001/* 002 * Licensed to DuraSpace under one or more contributor license agreements. 003 * See the NOTICE file distributed with this work for additional information 004 * regarding copyright ownership. 005 * 006 * DuraSpace licenses this file to you under the Apache License, 007 * Version 2.0 (the "License"); you may not use this file except in 008 * compliance with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.fcrepo.auth.integration; 019 020import static org.junit.Assert.assertEquals; 021import static org.junit.Assert.assertTrue; 022 023import org.apache.http.HttpResponse; 024import org.apache.http.client.methods.HttpGet; 025import org.apache.http.client.methods.HttpPost; 026import org.apache.http.client.methods.HttpPut; 027import org.apache.http.util.EntityUtils; 028import org.junit.Test; 029 030 031/** 032 * <p>FedoraResponseCodesIT class.</p> 033 * 034 * @author gregjan 035 */ 036public class FedoraResponseCodesIT extends AbstractResourceIT { 037 038 @Test 039 public void testAllowedAddDatastream() throws Exception { 040 final String pid = getRandomUniquePid() + "Permit"; 041 final HttpPut objMethod = putObjMethod(pid); 042 assertEquals(201, getStatus(objMethod)); 043 044 final HttpPost method = postDSMethod(pid, "zxcpermit", "foo"); 045 final HttpResponse response = client.execute(method); 046 final String location = response.getFirstHeader("Location").getValue(); 047 assertEquals(201, response.getStatusLine().getStatusCode()); 048 assertEquals("Got wrong URI in Location header for datastream creation!", serverAddress + pid + 049 "/zxcpermit/jcr:content", location); 050 } 051 052 @Test 053 public void testDeniedAddDatastream() throws Exception { 054 final String pid = getRandomUniquePid() + "Permit"; 055 final HttpPut objMethod = putObjMethod(pid); 056 057 assertEquals(201, getStatus(objMethod)); 058 059 final HttpPut obj2Method = putObjMethod(pid + "/FedoraDatastreamsTest2Deny"); 060 assertEquals(201, getStatus(obj2Method)); 061 062 final HttpPost method = postDSMethod(pid + "/FedoraDatastreamsTest2Deny", "zxc", "foo"); 063 final HttpResponse response = client.execute(method); 064 assertEquals(403, response.getStatusLine().getStatusCode()); 065 } 066 067 @Test 068 public void testAllowedAddDeepDatastream() throws Exception { 069 final String pid = getRandomUniquePid() + "Permit"; 070 final HttpPut method = 071 putDSMethod(pid + "/does_permit/not_permit/exist_permit/yet_permit", "zxc_permit", "foo"); 072 073 final HttpResponse response = client.execute(method); 074 final String location = 075 response.getFirstHeader("Location").getValue(); 076 assertEquals(201, response.getStatusLine().getStatusCode()); 077 assertEquals("Got wrong URI in Location header for datastream creation!", serverAddress + pid + 078 "/does_permit/not_permit/exist_permit/yet_permit/zxc_permit/jcr:content", location); 079 } 080 081 @Test 082 public void testDeniedAddDeepDatastream() throws Exception { 083 final String pid = getRandomUniquePid() + "Permit"; 084 final HttpPut method = 085 putDSMethod( 086 pid + "/does_permit/not_permit/exist_permit/yet_permit/allowed_child", 087 "zxc", "foo"); 088 final HttpResponse response = client.execute(method); 089 assertEquals(403, response.getStatusLine().getStatusCode()); 090 } 091 092 @Test 093 public void testAllowedPutDatastream() throws Exception { 094 final String pid = getRandomUniquePid() + "Permit"; 095 final HttpPut objMethod = putObjMethod(pid); 096 assertEquals(201, getStatus(objMethod)); 097 final HttpPut method = putDSMethod(pid, "zxc_permit", "foo"); 098 final HttpResponse response = client.execute(method); 099 assertEquals(201, response.getStatusLine().getStatusCode()); 100 } 101 102 @Test 103 public void testDeniedPutDatastream() throws Exception { 104 final String pid = getRandomUniquePid() + "Permit"; 105 106 final HttpPut objMethod = putObjMethod(pid + "/allowed_child"); 107 assertEquals(201, getStatus(objMethod)); 108 109 final HttpPut method = putDSMethod(pid + "/allowed_child", "zxc", "foo"); 110 final HttpResponse response = client.execute(method); 111 assertEquals(403, response.getStatusLine().getStatusCode()); 112 } 113 114 // @Test 115 public void testGetDatastreamContent() throws Exception { 116 final String pid = getRandomUniquePid() + "Permit"; 117 // TODO requires Grizzly client authN, see: 118 // https://java.net/projects/jersey/sources/svn/content/trunk/jersey/samples/https-clientserver-grizzly/src 119 // /main/java/com/sun/jersey/samples/https_grizzly/Server.java?rev=5853 120 // https://java.net/projects/jersey/sources/svn/content/trunk/jersey/samples/https-clientserver-grizzly/src 121 // /main/java/com/sun/jersey/samples/https_grizzly/auth/SecurityFilter.java?rev=5853 122 123 final HttpPut objMethod = 124 putObjMethod(pid); 125 126 assertEquals(201, getStatus(objMethod)); 127 128 final HttpPost createDSMethod = postDSMethod(pid, "ds1", "marbles for everyone"); 129 assertEquals(201, getStatus(createDSMethod)); 130 131 final HttpGet method_test_get = new HttpGet(serverAddress + pid + "/ds1/jcr:content"); 132 assertEquals(200, getStatus(method_test_get)); 133 134 final HttpResponse response = client.execute(method_test_get); 135 136 logger.debug("Returned from HTTP GET, now checking content..."); 137 assertTrue("Got the wrong content back!", "marbles for everyone" 138 .equals(EntityUtils.toString(response.getEntity()))); 139 140 assertEquals("urn:sha1:ba6cb22191300aebcfcfb83de9635d6b224677df", 141 response.getFirstHeader("ETag").getValue().replace("\"", "")); 142 143 logger.debug("Content was correct."); 144 } 145}