test-server.ldif

@@ -1,14 +1,12 @@
-dn: ou=groups,dc=springframework,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: groups
 
-dn: ou=subgroups,ou=groups,dc=springframework,dc=org
+# Users
+
+dn: ou=people,dc=springframework,dc=org
 objectclass: top
 objectclass: organizationalUnit
-ou: subgroups
+ou: people
 
-dn: ou=people,dc=springframework,dc=org
+dn: ou=musicians,dc=springframework,dc=org
 objectclass: top
 objectclass: organizationalUnit
 ou: people
@@ -33,24 +31,76 @@ sn: Hamilton
 uid: bob
 userPassword: bobspassword
 
+dn: uid=miles,ou=musicians,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Miles Davis
+sn: Davis
+uid: miles
+userPassword: milespassword
+
+dn: uid=johnc,ou=musicians,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: John Coltrane
+sn: Coltrane
+uid: johnc
+userPassword: johncspassword
+
+dn: uid=jimi,ou=musicians,dc=springframework,dc=org
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Jimi Hendrix
+sn: Hendrix
+uid: jimi
+userPassword: {SSHA}S6jnyvykw4K5eF35OXvAkQsf3y2fPrRQ
+
+
+# Groups
+
+dn: ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: groups
+
 dn: cn=developers,ou=groups,dc=springframework,dc=org
 objectclass: top
-objectclass: groupOfNames
+objectclass: groupOfUniqueNames
 cn: developers
 ou: developer
-member: uid=ben,ou=people,dc=springframework,dc=org
-member: uid=bob,ou=people,dc=springframework,dc=org
+uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
+uniqueMember: uid=bob,ou=people,dc=springframework,dc=org
 
 dn: cn=managers,ou=groups,dc=springframework,dc=org
 objectclass: top
-objectclass: groupOfNames
+objectclass: groupOfUniqueNames
 cn: managers
 ou: manager
-member: uid=ben,ou=people,dc=springframework,dc=org
+uniqueMember: uid=ben,ou=people,dc=springframework,dc=org
+
+dn: ou=genres,ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: genres
 
-dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
+dn: cn=rock,ou=genres,ou=groups,dc=springframework,dc=org
 objectclass: top
-objectclass: groupOfNames
-cn: submanagers
-ou: submanager
-member: uid=ben,ou=people,dc=springframework,dc=org
+objectclass: groupOfUniqueNames
+cn: rock
+ou: rock
+uniqueMember: uid=jimi,ou=musicians,dc=springframework,dc=org
+
+dn: cn=jazz,ou=genres,ou=groups,dc=springframework,dc=org
+objectclass: top
+objectclass: groupOfUniqueNames
+cn: jazz
+ou: jazz
+uniqueMember: uid=miles,ou=musicians,dc=springframework,dc=org
+
+

sandbox/itest/web/src/main/webapp/WEB-INF/http-security.xml

@@ -12,14 +12,15 @@
     -->
 
     <http>
+        <intercept-url pattern="/login.jsp*" filters="none" />        
         <intercept-url pattern="/secure/**" access="ROLE_DEVELOPER,ROLE_USER" />
         <intercept-url pattern="/**" access="ROLE_DEVELOPER,ROLE_USER" />
 
-        <form-login />
+        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=true"/>
         <http-basic/>
 
         <!-- Default logout configuration -->
-        <logout />
+        <logout logout-url="/logout"/>
 
         <concurrent-session-control max-sessions="1" />
 

sandbox/itest/web/src/main/webapp/WEB-INF/in-memory-provider.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+    xmlns:beans="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
+
+	<authentication-provider>
+		<user-service>
+			<user name="miles" password="milespassword" authorities="ROLE_USER,ROLE_JAZZ,ROLE_TRUMPETER"/>
+			<user name="johnc" password="johncspassword" authorities="ROLE_USER,ROLE_JAZZ,ROLE_SAXOPHONIST"/>			
+			<user name="jimi" password="jimispassword" authorities="ROLE_USER,ROLE_ROCK,ROLE_GUITARIST"/>
+		</user-service>
+	</authentication-provider>
+
+</beans:beans>

sandbox/itest/web/src/main/webapp/WEB-INF/ldap-provider.xml

@@ -1,9 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-  - Sample namespace-based configuration
+  - LDAP Provider configuration snippet
   -
-  - $Id: applicationContext-security-ns.xml 2371 2007-12-14 02:26:27Z benalex $
   -->
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
@@ -14,8 +13,8 @@
 
     <ldap-server ldif="classpath*:test-server.ldif"/>
     
-    <ldap-authentication-provider user-search-filter="(uid={0})" group-search-filter='member={0}' group-role-attribute="ou"/>
+    <ldap-authentication-provider user-search-filter="(uid={0})" group-role-attribute="ou" />
     
-    <ldap-user-service user-search-filter="(uid={0})" group-search-filter='member={0}' group-role-attribute="ou"/>
+    <ldap-user-service user-search-filter="(uid={0})" group-role-attribute="ou"/>
 
 </beans:beans>

sandbox/itest/web/src/main/webapp/WEB-INF/web.xml

@@ -1,8 +1,9 @@
-<!DOCTYPE web-app PUBLIC
-        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
-        "http://java.sun.com/dtd/web-app_2_3.dtd" >
+<?xml version="1.0" encoding="ISO-8859-1"?> 
+
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
 
-<web-app>
     <display-name>Integration Tests Webapp</display-name>
 
     <filter>

sandbox/itest/web/src/main/webapp/login.jsp

@@ -0,0 +1,35 @@
+<!-- %@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" % -->
+
+<!-- Not used unless you declare a <form-login login-page="/login.jsp"/> element -->
+
+<html>
+<head>
+  <title>Custom Spring Security Login</title>
+</head>
+
+<body>
+  <h1>Custom Spring Security Login</h1>
+
+<% 
+	if (request.getParameter("login_error") != null) {
+%>
+      <font color="red">
+        Your login attempt was not successful, try again.<br/><br/>
+      </font>
+<% 
+	}
+%>
+
+<form action="j_spring_security_check" method="POST">
+  <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''/></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
+    <tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
+    <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
+  </table>
+</form>
+
+</body>
+
+</html>

sandbox/itest/web/src/main/webapp/secure/secure1.jsp

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html
+     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <title>A secure page</title>
+  </head>
+  <body>
+    <jsp:include page="secure1body.jsp?x=1&y=2"/>
+  </body>
+</html>

sandbox/itest/web/src/main/webapp/secure/secure1body.jsp

@@ -0,0 +1,2 @@
+Params: x=<%= request.getParameter("x") %>, y=<%= request.getParameter("y") %>
+xcount=<%= request.getParameterValues("x").length %>   

sandbox/itest/web/src/test/java/org/springframework/security/integration/AbstractWebLoginTests.java

@@ -1,31 +0,0 @@
-package org.springframework.security.integration;
-
-import org.testng.annotations.Test;
-
-/**
- * 
- * @author Luke Taylor
- * @version $Id$
- */
-public abstract class AbstractWebLoginTests extends AbstractWebServerIntegrationTests {
-
-    @Test
-    public void loginFailsWithinvalidPassword() {
-        beginAt("secure/index.html");
-        assertFormPresent();
-        setFormElement("j_username", "bob");
-        setFormElement("j_password", "wrongpassword");
-        submit();
-        assertTextPresent("Your login attempt was not successful");
-    }
-
-    @Test
-    public void loginSucceedsWithCorrectPassword() {
-        beginAt("secure/index.html");
-        assertFormPresent();
-        setFormElement("j_username", "bob");
-        setFormElement("j_password", "bobspassword");
-        submit();
-        assertTextPresent("A Secure Page");
-    }
-}

sandbox/itest/web/src/test/java/org/springframework/security/integration/AbstractWebServerIntegrationTests.java

@@ -3,6 +3,7 @@ package org.springframework.security.integration;
 import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.util.StringUtils;
 
 import net.sourceforge.jwebunit.WebTester;
 
@@ -13,6 +14,8 @@ import javax.servlet.ServletContext;
 
 import org.testng.annotations.*;
 
+import com.meterware.httpunit.WebConversation;
+
 /**
  * @author Luke Taylor
  * @version $Id$
@@ -20,9 +23,12 @@ import org.testng.annotations.*;
 public abstract class AbstractWebServerIntegrationTests {
     private Server server;
     private final Object SERVER_LOCK = new Object();
-    protected final WebTester tester = new WebTester();;
+    protected final WebTester tester = new WebTester();
 
-    /** Override to set the application context files that should be loaded */
+    /** 
+	 * Override to set the application context files that should be loaded or return null
+	 * to use web.xml.
+	 */
     protected abstract String getContextConfigLocations();
 
     protected String getContextPath() {
@@ -33,19 +39,27 @@ public abstract class AbstractWebServerIntegrationTests {
     public void startServer() throws Exception {
     	synchronized(SERVER_LOCK) {
 		    if (server == null) {
+				//System.setProperty("DEBUG", "true");
+				//System.setProperty("VERBOSE", "true");
+				//System.setProperty("IGNORED", "true");
 		        server = new Server(0);
-		        WebAppContext webCtx = new WebAppContext("src/main/webapp", getContextPath());
-	
-		        webCtx.addEventListener(new ContextLoaderListener());
-		        webCtx.getInitParams().put("contextConfigLocation", getContextConfigLocations());
-	
-		        server.addHandler(webCtx);
+		        server.addHandler(createWebContext());
 		        server.start();
-	
 		        tester.getTestContext().setBaseUrl(getBaseUrl());
 	    	}
     	}
     }
+    
+    protected WebAppContext createWebContext() {
+        WebAppContext webCtx = new WebAppContext("src/main/webapp", getContextPath());
+    	
+		if (StringUtils.hasText(getContextConfigLocations())) {
+			webCtx.addEventListener(new ContextLoaderListener());
+			webCtx.getInitParams().put("contextConfigLocation", getContextConfigLocations());
+		}
+		
+		return webCtx;
+    }
 
     @AfterClass
     public void stopServer() throws Exception {
@@ -56,8 +70,13 @@ public abstract class AbstractWebServerIntegrationTests {
 	        server = null;
     	}
     }
-
-    protected final String getBaseUrl() {
+        
+    @AfterMethod
+    public void resetWebConversation() {
+    	tester.getTestContext().setWebClient(new WebConversation());
+    }
+    
+    private final String getBaseUrl() {
         int port = server.getConnectors()[0].getLocalPort();
         return "http://localhost:" + port + getContextPath() + "/";
     }
@@ -73,6 +92,10 @@ public abstract class AbstractWebServerIntegrationTests {
         return appCtx;
     }
 
+//    protected final HttpUnitDialog getDialog() {
+//    	return tester.getDialog();
+//    }
+
     protected final void submit() {
         tester.submit();
     }
@@ -92,4 +115,15 @@ public abstract class AbstractWebServerIntegrationTests {
     protected final void assertTextPresent(String text) {
         tester.assertTextPresent(text);
     }
+
+    
+    
+    // Security-specific utility methods 
+    
+	protected void login(String username, String password) {
+	    assertFormPresent();
+	    setFormElement("j_username", username);
+	    setFormElement("j_password", password);
+	    submit();    	
+	}
 }

sandbox/itest/web/src/test/java/org/springframework/security/integration/InMemoryProviderWebAppTests.java

@@ -0,0 +1,42 @@
+package org.springframework.security.integration;
+
+import org.testng.annotations.*;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class InMemoryProviderWebAppTests extends AbstractWebServerIntegrationTests {
+
+    protected String getContextConfigLocations() {
+        return "/WEB-INF/http-security.xml /WEB-INF/in-memory-provider.xml";
+    }
+    
+    @Test
+    public void loginFailsWithinvalidPassword() {
+        beginAt("secure/index.html");
+        login("jimi", "wrongPassword");
+        assertTextPresent("Your login attempt was not successful");
+    }
+
+    @Test
+    public void loginSucceedsWithCorrectPassword() {
+        beginAt("secure/index.html");
+        login("jimi", "jimispassword");        
+        assertTextPresent("A Secure Page");
+        tester.gotoPage("/logout");
+    }
+    
+    /*
+     * Checks use of <jsp:include> with parameters in the secured page.
+     */
+    @Test
+    public void savedRequestWithJspIncludeSeesCorrectParams() {
+        beginAt("secure/secure1.jsp?x=0");
+        login("jimi", "jimispassword");
+        // Included JSP has params ?x=1&y=2
+        assertTextPresent("Params: x=1, y=2");
+        assertTextPresent("xcount=2");
+    }
+
+}

sandbox/itest/web/src/test/java/org/springframework/security/integration/LdapWebLoginTests.java → sandbox/itest/web/src/test/java/org/springframework/security/integration/LdapWebAppTests.java

@@ -6,7 +6,7 @@ import org.testng.annotations.*;
  * @author Luke Taylor
  * @version $Id$
  */
-public class LdapWebLoginTests extends AbstractWebLoginTests {
+public class LdapWebAppTests extends AbstractWebServerIntegrationTests {
 
     protected String getContextConfigLocations() {
         return "/WEB-INF/http-security.xml /WEB-INF/ldap-provider.xml";