@Test public void portletModeMappingViewRenderRequestWithUnauthorizedUserRole() throws Exception { MockRenderRequest request = new MockRenderRequest(); MockRenderResponse response = new MockRenderResponse(); request.setPortletMode(PortletMode.VIEW); request.addUserRole("role3"); request.setParameter("action", "not mapped"); request.setParameter("myParam", "not mapped"); complexDispatcherPortlet.doDispatch(request, response); Map<?, ?> model = (Map<?, ?>) request.getAttribute(ViewRendererServlet.MODEL_ATTRIBUTE); Exception exception = (Exception) model.get("exception"); assertNotNull(exception); assertTrue(exception.getClass().equals(PortletSecurityException.class)); InternalResourceView view = (InternalResourceView) request.getAttribute(ViewRendererServlet.VIEW_ATTRIBUTE); assertEquals("failed-default-1", view.getBeanName()); }
public void testUnauthorizedUser() throws Exception { UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor(); String validRole = "allowed"; interceptor.setAuthorizedRoles(new String[] {validRole}); MockRenderRequest request = new MockRenderRequest(); MockRenderResponse response = new MockRenderResponse(); Object handler = new Object(); request.addUserRole("someOtherRole"); assertFalse(request.isUserInRole(validRole)); try { interceptor.preHandle(request, response, handler); fail("should have thrown PortletSecurityException"); } catch (PortletSecurityException ex) { // expected } }
public void testRequestWithNoUserRoles() throws Exception { UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor(); String validRole = "allowed"; interceptor.setAuthorizedRoles(new String[] {validRole}); MockRenderRequest request = new MockRenderRequest(); MockRenderResponse response = new MockRenderResponse(); Object handler = new Object(); assertFalse(request.isUserInRole(validRole)); try { interceptor.preHandle(request, response, handler); fail("should have thrown PortletSecurityException"); } catch (PortletSecurityException ex) { // expected } }
@Test(expected = PortletSecurityException.class) public void unauthorizedUser() throws Exception { String validRole = "allowed"; interceptor.setAuthorizedRoles(new String[] {validRole}); request.addUserRole("someOtherRole"); assertFalse(request.isUserInRole(validRole)); interceptor.preHandle(request, response, new Object()); }
@Test(expected = PortletSecurityException.class) public void requestWithNoUserRoles() throws Exception { String validRole = "allowed"; interceptor.setAuthorizedRoles(new String[] {validRole}); assertFalse(request.isUserInRole(validRole)); interceptor.preHandle(request, response, new Object()); }
@Test public void portletModeMappingEditActionRequestWithUnauthorizedUserRole() throws Exception { MockActionRequest request = new MockActionRequest(); MockActionResponse response = new MockActionResponse(); request.setPortletMode(PortletMode.EDIT); request.addUserRole("role3"); request.setParameter("action", "not mapped"); request.setParameter("myParam", "not mapped"); complexDispatcherPortlet.processAction(request, response); String exception = response.getRenderParameter(DispatcherPortlet.ACTION_EXCEPTION_RENDER_PARAMETER); assertNotNull(exception); String name = PortletSecurityException.class.getName(); assertTrue(exception.startsWith(name)); }
@Override public void processAction(ActionRequest req, ActionResponse res) throws PortletException, PortletSecurityException, IOException { Application.setInPortalServer(true); try { super.processAction(req, res); } finally { Application.setInPortalServer(false); } }
@Override public void render(RenderRequest req, RenderResponse res) throws PortletException, PortletSecurityException, IOException { Application.setInPortalServer(true); try { super.render(req, res); } finally { Application.setInPortalServer(false); } }
public void testInterceptorWithNoAuthorizedRoles() throws Exception { UserRoleAuthorizationInterceptor interceptor = new UserRoleAuthorizationInterceptor(); MockRenderRequest request = new MockRenderRequest(); MockRenderResponse response = new MockRenderResponse(); Object handler = new Object(); request.addUserRole("someRole"); try { interceptor.preHandle(request, response, handler); fail("should have thrown PortletSecurityException"); } catch (PortletSecurityException ex) { // expected } }
public void testPortletModeMappingEditActionRequestWithUnauthorizedUserRole() throws Exception { MockActionRequest request = new MockActionRequest(); MockActionResponse response = new MockActionResponse(); request.setPortletMode(PortletMode.EDIT); request.addUserRole("role3"); request.setParameter("action", "not mapped"); request.setParameter("myParam", "not mapped"); complexDispatcherPortlet.processAction(request, response); String exception = response.getRenderParameter(DispatcherPortlet.ACTION_EXCEPTION_RENDER_PARAMETER); assertNotNull(exception); String name = PortletSecurityException.class.getName(); assertTrue(exception.startsWith(name)); }
public void testPortletModeMappingViewRenderRequestWithUnauthorizedUserRole() throws Exception { MockRenderRequest request = new MockRenderRequest(); MockRenderResponse response = new MockRenderResponse(); request.setPortletMode(PortletMode.VIEW); request.addUserRole("role3"); request.setParameter("action", "not mapped"); request.setParameter("myParam", "not mapped"); complexDispatcherPortlet.doDispatch(request, response); Map model = (Map) request.getAttribute(ViewRendererServlet.MODEL_ATTRIBUTE); Exception exception = (Exception) model.get("exception"); assertNotNull(exception); assertTrue(exception.getClass().equals(PortletSecurityException.class)); InternalResourceView view = (InternalResourceView) request.getAttribute(ViewRendererServlet.VIEW_ATTRIBUTE); assertEquals("failed-default-1", view.getBeanName()); }
/** * Sets the secure flag on the URl as required * * @throws JspException */ protected void handleSecureFlag() throws JspException { BaseURL url = getUrl(); if (secure != null && !secure.equalsIgnoreCase("true") && !secure.equalsIgnoreCase("false")) { StringBuilder txt = new StringBuilder(128); txt.append("Invalid secure option: ").append(secure); txt.append(", valid options: true, false"); throw new JspException(txt.toString()); } if(url == null){ throw new IllegalStateException("internal error: url not set"); } if (var != null) { pageContext.removeAttribute(var, PageContext.PAGE_SCOPE); } if (secure != null) { try { url.setSecure(isSecure()); } catch (PortletSecurityException e) { // ignore exception as Pluto doesn't support setSecure // throw new JspException(e); } } }
@Test(expected = PortletSecurityException.class) public void interceptorWithNoAuthorizedRoles() throws Exception { request.addUserRole("someRole"); interceptor.preHandle(request, response, new Object()); }
@Override public void setSecure(boolean secure) throws PortletSecurityException { this.secure = secure; }
public void setSecure(boolean secure) throws PortletSecurityException { this.secure = secure; }
@Override public void setSecure(boolean secure) throws PortletSecurityException { ((BaseURL)wrapped).setSecure(secure); }
public void setSecure(boolean secure) throws PortletSecurityException { urlProvider.setSecure(secure); }
public void setSecure(boolean secure) throws PortletSecurityException { throw new PortletSecurityException("setSecure is not supported."); }
/** * Handle a request that is not authorized according to this interceptor. * Default implementation throws a new PortletSecurityException. * <p>This method can be overridden to write a custom message, forward or * redirect to some error page or login page, or throw a PortletException. * @param request current portlet request * @param response current portlet response * @param handler chosen handler to execute, for type and/or instance evaluation * @throws javax.portlet.PortletException if there is an internal error * @throws java.io.IOException in case of an I/O error when writing the response */ protected void handleNotAuthorized(PortletRequest request, PortletResponse response, Object handler) throws PortletException, IOException { throw new PortletSecurityException("Request not authorized"); }
void setSecure(boolean secure) throws PortletSecurityException;