Clover Coverage Report - Atlassian XWork(Aggregated)
Coverage timestamp: Wed Jul 27 2011 23:39:31 CDT
Overview   Package   File
    FRAMES   NO FRAMES     
87   286   32   2.9
2   234   0.37   5
30     1.07  
6    
 
 
  TestXsrfTokenInterceptor       Line # 36 61 16 100% 1.0
  TestXsrfTokenInterceptor.DummyAction       Line # 44 3 3 100% 1.0
  TestXsrfTokenInterceptor.ValidateableDummyAction       Line # 65 1 1 0% 0.0
  TestXsrfTokenInterceptor.ConstantTokenGenerator       Line # 74 4 4 25% 0.25
  TestXsrfTokenInterceptor.ConfigurableInterceptor       Line # 97 2 2 100% 1.0
  TestXsrfTokenInterceptor.CustomConfigurationProvider       Line # 109 16 6 86.4% 0.8636364
 
  (8)
 
1    package com.atlassian.xwork.interceptors;
2   
3    import com.atlassian.xwork.RequireSecurityToken;
4    import com.atlassian.xwork.VersionSupportForTests;
5    import com.atlassian.xwork.XsrfTokenGenerator;
6    import com.opensymphony.webwork.ServletActionContext;
7    import com.opensymphony.webwork.WebWorkStatics;
8    import com.opensymphony.xwork.Action;
9    import com.opensymphony.xwork.ActionProxy;
10    import com.opensymphony.xwork.ActionProxyFactory;
11    import com.opensymphony.xwork.ActionSupport;
12    import com.opensymphony.xwork.ValidationAware;
13    import com.opensymphony.xwork.config.Configuration;
14    import com.opensymphony.xwork.config.ConfigurationException;
15    import com.opensymphony.xwork.config.ConfigurationManager;
16    import com.opensymphony.xwork.config.ConfigurationProvider;
17    import com.opensymphony.xwork.config.entities.ActionConfig;
18    import com.opensymphony.xwork.config.entities.PackageConfig;
19    import com.opensymphony.xwork.interceptor.Interceptor;
20   
21    import org.jmock.Mock;
22    import org.jmock.MockObjectTestCase;
23   
24    import javax.servlet.http.HttpServletRequest;
25    import javax.servlet.http.HttpServletResponse;
26   
27    import java.util.ArrayList;
28    import java.util.Collections;
29    import java.util.HashMap;
30    import java.util.List;
31    import java.util.Map;
32   
33    /**
34    *
35    */
 
36    public class TestXsrfTokenInterceptor extends MockObjectTestCase
37    {
38    private static final String VALID_TOKEN = "abcdef";
39   
40    private XsrfTokenInterceptor.SecurityLevel securityLevel;
41    private Mock mockServletRequest;
42    private Mock mockServletResponce;
43   
 
44    public static class DummyAction implements Action
45    {
 
46  10 toggle @RequireSecurityToken(true)
47    public String withProtection() throws Exception
48    {
49  10 return SUCCESS;
50    }
51   
 
52  10 toggle @RequireSecurityToken(false)
53    public String noProtection() throws Exception
54    {
55  10 return SUCCESS;
56   
57    }
58   
 
59  14 toggle public String execute() throws Exception
60    {
61  14 return SUCCESS;
62    }
63    }
64   
 
65    public static class ValidateableDummyAction extends ActionSupport
66    {
 
67  0 toggle @RequireSecurityToken(true)
68    public String execute() throws Exception
69    {
70  0 return SUCCESS;
71    }
72    }
73   
 
74    private static class ConstantTokenGenerator implements XsrfTokenGenerator
75    {
 
76  0 toggle public String getToken(HttpServletRequest request, boolean create)
77    {
78  0 return VALID_TOKEN;
79    }
80   
 
81  0 toggle public String generateToken(HttpServletRequest request)
82    {
83  0 return VALID_TOKEN;
84    }
85   
 
86  49 toggle public boolean validateToken(HttpServletRequest request, String token)
87    {
88  49 return VALID_TOKEN.equals(token);
89    }
90   
 
91  0 toggle public String getXsrfTokenName()
92    {
93  0 return XsrfTokenInterceptor.REQUEST_PARAM_NAME;
94    }
95    }
96   
 
97    private class ConfigurableInterceptor extends XsrfTokenInterceptor
98    {
 
99  16 toggle public ConfigurableInterceptor()
100    {
101  16 super(new ConstantTokenGenerator(), new VersionSupportForTests());
102    }
103   
 
104  6 toggle protected SecurityLevel getSecurityLevel()
105    {
106  6 return securityLevel;
107    }
108    }
 
109    private class CustomConfigurationProvider implements ConfigurationProvider
110    {
111    private List<Interceptor> interceptors;
112   
 
113  0 toggle public void destroy()
114    {
115    }
116   
 
117  16 toggle public void init(Configuration configuration) throws ConfigurationException
118    {
119  16 PackageConfig packageConfig = new PackageConfig();
120  16 interceptors = new ArrayList<Interceptor>();
121  16 interceptors.add(new ConfigurableInterceptor());
122   
123    // Note: XWork mapps a null method name to execute(), but config#getMethodName() still returns null so we
124    // still test it separately just in case.
125   
126  16 packageConfig.addActionConfig("annotated-protected", makeActionConfig(DummyAction.class, "withProtection"));
127  16 packageConfig.addActionConfig("annotated-notprotected", makeActionConfig(DummyAction.class, "noProtection"));
128  16 packageConfig.addActionConfig("unannotated", makeActionConfig(DummyAction.class, "execute"));
129   
130  16 packageConfig.addActionConfig("configured-protected", makeActionConfig(DummyAction.class, "execute", "true"));
131  16 packageConfig.addActionConfig("configured-notprotected", makeActionConfig(DummyAction.class, "execute", "false"));
132   
133  16 packageConfig.addActionConfig("override-annotation-notprotected", makeActionConfig(DummyAction.class, "withProtection", "false"));
134  16 packageConfig.addActionConfig("override-annotation-protected", makeActionConfig(DummyAction.class, "noProtection", "true"));
135   
136  16 packageConfig.addActionConfig("validation-aware", makeActionConfig(ValidateableDummyAction.class, "execute"));
137   
138  16 configuration.addPackageConfig("defaultPackage", packageConfig);
139    }
140   
 
141  64 toggle private ActionConfig makeActionConfig(Class<? extends Action> actionClass, String methodName, String permittedMethodsParameter)
142    {
143  64 return makeActionConfig(actionClass, methodName, Collections.singletonMap(XsrfTokenInterceptor.CONFIG_PARAM_NAME, permittedMethodsParameter));
144    }
145   
 
146  128 toggle private ActionConfig makeActionConfig(Class<? extends Action> actionClass, String methodName, Map<?,?> parameterMap)
147    {
148  128 return new ActionConfig(methodName, actionClass, parameterMap, new HashMap<String,Object>(), interceptors);
149    }
150   
 
151  64 toggle private ActionConfig makeActionConfig(Class<? extends Action> actionClass, String methodName)
152    {
153  64 return makeActionConfig(actionClass, methodName, new HashMap<String,Object>());
154    }
155   
 
156  0 toggle public boolean needsReload()
157    {
158  0 return false;
159    }
160    }
 
161  8 toggle @Override
162    protected void setUp() throws Exception
163    {
164  8 super.setUp();
165   
166  8 ConfigurationManager.addConfigurationProvider(new CustomConfigurationProvider());
167  8 ConfigurationManager.getConfiguration().reload();
168   
169  8 mockServletRequest = new Mock(HttpServletRequest.class);
170  8 mockServletResponce = new Mock(HttpServletResponse.class);
171  8 mockServletResponce.stubs().method("setStatus").with(eq(403));
172  8 ServletActionContext.setResponse((HttpServletResponse) mockServletResponce.proxy());
173  8 mockServletRequest.stubs().method("getHeader").with(eq(XsrfTokenInterceptor.OVERRIDE_HEADER_NAME)).will(returnValue(null));
174  8 ServletActionContext.setRequest((HttpServletRequest) mockServletRequest.proxy());
175    }
176   
 
177  8 toggle @Override
178    protected void tearDown() throws Exception
179    {
180  8 ServletActionContext.setRequest(null);
181  8 ConfigurationManager.destroyConfiguration();
182  8 ConfigurationManager.clearConfigurationProviders();
183   
184  8 mockServletRequest = null;
185  8 mockServletResponce = null;
186  8 super.tearDown();
187    }
188   
 
189  1 toggle public void testWithValidation() throws Exception
190    {
191  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_IN;
192  1 testInterceptor("validation-aware", "cheese", Action.INPUT, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
193    }
194   
 
195  1 toggle public void testNoTokenOptOut() throws Exception
196    {
197  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_OUT;
198  1 testOnlyUnprotectedActionsSucceedWithToken(null);
199  1 testInterceptor("unannotated", null, ActionSupport.INPUT, XsrfTokenInterceptor.SECURITY_TOKEN_REQUIRED_ERROR_KEY);
200    }
201   
 
202  1 toggle public void testNoTokenOptIn() throws Exception
203    {
204  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_IN;
205  1 testOnlyUnprotectedActionsSucceedWithToken(null);
206  1 testInterceptor("unannotated", null, Action.SUCCESS, XsrfTokenInterceptor.SECURITY_TOKEN_REQUIRED_ERROR_KEY);
207    }
208   
 
209  1 toggle public void testCorrectTokenOptIn() throws Exception
210    {
211  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_IN;
212  1 testAllActionsSucceedWithToken(VALID_TOKEN);
213  1 testInterceptor("unannotated", VALID_TOKEN, Action.SUCCESS, null);
214    }
215   
 
216  1 toggle public void testCorrectTokenOptOut() throws Exception
217    {
218  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_OUT;
219  1 testAllActionsSucceedWithToken(VALID_TOKEN);
220  1 testInterceptor("unannotated", VALID_TOKEN, Action.SUCCESS, null);
221    }
222   
 
223  1 toggle public void testIncorrectTokenOptIn() throws Exception
224    {
225  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_IN;
226  1 testOnlyUnprotectedActionsSucceedWithToken("cheese");
227  1 testInterceptor("unannotated", VALID_TOKEN, Action.SUCCESS, null);
228    }
229   
 
230  1 toggle public void testIncorrectTokenOptOut() throws Exception
231    {
232  1 securityLevel = XsrfTokenInterceptor.SecurityLevel.OPT_OUT;
233  1 testOnlyUnprotectedActionsSucceedWithToken("cheese");
234  1 testInterceptor("unannotated", "cheese", Action.INPUT, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
235    }
236   
 
237  1 toggle public void testCorrectTokenWithOverrideHeader() throws Exception
238    {
239  1 mockServletRequest.stubs().method("getHeader").with(eq(XsrfTokenInterceptor.OVERRIDE_HEADER_NAME)).will(returnValue(XsrfTokenInterceptor.OVERRIDE_HEADER_VALUE));
240    // Should succeed even though token is bad.
241  1 testAllActionsSucceedWithToken("badtoken");
242    }
243   
 
244  3 toggle private void testAllActionsSucceedWithToken(String token) throws Exception
245    {
246  3 testInterceptor("annotated-protected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
247  3 testInterceptor("annotated-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
248  3 testInterceptor("configured-protected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
249  3 testInterceptor("configured-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
250  3 testInterceptor("override-annotation-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
251  3 testInterceptor("override-annotation-protected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
252    }
253   
 
254  4 toggle private void testOnlyUnprotectedActionsSucceedWithToken(String token) throws Exception
255    {
256  4 testInterceptor("annotated-protected", token, Action.INPUT, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
257  4 testInterceptor("annotated-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
258  4 testInterceptor("configured-protected", token, Action.INPUT, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
259  4 testInterceptor("configured-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
260  4 testInterceptor("override-annotation-notprotected", token, Action.SUCCESS, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
261  4 testInterceptor("override-annotation-protected", token, Action.INPUT, XsrfTokenInterceptor.VALIDATION_FAILED_ERROR_KEY);
262    }
263   
 
264  49 toggle private void testInterceptor(String actionAlias, String token, String expectedResult, String messageErrorKey) throws Exception
265    {
266  49 ActionProxy proxy = ActionProxyFactory.getFactory().createActionProxy("", actionAlias, makeContext(), false);
267  49 mockServletRequest.stubs().method("getParameter").with(eq(XsrfTokenInterceptor.REQUEST_PARAM_NAME)).will(returnValue(token));
268  49 String result = proxy.execute();
269  49 assertEquals("Testing " + actionAlias + " with token " + token, expectedResult, result);
270   
271  49 if (Action.INPUT.equals(result) && proxy.getAction() instanceof ValidationAware)
272    {
273  1 ValidationAware validateable = (ValidationAware) proxy.getAction();
274  1 assertTrue(validateable.hasActionErrors());
275  1 assertEquals(messageErrorKey, validateable.getActionErrors().toArray()[0]);
276    }
277    }
278   
 
279  49 toggle private HashMap<String,Object> makeContext()
280    {
281  49 HashMap<String, Object> context = new HashMap<String, Object>();
282  49 context.put(WebWorkStatics.HTTP_REQUEST, mockServletRequest.proxy());
283  49 context.put(WebWorkStatics.HTTP_RESPONSE, mockServletResponce.proxy());
284  49 return context;
285    }
286    }
 
CloverReport generated by Clover Code Coverage v2.1.0
Wed Jul 27 2011 23:40:02 CDT.		   Clover: Commercial License registered to Atlassian.