/** * This utility method: * * <ul> * <li>sets up a valid session * <li>sends a request with a cookie containing the session ID * <li>expects a 200 OK status code * <li>fetches the (potentially updated) session * </ul> * * @param originalSession the session before the request is made * @param addCookie whether to add the session cookie to the request * @return the updated session * @throws Throwable */ private Session makeSessionRequest(Session originalSession, boolean addCookie) throws Throwable { // wait for the clock to tick to ensure we can test the updated expiration time Thread.sleep(100); final PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, RESOURCE); if (addCookie) { // send request with cookie request.header(Constants.HEADER_COOKIE, CommonTestUtil.buildCookieHeader(originalSession)); } final PolicyTestResponse response = send(request); assertEquals(HttpURLConnection.HTTP_OK, response.code()); // content should be returned assertNotNull(response.header(Constants.HEADER_CONTENT_LENGTH)); // verify the session data in the shared state has changed final Session updatedSession = CommonTestUtil.fetchSession(originalSession.getSessionId()); assertNotNull(updatedSession); assertEquals(originalSession.getSessionId(), updatedSession.getSessionId()); // these should not change from request to request assertEquals(originalSession.getAbsoluteExpiry(), updatedSession.getAbsoluteExpiry()); assertEquals(originalSession.getValidityPeriod(), updatedSession.getValidityPeriod()); return updatedSession; }
/** * Expects that a ConfigurationException is thrown as the policy is not configured correctly. * * @throws Throwable */ @Test(expected = InvalidConfigurationException.class) @Configuration(EMPTY_CONFIG) @BackEndApi(RequiresAuthHeaderBackEndApi.class) public void testAuthenticatedRequestExceptionEmptyConfig() throws Throwable { // test data - session expires in 60s final Session originalSession = CommonTestUtil.insertTestSession(60, true); // send request with cookie final PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, RESOURCE); request.header(Constants.HEADER_COOKIE, CommonTestUtil.buildCookieHeader(originalSession)); send(request); fail(InvalidConfigurationException.class + " expected"); }
/** * Expect that a policy with the configuration of 'ValidationRequired' rejects the request with a * 401 code if the session cookie is absent. * * @throws Throwable */ @Test @Configuration(classpathConfigFile = "standard-config.json") @BackEndApi(RequiresAuthHeaderBackEndApi.class) public void testAuthenticatedRequestFailureNoCookie() throws Throwable { // test data - session expires in 60s final Session originalSession = CommonTestUtil.insertTestSession(60, true); // wait for the clock to tick to ensure we can test the updated expiration time Thread.sleep(100); // send request without cookie final PolicyTestRequest request = PolicyTestRequest.build(PolicyTestRequestType.GET, RESOURCE); request.header(Constants.HEADER_COOKIE, ""); sendAndExpect401(request, originalSession); }