← Back to branch summary

~james-page/ubuntu/precise/jenkins/954960-1.424.6

« back to all changes in this revision

Viewing changes to test/src/test/java/hudson/security/ExtendedReadPermissionTest.java

  • Committer: Package Import Robot
  • Author(s): James Page, James Page, Damien Raude-Morvan
  • Date: 2012-01-14 18:41:37 UTC
  • mfrom: (1.1.3) (5.1.2 sid)
  • Revision ID: package-import@ubuntu.com-20120114184137-1pxuj76htdqukbia
Tags: 1.409.3+dfsg-2
[ James Page ]
* http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
  - Rebuild to pickup new versions of jenkins-winstone (>= 0.9.10-jenkins-31)
    and jenkins-executable-war (>= 1.25) to fix Hash DoS vulnerability in
    jenkins when running standalone.

[ Damien Raude-Morvan ]
* Add DM-Upload-Allowed flag for James Page.

Show diffs side-by-side

added added

removed removed

Lines of Context:
test/src/test/java/hudson/security/ExtendedReadPermissionTest.java
1
 
package hudson.security;
2
 
 
3
 
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
4
 
import com.gargoylesoftware.htmlunit.html.HtmlButton;
5
 
import com.gargoylesoftware.htmlunit.html.HtmlForm;
6
 
import com.gargoylesoftware.htmlunit.html.HtmlPage;
7
 
import hudson.model.Item;
8
 
import org.jvnet.hudson.test.HudsonTestCase;
9
 
import org.jvnet.hudson.test.recipes.LocalData;
10
 
 
11
 
/**
12
 
 *
13
 
 * @author dty
14
 
 */
15
 
public class ExtendedReadPermissionTest extends HudsonTestCase {
16
 
    private boolean enabled;
17
 
 
18
 
    @Override
19
 
    protected void setUp() throws Exception {
20
 
        super.setUp();
21
 
        enabled = Item.EXTENDED_READ.getEnabled();
22
 
    }
23
 
 
24
 
    @Override
25
 
    protected void tearDown() throws Exception {
26
 
        Item.EXTENDED_READ.setEnabled(enabled);
27
 
        super.tearDown();
28
 
    }
29
 
 
30
 
    /**
31
 
     * alice: Job/Configure+Read
32
 
     * bob: Job/Read
33
 
     * charlie: Job/ExtendedRead+Read
34
 
     */
35
 
 
36
 
    private void setPermissionEnabled(boolean enabled) throws Exception {
37
 
        Item.EXTENDED_READ.setEnabled(enabled);
38
 
    }
39
 
 
40
 
 
41
 
    @LocalData
42
 
    public void testReadOnlyConfigAccessWithPermissionEnabled() throws Exception {
43
 
        setPermissionEnabled(true);
44
 
 
45
 
        AuthorizationStrategy as = hudson.getAuthorizationStrategy();
46
 
        assertTrue("Expecting GlobalMatrixAuthorizationStrategy", (as instanceof GlobalMatrixAuthorizationStrategy));
47
 
        GlobalMatrixAuthorizationStrategy gas = (GlobalMatrixAuthorizationStrategy)as;
48
 
        assertTrue("Charlie should have extended read for this test", gas.hasExplicitPermission("charlie",Item.EXTENDED_READ));
49
 
 
50
 
        WebClient wc = new WebClient().login("charlie","charlie");
51
 
        HtmlPage page = wc.goTo("job/a/configure");
52
 
        HtmlForm form = page.getFormByName("config");
53
 
        HtmlButton saveButton = getButtonByCaption(form,"Save");
54
 
        assertNull(saveButton);
55
 
    }
56
 
 
57
 
    @LocalData
58
 
    public void testReadOnlyConfigAccessWithPermissionDisabled() throws Exception {
59
 
        setPermissionEnabled(false);
60
 
        
61
 
        AuthorizationStrategy as = hudson.getAuthorizationStrategy();
62
 
        assertTrue("Expecting GlobalMatrixAuthorizationStrategy", (as instanceof GlobalMatrixAuthorizationStrategy));
63
 
        GlobalMatrixAuthorizationStrategy gas = (GlobalMatrixAuthorizationStrategy)as;
64
 
        assertFalse("Charlie should not have extended read for this test", gas.hasExplicitPermission("charlie",Item.EXTENDED_READ));
65
 
 
66
 
        WebClient wc = new WebClient().login("charlie","charlie");
67
 
        try {
68
 
            HtmlPage page = wc.goTo("job/a/configure");
69
 
        }
70
 
        catch (FailingHttpStatusCodeException e) {
71
 
            assertEquals(403,e.getStatusCode());
72
 
            return;
73
 
        }
74
 
 
75
 
        fail("Charlie should not have been able to access the configuration page");
76
 
    }
77
 
 
78
 
    @LocalData
79
 
    public void testNoConfigAccessWithPermissionEnabled() throws Exception {
80
 
        setPermissionEnabled(true);
81
 
 
82
 
        AuthorizationStrategy as = hudson.getAuthorizationStrategy();
83
 
        assertTrue("Expecting GlobalMatrixAuthorizationStrategy", (as instanceof GlobalMatrixAuthorizationStrategy));
84
 
        GlobalMatrixAuthorizationStrategy gas = (GlobalMatrixAuthorizationStrategy)as;
85
 
        assertFalse("Bob should not have extended read for this test", gas.hasExplicitPermission("bob",Item.EXTENDED_READ));
86
 
 
87
 
        WebClient wc = new WebClient().login("bob","bob");
88
 
        try {
89
 
            HtmlPage page = wc.goTo("job/a/configure");
90
 
        }
91
 
        catch (FailingHttpStatusCodeException e) {
92
 
            assertEquals(403,e.getStatusCode());
93
 
            return;
94
 
        }
95
 
 
96
 
        fail("Bob should not have been able to access the configuration page");
97
 
    }
98
 
 
99
 
/*
100
 
    @LocalData
101
 
    public void testConfigureLink() throws Exception {
102
 
        
103
 
    }
104
 
 
105
 
    @LocalData
106
 
    public void testViewConfigurationLink() throws Exception {
107
 
 
108
 
    }
109
 
    
110
 
    @LocalData
111
 
    public void testMatrixWithPermissionEnabled() throws Exception {
112
 
    }
113
 
 
114
 
    @LocalData
115
 
    public void testMatrixWithPermissionDisabled() throws Exception {
116
 
        
117
 
    }
118
 
 */
119
 
}