1   /*
2    * Copyright 2004-2009 the Seasar Foundation and the Others.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13   * either express or implied. See the License for the specific language
14   * governing permissions and limitations under the License.
15   */
16  package org.seasar.cubby.validator.validators;
17  
18  import static org.easymock.EasyMock.anyObject;
19  import static org.easymock.EasyMock.createMock;
20  import static org.easymock.EasyMock.expect;
21  import static org.easymock.EasyMock.expectLastCall;
22  import static org.easymock.EasyMock.getCurrentArguments;
23  import static org.easymock.EasyMock.replay;
24  import static org.easymock.EasyMock.verify;
25  import static org.junit.Assert.assertFalse;
26  import static org.junit.Assert.assertTrue;
27  import static org.junit.Assert.fail;
28  
29  import java.util.HashMap;
30  import java.util.Map;
31  
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  import javax.servlet.http.HttpSession;
35  
36  import org.easymock.IAnswer;
37  import org.junit.Test;
38  import org.seasar.cubby.internal.controller.ThreadContext;
39  import org.seasar.cubby.internal.controller.ThreadContext.Command;
40  import org.seasar.cubby.internal.util.TokenHelper;
41  import org.seasar.cubby.validator.ValidationContext;
42  
43  public class TokenValidatorTest {
44  
45  	@Test
46  	public void validate() throws Exception {
47  		final HttpServletRequest request = createMock(HttpServletRequest.class);
48  		final HttpSession session = createMock(HttpSession.class);
49  		expect(request.getSession()).andStubReturn(session);
50  		expect(request.getSession(false)).andStubReturn(session);
51  
52  		final Map<String, Object> sessionAttributes = new HashMap<String, Object>();
53  		expect(session.getAttribute((String) anyObject())).andAnswer(
54  				new IAnswer<Object>() {
55  
56  					public Object answer() throws Throwable {
57  						return sessionAttributes.get(getCurrentArguments()[0]);
58  					}
59  
60  				}).anyTimes();
61  		session.setAttribute((String) anyObject(), anyObject());
62  		expectLastCall().andAnswer(new IAnswer<Object>() {
63  
64  			public Object answer() throws Throwable {
65  				sessionAttributes.put((String) getCurrentArguments()[0],
66  						getCurrentArguments()[1]);
67  				return null;
68  			}
69  		}).anyTimes();
70  		final HttpServletResponse response = createMock(HttpServletResponse.class);
71  		replay(request, session, response);
72  
73  		ThreadContext.runInContext(request, response, new Command() {
74  
75  			public void execute(final HttpServletRequest request,
76  					final HttpServletResponse response) throws Exception {
77  				final TokenValidator validator = new TokenValidator();
78  
79  				ValidationContext context = new ValidationContext();
80  				validator.validate(context, new Object[] { "tokenstring" });
81  				assertFalse("セッション中にトークン文字列が存在しないためエラー", context
82  						.getMessageInfos().isEmpty());
83  
84  				TokenHelper.setToken(session, "tokenstring");
85  				context = new ValidationContext();
86  				validator.validate(context, new Object[] { "tokenstring" });
87  				assertTrue("セッション中にトークン文字列が存在するためエラーではない", context
88  						.getMessageInfos().isEmpty());
89  
90  				context = new ValidationContext();
91  				validator.validate(context, new Object[] { "tokenstring" });
92  				assertFalse("セッション中のトークン文字列が除去された(2重サブミットの状態)ためエラー", context
93  						.getMessageInfos().isEmpty());
94  			}
95  
96  		});
97  
98  		verify(request, session, response);
99  	}
100 
101 	@Test
102 	public void requestIsNull() throws Exception {
103 		final HttpServletRequest request = createMock(HttpServletRequest.class);
104 		final HttpServletResponse response = createMock(HttpServletResponse.class);
105 		replay(request, response);
106 
107 		final TokenValidator validator = new TokenValidator();
108 		final ValidationContext context = new ValidationContext();
109 		try {
110 			validator.validate(context, new Object[] { "tokenstring" });
111 			fail("ThreadContext 外で実行した場合、ここは通らない");
112 		} catch (final IllegalStateException ex) {
113 		}
114 
115 		verify(request, response);
116 	}
117 
118 }