Java Code Examples for org.apache.catalina.Context#setDenyUncoveredHttpMethods()

The following examples show how to use org.apache.catalina.Context#setDenyUncoveredHttpMethods() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestStandardContext.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Test
public void testUncoveredMethods() throws Exception {
    // Setup Tomcat instance
    Tomcat tomcat = getTomcatInstance();

    // No file system docBase required
    Context ctx = tomcat.addContext("/test", null);
    ctx.setDenyUncoveredHttpMethods(true);

    ServletContainerInitializer sci = new SCI();
    ctx.addServletContainerInitializer(sci, null);

    tomcat.start();

    ByteChunk bc = new ByteChunk();
    int rc;

    rc = getUrl("http://localhost:" + getPort() + "/test/foo", bc, false);

    Assert.assertEquals(403, rc);
}
 
Example 2
Source File: TestStandardContext.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
private void doTestDenyUncoveredHttpMethodsSCI(boolean enableDeny)
        throws Exception {
    // Test that denying uncovered HTTP methods when adding servlet security
    // constraints programmatically does work.

    // Set up a container
    Tomcat tomcat = getTomcatInstance();

    // No file system docBase required
    Context ctx = tomcat.addContext("", null);

    ctx.setDenyUncoveredHttpMethods(enableDeny);

    // Setup realm
    TesterMapRealm realm = new TesterMapRealm();
    realm.addUser("tomcat", "tomcat");
    realm.addUserRole("tomcat", "tomcat");
    ctx.setRealm(realm);

    // Configure app for BASIC auth
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("BASIC");
    ctx.setLoginConfig(lc);
    ctx.getPipeline().addValve(new BasicAuthenticator());

    // Add ServletContainerInitializer
    ServletContainerInitializer sci = new DenyUncoveredHttpMethodsSCI();
    ctx.addServletContainerInitializer(sci, null);

    // Start the context
    tomcat.start();

    // Request the first servlet
    ByteChunk bc = new ByteChunk();
    int rc = getUrl("http://localhost:" + getPort() + "/test",
            bc, null);

    // Check for a 401
    if (enableDeny) {
        // Should be default error page
        Assert.assertTrue(bc.toString().contains("403"));
        Assert.assertEquals(403, rc);
    } else {
        Assert.assertEquals("OK", bc.toString());
        Assert.assertEquals(200, rc);
    }
}
 
Example 3
Source File: TestStandardWrapper.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
private void doTest(String servletClassName, boolean usePost,
        boolean useRole, boolean expect200, boolean denyUncovered)
        throws Exception {

    // Setup Tomcat instance
    Tomcat tomcat = getTomcatInstance();

    // No file system docBase required
    Context ctx = tomcat.addContext("", null);

    ctx.setDenyUncoveredHttpMethods(denyUncovered);

    Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName);
    wrapper.setAsyncSupported(true);
    ctx.addServletMappingDecoded("/", "servlet");

    if (useRole) {
        TesterMapRealm realm = new TesterMapRealm();
        realm.addUser("testUser", "testPwd");
        realm.addUserRole("testUser", "testRole");
        ctx.setRealm(realm);

        ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
        ctx.getPipeline().addValve(new BasicAuthenticator());
    }

    tomcat.start();

    ByteChunk bc = new ByteChunk();
    Map<String,List<String>> reqHeaders = null;
    if (useRole) {
        reqHeaders = new HashMap<>();
        List<String> authHeaders = new ArrayList<>();
        // testUser, testPwd
        authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
        reqHeaders.put("Authorization", authHeaders);
    }

    int rc;
    if (usePost) {
        rc = postUrl(null, "http://localhost:" + getPort() + "/", bc,
                reqHeaders, null);
    } else {
        rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders,
                null);
    }

    if (expect200) {
        Assert.assertEquals("OK", bc.toString());
        Assert.assertEquals(200, rc);
    } else {
        Assert.assertTrue(bc.getLength() > 0);
        Assert.assertEquals(403, rc);
    }
}