IP2017-75 Changed path and way to login user on publish AEM 6.2

wttech · Jul 24, 2017 · f43aa3d · f43aa3d
1 parent 4c4829d
commit f43aa3d
Showing 1 changed file with 56 additions and 37 deletions.
diff --git a/src/main/java/com/cognifide/secureaem/tests/DefaultPasswordsTest.java b/src/main/java/com/cognifide/secureaem/tests/DefaultPasswordsTest.java
@@ -4,13 +4,15 @@
 import java.net.HttpURLConnection;
 import java.net.URISyntaxException;
 
+import java.util.ArrayList;
+import java.util.List;
 import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
 import org.apache.http.auth.AuthenticationException;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.message.BasicNameValuePair;
 import org.apache.http.util.EntityUtils;
 
 import com.cognifide.secureaem.AbstractTest;
@@ -21,42 +23,59 @@
 
 /**
  * Check if user with given login and password exists on given instance.
- * 
- * @author trekawek
  *
+ * @author trekawek
  */
 public class DefaultPasswordsTest extends AbstractTest implements AuthorTest, PublishTest {
 
-	public DefaultPasswordsTest(Configuration config) {
-		super(config);
-	}
-
-	@Override
-	public boolean doTest(String url, String instanceName) throws Exception {
-		boolean ok = true;
-		String[] users = config.getStringList("users");
-		for (String user : users) {
-			String[] split = UserHelper.splitUser(user);
-			if (split[1] != null && remoteUserExists(split, url)) {
-				addErrorMessage("User %s exists on %s", user, instanceName);
-				ok = false;
-			} else {
-				addInfoMessage("User %s doesn't exists on %s", user, instanceName);
-			}
-		}
-		return ok;
-	}
-
-	private boolean remoteUserExists(String[] user, String url) throws URISyntaxException,
-			IOException, AuthenticationException {
-		UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user[0], user[1]);
-		DefaultHttpClient authorizedClient = new DefaultHttpClient();
-		HttpUriRequest request = new HttpGet(url);
-		request.addHeader(new BasicScheme().authenticate(creds, request, null));
-		HttpResponse response = authorizedClient.execute(request);
-		EntityUtils.consume(response.getEntity());
-		int code = response.getStatusLine().getStatusCode();
-		return code != HttpURLConnection.HTTP_UNAUTHORIZED;
-	}
+  private static final String USERNAME_FORM_PARAM_NAME = "j_username";
+  private static final String ALTERNATIVE_LOGIN_PATH = "/libs/granite/core/content/login.html/j_security_check";
+  private static final String PASSWORD_FORM_PARAM_NAME = "j_password";
+  private static final String IS_VALIDATE_FORM_PARAM_NAME = "j_validate";
+
+  public DefaultPasswordsTest(Configuration config) {
+    super(config);
+  }
+
+  @Override
+  public boolean doTest(String url, String instanceName) throws Exception {
+    String alternativeUrl = url + ALTERNATIVE_LOGIN_PATH;
+    boolean ok = true;
+    String[] users = config.getStringList("users");
+    for (String user : users) {
+      String[] split = UserHelper.splitUser(user);
+      if (split[1] != null && remoteUserExists(split, alternativeUrl)) {
+        addErrorMessage("User %s exists on %s", user, instanceName);
+        ok = false;
+      } else {
+        addInfoMessage("User %s doesn't exists on %s", user, instanceName);
+      }
+    }
+    return ok;
+  }
+
+  private boolean remoteUserExists(String[] user, String url) throws URISyntaxException,
+      IOException, AuthenticationException {
+    DefaultHttpClient authorizedClient = new DefaultHttpClient();
+
+    HttpPost httpPost = new HttpPost(url);
+    List<NameValuePair> params = getRequestParamsList(user);
+    httpPost.setEntity(new UrlEncodedFormEntity(params));
+
+    HttpResponse response = authorizedClient.execute(httpPost);
+    EntityUtils.consume(response.getEntity());
+    int code = response.getStatusLine().getStatusCode();
+    return code != HttpURLConnection.HTTP_FORBIDDEN;
+  }
+
+  private List<NameValuePair> getRequestParamsList(String[] user) {
+    List<NameValuePair> params = new ArrayList<>();
+
+    params.add(new BasicNameValuePair(USERNAME_FORM_PARAM_NAME, user[0]));
+    params.add(new BasicNameValuePair(PASSWORD_FORM_PARAM_NAME, user[1]));
+    params.add(new BasicNameValuePair(IS_VALIDATE_FORM_PARAM_NAME, "true"));
+
+    return params;
+  }
 
 }