1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.seasar.cubby.validator.validators;
18
19 import static org.easymock.EasyMock.anyObject;
20 import static org.easymock.EasyMock.createMock;
21 import static org.easymock.EasyMock.expect;
22 import static org.easymock.EasyMock.expectLastCall;
23 import static org.easymock.EasyMock.getCurrentArguments;
24 import static org.easymock.EasyMock.replay;
25 import static org.easymock.EasyMock.verify;
26 import static org.junit.Assert.assertFalse;
27 import static org.junit.Assert.assertTrue;
28
29 import java.util.HashMap;
30 import java.util.Map;
31
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34 import javax.servlet.http.HttpSession;
35
36 import org.easymock.IAnswer;
37 import org.junit.Test;
38 import org.seasar.cubby.internal.controller.ThreadContext;
39 import org.seasar.cubby.internal.util.TokenHelper;
40 import org.seasar.cubby.validator.ValidationContext;
41
42 public class TokenValidatorTest {
43
44 @Test
45 public void validate() throws Exception {
46 final HttpServletRequest request = createMock(HttpServletRequest.class);
47 final HttpSession session = createMock(HttpSession.class);
48 expect(request.getSession()).andStubReturn(session);
49 expect(request.getSession(false)).andStubReturn(session);
50
51 final Map<String, Object> sessionAttributes = new HashMap<String, Object>();
52 expect(session.getAttribute((String) anyObject())).andAnswer(
53 new IAnswer<Object>() {
54
55 public Object answer() throws Throwable {
56 return sessionAttributes.get(getCurrentArguments()[0]);
57 }
58
59 }).anyTimes();
60 session.setAttribute((String) anyObject(), anyObject());
61 expectLastCall().andAnswer(new IAnswer<Object>() {
62
63 public Object answer() throws Throwable {
64 sessionAttributes.put((String) getCurrentArguments()[0],
65 getCurrentArguments()[1]);
66 return null;
67 }
68 }).anyTimes();
69 final HttpServletResponse response = createMock(HttpServletResponse.class);
70 replay(request, session, response);
71
72 ThreadContext.enter(request, response);
73 try {
74 final TokenValidator validator = new TokenValidator();
75
76 ValidationContext context = new ValidationContext();
77 validator.validate(context, new Object[]{"tokenstring"});
78 assertFalse("セッション中にトークン文字列が存在しないためエラー", context.getMessageInfos()
79 .isEmpty());
80
81 TokenHelper.setToken(session, "tokenstring");
82 context = new ValidationContext();
83 validator.validate(context, new Object[]{"tokenstring"});
84 assertTrue("セッション中にトークン文字列が存在するためエラーではない", context
85 .getMessageInfos().isEmpty());
86
87 context = new ValidationContext();
88 validator.validate(context, new Object[]{"tokenstring"});
89 assertFalse("セッション中のトークン文字列が除去された(2重サブミットの状態)ためエラー", context
90 .getMessageInfos().isEmpty());
91 } finally {
92 ThreadContext.exit();
93 }
94 ThreadContext.remove();
95
96 verify(request, session, response);
97 }
98
99 }