Security deny uncovered

Run
How to run the sample
The source code for this sample can be found in the javaee7-samples GitHub repository. The first thing we need to do is to get the source by downloading the repository and then go into the samples folder:
git clone git://github.com/javaee-samples/javaee7-samples.git
cd javaee7-samples/servlet/security-deny-uncovered/
Now we are ready to start testing. You can run all the tests in this sample by executing:
mvn test
Or you can run individual tests by executing one of the following:
mvn test -Dtest=SecureServletTest

SecureServletTest

Missing a description for the story. Add some javadoc to the TestClass. Show me how!
Missing a description for the deployment. Add some javadoc to the @Deployment method. Show me how!
@Deployment(testable = false)
public static WebArchive createDeployment() {
    WebArchive war = ShrinkWrap.create(WebArchive.class)
            .addClass(SecureServlet.class)
            .addAsResource(new File("src/main/resources/log4j.properties"))
            .addAsWebInfResource((new File("src/main/webapp/WEB-INF/web.xml")));

    System.out.println(war.toString(true));
    return war;
}
Missing a description for the test scenario. Add some javadoc to the @Test method. Show me how!
@Test
public void testGetMethod() throws Exception {
    webClient.setCredentialsProvider(correctCreds);
    TextPage page = webClient.getPage(base + "/SecureServlet");
    assertEquals("my GET", page.getContent());
}
Missing a description for the test scenario. Add some javadoc to the @Test method. Show me how!
@Test
public void testPostMethod() throws Exception {
    webClient.setCredentialsProvider(correctCreds);
    WebRequest request = new WebRequest(new URL(base + "SecureServlet"), HttpMethod.POST);
    try {
        TextPage p = webClient.getPage(request);
        System.out.println(p.getContent());
    } catch (FailingHttpStatusCodeException e) {
        assertNotNull(e);
        assertEquals(403, e.getStatusCode());
        return;
    }
    fail("POST method could be called even with deny-unocvered-http-methods");
}
Missing a description for the test scenario. Add some javadoc to the @Test method. Show me how!
@Test
public void testPutMethod() throws Exception {
    webClient.setCredentialsProvider(correctCreds);
    WebRequest request = new WebRequest(new URL(base + "SecureServlet"), HttpMethod.PUT);
    try {
        TextPage p = webClient.getPage(request);
        System.out.println(p.getContent());
    } catch (FailingHttpStatusCodeException e) {
        assertNotNull(e);
        assertEquals(403, e.getStatusCode());
        return;
    }
    fail("PUT method could be called even with deny-unocvered-http-methods");
}

Share the Knowledge

Find this sample useful? Share on

There's a lot more about JavaEE to cover. If you're ready to learn more, check out the other available samples.

Help Improve

Find a bug in the sample? Something missing? You can fix it by editing the source, making the correction and sending a pull request. Or report the problem to the issue tracker

Recent Changelog

  • Jul 12, 2014: New test for programmatic registration of servlets by arun-gupta
  • Dec 12, 2013: Adding a new sample/test to check for deny-uncovered-http element in web.xml by arun-gupta
How to help improve this sample
The source code for this sample can be found in the javaee7-samples GitHub repository. The first thing you need to do is to get the source by downloading the repository and then go into the samples folder:
git clone git://github.com/javaee-samples/javaee7-samples.git
cd javaee7-samples/servlet/security-deny-uncovered/

Do the changes as you see fit and send a pull request!

Good Luck!