FORM auth more consistent with BASIC test

arjantijms · arjantijms · commit 8bdef708141f · 2019-11-20T00:57:22.000+01:00
Signed-off-by: arjantijms &lt;arjan.tijms@gmail.com&gt;
diff --git a/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/ErrorServlet.java b/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/ErrorServlet.java
@@ -1,6 +1,5 @@
-<!-- 
 /*
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+" * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
  * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
  *
@@ -38,20 +37,47 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
--->
+package org.javaee7.servlet.security.form.based;
 
-<%@page contentType="text/html" pageEncoding="UTF-8"%>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-    "http://www.w3.org/TR/html4/loose.dtd">
+import java.io.IOException;
 
-<html>
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <title>Form-based Security - Success</title>
-    </head>
-    <body>
-        <h1>Form-based Security - Success</h1>
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Arun Gupta
+ * @author Arjan Tijms
+ */
+@WebServlet("/ErrorServlet")
+public class ErrorServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
         
-        If you reached this page that means form-based security credentials are correctly configured.
-    </body>
-</html>
+        response.getWriter().print(
+                
+            "<html>" +
+                "<head>" +
+                    "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">" +
+                    "<title>Form-Based Login Error Page</title>" +
+                "</head>" +
+                    
+                "<body>" +
+                    "<h2>Invalid user name or password.</h2>" +
+                "</body>" +
+            "</html>" 
+            
+            );
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().print("my POST");
+    }
+}
diff --git a/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/LoginServlet.java b/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/LoginServlet.java
@@ -1,6 +1,5 @@
-<!-- 
 /*
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+" * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
  * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
  *
@@ -38,26 +37,51 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
--->
+package org.javaee7.servlet.security.form.based;
 
-<%@page contentType="text/html" pageEncoding="UTF-8"%>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-    "http://www.w3.org/TR/html4/loose.dtd">
+import java.io.IOException;
 
-<html>
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <title>Form-Based Login Page</title>
-    </head>
-    <body>
-        <h1>Form-Based Login Page</h1>
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
-        <form method="POST" action="j_security_check">
-            Username: <input type="text" name="j_username"> <p/>
-            Password: <input type="password" name="j_password" autocomplete="off"> <p/>
-            <input type="submit" value="Submit" name="submitButton">
-            <input type="reset" value="Reset">
-        </form>
+/**
+ * @author Arun Gupta
+ * @author Arjan Tijms
+ */
+@WebServlet("/LoginServlet")
+public class LoginServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        
+        response.getWriter().print(
+                
+            "<html>" +
+                "<head>" +
+                    "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">" +
+                    "<title>Form-Based Login Page</title>" +
+                "</head>" +
+                    
+                "<body>" +
+                    "<form method=\"POST\" action=\"j_security_check\">" +
+                        "Username: <input type=\"text\" name=\"j_username\"> <p/>" +
+                        "Password: <input type=\"password\" name=\"j_password\"> <p/>" +
+                        "<input type=\"submit\" value=\"Submit\" name=\"submitButton\">" +
+                    "</form>" +
+                "</body>" +
+            "</html>" 
+            
+            );
+    }
 
-    </body>
-</html>
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().print("my POST");
+    }
+}
diff --git a/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/SecureServlet.java b/servlet/security-form-based/src/main/java/org/javaee7/servlet/security/form/based/SecureServlet.java
@@ -1,4 +1,3 @@
-<!-- 
 /*
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
  *
@@ -38,29 +37,47 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
--->
+package org.javaee7.servlet.security.form.based;
 
-<%@page contentType="text/html" pageEncoding="UTF-8"%>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-    "http://www.w3.org/TR/html4/loose.dtd">
+import java.io.IOException;
 
-<html>
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <title>Form-Based Login Error Page</title>
-    </head>
-    <body>
-        <h1>Form-Based Login Error Page</h1>
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
-        <h2>Invalid user name or password.</h2>
+/**
+ * @author Arun Gupta
+ * @author Arjan Tijms
+ */
+@WebServlet("/SecureServlet")
+public class SecureServlet extends HttpServlet {
 
-        <p>Please enter a user name or password that is authorized to access this 
-            application. For this application, make sure to create a user: <p><p>
-        
-        For WildFly: Invoke "./bin/add-user.sh -a -u u1 -p p1 -g g1"<br>
-        For GlassFish: Invoke "./bin/asadmin create-file-user --groups g1 u1" and use the password "p1" when prompted.<br><br>
+    private static final long serialVersionUID = 1L;
 
-        Click here to <a href="index.jsp">Try Again</a></p>
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        
+        response.getWriter().print(
+                
+            "<html>" +
+                "<head>" +
+                    "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">" +
+                    "<title>Form-based Security - Success</title>" +
+                "</head>" +
+                    
+                "<body>" +
+                    "<h2>Form-based Security - Success</h2>" +
+                "</body>" +
+            "</html>" 
+            
+            );
+    }
 
-    </body>
-</html>
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().print("my POST");
+    }
+}
diff --git a/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml b/servlet/security-form-based/src/main/webapp/WEB-INF/web.xml
@@ -45,16 +45,10 @@
          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
          version="3.1">
     
-    <servlet>
-        <display-name>index</display-name>
-        <servlet-name>index</servlet-name>
-        <jsp-file>/index.jsp</jsp-file>
-    </servlet>
-    
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>SecurityConstraint</web-resource-name>
-            <url-pattern>/*</url-pattern>
+            <url-pattern>/SecureServlet</url-pattern>
         </web-resource-collection>
         <auth-constraint>
             <role-name>g1</role-name>
@@ -66,10 +60,9 @@
     
     <login-config>
         <auth-method>FORM</auth-method>
-        <realm-name>file</realm-name>
         <form-login-config>
-            <form-login-page>/loginform.jsp</form-login-page>
-            <form-error-page>/loginerror.jsp</form-error-page>
+            <form-login-page>/LoginServlet</form-login-page>
+            <form-error-page>/ErrorServlet</form-error-page>
         </form-login-config>
     </login-config>
     
diff --git a/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java b/servlet/security-form-based/src/test/java/org/javaee7/servlet/security/form/based/FormTest.java
@@ -41,17 +41,21 @@ public static WebArchive createDeployment() {
         addUsersToContainerIdentityStore();
         
         return create(WebArchive.class)
-            .addAsWebResource(new File(WEBAPP_SRC, "index.jsp"))
-            .addAsWebResource(new File(WEBAPP_SRC, "loginerror.jsp"))
-            .addAsWebResource(new File(WEBAPP_SRC, "loginform.jsp"))
+            .addClasses(
+                SecureServlet.class, 
+                LoginServlet.class, 
+                ErrorServlet.class)
+            
             .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "web.xml"))
             .addAsWebInfResource(new File(WEBAPP_SRC + "/WEB-INF", "glassfish-web.xml"));
     }
 
     @Before
     public void setup() throws IOException {
+        @SuppressWarnings("resource")
         WebClient webClient = new WebClient();
-        HtmlPage page = webClient.getPage(base + "/index.jsp");
+        HtmlPage page = webClient.getPage(base + "SecureServlet");
+        
         loginForm = page.getForms().get(0);
     }
     
