package com.sun.s1wsqe.security.basic; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpSession; import javax.servlet.annotation.WebServlet; import javax.annotation.security.*; import java.io.IOException; import java.io.PrintWriter; import java.util.Properties; @WebServlet(name="TestServlet", urlPatterns={"/TestServlet"}) public class TestServlet extends HttpServlet { // Security role references. private static final String emp_secrole_ref = "Employee"; private static final String admin_secrole_ref = "ADMIN"; private static final String mgr_secrole_ref = "Manager"; String user="j2ee"; PrintWriter out=null; Properties props=null; HttpServletRequest request=null; HttpSession session=null; @PermitAll public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException { this.request=request; this.session=request.getSession(); out= response.getWriter(); test1(); //test2(); test3(); test4(); test5(); cleanup(); } //Tests begin //---------------------------------------------------- // Test1: Test getAuthType() //---------------------------------------------------- public void test1() { //Check the auth type - request.getAuthType() out.println("

Test1. Postive check for the correct authentication type"); String authtype=request.getAuthType(); if ("BASIC".equalsIgnoreCase(authtype) ){ out.println("
request.getAuthType() test Passed."); }else{ out.println("
request.getAuthType() test Failed!"); } out.println("
Info:request.getAuthType() is= "+authtype); } //Test2 //Tests begin //---------------------------------------------------- // Test2: Test getUserPrincipal() annotations //---------------------------------------------------- public void test2(){ String username = request.getUserPrincipal().getName(); out.println("

Test2. Positive check for the correct principal name"); if (user.equals(username)){ out.println("
request.getUserPrincipal() test Passed."); }else{ out.println("
request.getUserPrincipal() test Failed!"); } out.println("
Info:request.getUserPrincipal() is= "+username); } //Test3 - positive test for checking the user authentication //Check the remote user request.getRemoteUser()- get null if not authenticated public void test3(){ out.println("

Test3. Positive check whether given user authenticated"); String username=request.getRemoteUser(); if (user.equals(username)){ out.println("
request.getRemoteUser() test Passed."); }else{ out.println("
request.getRemoteUser() test Failed!"); } out.println("
Info:request.getRemoteUser() is= "+username); } //Test4 - positive test for checking the user's proper role public void test4(){ out.println("

Test4.Positive check whether the user is in proper role"); boolean isInProperRole=request.isUserInRole(emp_secrole_ref); if (isInProperRole){ out.println("
HttpServletRequest.isUserInRole() test Passed."); }else{ out.println("
HttpServletRequest.isUserInRole() test Failed!"); } out.println("
Info:request.isUserInRole(\""+emp_secrole_ref+"\") is= "+isInProperRole); } //Test5 - Negative test for checking the user's proper role public void test5(){ out.println("

Test5.Negative check whether the current user is any other other role"); boolean isNotInOtherRole=request.isUserInRole(mgr_secrole_ref); if (!isNotInOtherRole){ out.println("
HttpServletRequest.isUserInRole() test Passed."); }else{ out.println("
HttpServletRequest.isUserInRole() test Failed!"); } out.println("
Info:request.isUserInRole(\""+mgr_secrole_ref+"\") is= "+isNotInOtherRole); } //invalidate the session after running the test // Invalidate the session to make the test as independent and always ask for login public void cleanup(){ try{ session.invalidate(); }catch(Exception ex){ ex.printStackTrace(); } } }