inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD (5.2) to 5.2.N (5.2.1)

Browse Source 
127562 jkaabimofrad: Merged API-STRIKES-BACK (5.2.0) to HEAD (5.2)
      125748 jkaabimofrad: RA-933, RA-934, RA-972: Modified the logout and validate ticket API to support only "-me-" (dummy parameter) in the URL path rather than ticket id. Also, renamed the JSON attributes.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@127656 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-06-03 14:08:59 +00:00
parent b9f4a68302
commit ad267ea682
6 changed files with 129 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/rest/api/Authentications.java
View File

@@ -32,7 +32,7 @@ public interface Authentications
LoginTicketResponse createTicket(LoginTicket loginRequest, Parameters parameters); LoginTicketResponse createTicket(LoginTicket loginRequest, Parameters parameters);
LoginTicketResponse validateTicket(String ticket, Parameters parameters, WithResponse withResponse); LoginTicketResponse validateTicket(String me, Parameters parameters, WithResponse withResponse);
void deleteTicket(String ticket, Parameters parameters, WithResponse withResponse); void deleteTicket(String me, Parameters parameters, WithResponse withResponse);
} }

10
source/java/org/alfresco/rest/api/authentications/AuthenticationTicketsEntityResource.java
View File

@@ -72,17 +72,17 @@ public class AuthenticationTicketsEntityResource implements EntityResourceAction
return Collections.singletonList(result); return Collections.singletonList(result);
} }
@WebApiDescription(title = "Validate login ticket", description = "Validates the specified ticket is still valid.") @WebApiDescription(title = "Validate login ticket", description = "Validate login ticket.")
@Override @Override
public LoginTicket readById(String ticket, Parameters parameters, WithResponse withResponse) public LoginTicket readById(String me, Parameters parameters, WithResponse withResponse)
{ {
return authentications.validateTicket(ticket, parameters, withResponse); return authentications.validateTicket(me, parameters, withResponse);
} }
@WebApiDescription(title = "Logout", description = "Logout.") @WebApiDescription(title = "Logout", description = "Logout.")
@Override @Override
public void delete(String ticket, Parameters parameters, WithResponse withResponse) public void delete(String me, Parameters parameters, WithResponse withResponse)
{ {
authentications.deleteTicket(ticket, parameters, withResponse); authentications.deleteTicket(me, parameters, withResponse);
} }
} }

69
source/java/org/alfresco/rest/api/impl/AuthenticationsImpl.java
View File

@@ -21,8 +21,10 @@ package org.alfresco.rest.api.impl;
import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.Authorization;
import org.alfresco.repo.security.authentication.TicketComponent; import org.alfresco.repo.security.authentication.TicketComponent;
import org.alfresco.rest.api.Authentications; import org.alfresco.rest.api.Authentications;
import org.alfresco.rest.api.People;
import org.alfresco.rest.api.model.LoginTicket; import org.alfresco.rest.api.model.LoginTicket;
import org.alfresco.rest.api.model.LoginTicketResponse; import org.alfresco.rest.api.model.LoginTicketResponse;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
@@ -32,6 +34,7 @@ import org.alfresco.rest.framework.webscripts.WithResponse;
import org.alfresco.service.cmr.security.AuthenticationService; import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.util.PropertyCheck; import org.alfresco.util.PropertyCheck;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.springframework.extensions.surf.util.Base64;
import org.springframework.extensions.webscripts.Status; import org.springframework.extensions.webscripts.Status;
/** /**
@@ -39,6 +42,9 @@ import org.springframework.extensions.webscripts.Status;
*/ */
public class AuthenticationsImpl implements Authentications public class AuthenticationsImpl implements Authentications
{ {
private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String PARAM_ALF_TICKET = "alf_ticket";
private AuthenticationService authenticationService; private AuthenticationService authenticationService;
private TicketComponent ticketComponent; private TicketComponent ticketComponent;
@@ -65,11 +71,11 @@ public class AuthenticationsImpl implements Authentications
try try
{ {
// get ticket // get ticket
authenticationService.authenticate(loginRequest.getUsername(), loginRequest.getPassword().toCharArray()); authenticationService.authenticate(loginRequest.getUserId(), loginRequest.getPassword().toCharArray());
LoginTicketResponse response = new LoginTicketResponse(); LoginTicketResponse response = new LoginTicketResponse();
response.setUsername(loginRequest.getUsername()); response.setUserId(loginRequest.getUserId());
response.setTicket(authenticationService.getCurrentTicket()); response.setId(authenticationService.getCurrentTicket());
return response; return response;
} }
@@ -84,18 +90,19 @@ public class AuthenticationsImpl implements Authentications
} }
@Override @Override
public LoginTicketResponse validateTicket(String ticket, Parameters parameters, WithResponse withResponse) public LoginTicketResponse validateTicket(String me, Parameters parameters, WithResponse withResponse)
{ {
if (StringUtils.isEmpty(ticket)) if (!People.DEFAULT_USER.equals(me))
{ {
throw new InvalidArgumentException("ticket can't be null or empty."); throw new InvalidArgumentException("Invalid parameter: " + me);
} }
final String ticket = getTicket(parameters);
try try
{ {
String ticketUser = ticketComponent.validateTicket(ticket); final String ticketUser = ticketComponent.validateTicket(ticket);
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser(); final String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
// do not go any further if tickets are different // do not go any further if tickets are different
// or the user is not fully authenticated // or the user is not fully authenticated
if (currentUser == null || !currentUser.equals(ticketUser)) if (currentUser == null || !currentUser.equals(ticketUser))
@@ -108,23 +115,24 @@ public class AuthenticationsImpl implements Authentications
withResponse.setStatus(Status.STATUS_NOT_FOUND); withResponse.setStatus(Status.STATUS_NOT_FOUND);
} }
LoginTicketResponse response = new LoginTicketResponse(); LoginTicketResponse response = new LoginTicketResponse();
response.setTicket(ticket); response.setId(ticket);
return response; return response;
} }
@Override @Override
public void deleteTicket(String ticket, Parameters parameters, WithResponse withResponse) public void deleteTicket(String me, Parameters parameters, WithResponse withResponse)
{ {
if (StringUtils.isEmpty(ticket)) if (!People.DEFAULT_USER.equals(me))
{ {
throw new InvalidArgumentException("ticket can't be null or empty."); throw new InvalidArgumentException("Invalid parameter: " + me);
} }
final String ticket = getTicket(parameters);
try try
{ {
String ticketUser = ticketComponent.validateTicket(ticket); final String ticketUser = ticketComponent.validateTicket(ticket);
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser(); final String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
// do not go any further if tickets are different // do not go any further if tickets are different
// or the user is not fully authenticated // or the user is not fully authenticated
if (currentUser == null || !currentUser.equals(ticketUser)) if (currentUser == null || !currentUser.equals(ticketUser))
@@ -145,9 +153,40 @@ public class AuthenticationsImpl implements Authentications
protected void validateLoginRequest(LoginTicket loginTicket) protected void validateLoginRequest(LoginTicket loginTicket)
{ {
if (loginTicket == null || loginTicket.getUsername() == null || loginTicket.getPassword() == null) if (loginTicket == null || loginTicket.getUserId() == null || loginTicket.getPassword() == null)
{ {
throw new InvalidArgumentException("Invalid login details."); throw new InvalidArgumentException("Invalid login details.");
} }
} }
protected String getTicket(Parameters parameters)
{
// First check the alf_ticket in the URL
final String alfTicket = parameters.getParameter(PARAM_ALF_TICKET);
if (StringUtils.isNotEmpty(alfTicket))
{
return alfTicket;
}
// Check the Authorization header
final String authorization = parameters.getRequest().getHeader(AUTHORIZATION_HEADER);
if (StringUtils.isEmpty(authorization))
{
throw new InvalidArgumentException("Authorization header is required.");
}
final String[] authorizationParts = authorization.split(" ");
if (!authorizationParts[0].equalsIgnoreCase("basic"))
{
throw new InvalidArgumentException("Authorization '" + authorizationParts[0] + "' not supported.");
}
final String decodedAuthorisation = new String(Base64.decode(authorizationParts[1]));
Authorization authObj = new Authorization(decodedAuthorisation);
if (!authObj.isTicket())
{
throw new InvalidArgumentException("Ticket base authentication required.");
}
return authObj.getTicket();
}
} }

24
source/java/org/alfresco/rest/api/model/LoginTicket.java
View File

@@ -24,18 +24,18 @@ package org.alfresco.rest.api.model;
*/ */
public class LoginTicket public class LoginTicket
{ {
protected String username; protected String userId;
protected String password; protected String password;
protected String ticket; protected String id;
public String getUsername() public String getUserId()
{ {
return username; return userId;
} }
public void setUsername(String username) public void setUserId(String userId)
{ {
this.username = username; this.userId = userId;
} }
public String getPassword() public String getPassword()
@@ -48,23 +48,23 @@ public class LoginTicket
this.password = password; this.password = password;
} }
public String getTicket() public String getId()
{ {
return ticket; return id;
} }
public void setTicket(String ticket) public void setId(String id)
{ {
this.ticket = ticket; this.id = id;
} }
@Override @Override
public String toString() public String toString()
{ {
final StringBuilder sb = new StringBuilder(150); final StringBuilder sb = new StringBuilder(150);
sb.append("LoginTicket [username=").append(username) sb.append("LoginTicket [userId=").append(userId)
.append(", password=").append(password) .append(", password=").append(password)
.append(", ticket=").append(ticket) .append(", id=").append(id)
.append(']'); .append(']');
return sb.toString(); return sb.toString();
} }

4
source/java/org/alfresco/rest/api/model/LoginTicketResponse.java
View File

@@ -46,9 +46,9 @@ public class LoginTicketResponse extends LoginTicket
public String toString() public String toString()
{ {
final StringBuilder sb = new StringBuilder(150); final StringBuilder sb = new StringBuilder(150);
sb.append("LoginTicketResponse [username=").append(username) sb.append("LoginTicketResponse [userId=").append(userId)
.append(", password=").append(password) .append(", password=").append(password)
.append(", ticket=").append(ticket) .append(", id=").append(id)
.append(']'); .append(']');
return sb.toString(); return sb.toString();
} }

121
source/test-java/org/alfresco/rest/api/tests/AuthenticationsTest.java
View File

@@ -24,6 +24,7 @@ import static org.junit.Assert.assertNotNull;
import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback; import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.rest.api.Nodes; import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.People;
import org.alfresco.rest.api.model.LoginTicket; import org.alfresco.rest.api.model.LoginTicket;
import org.alfresco.rest.api.model.LoginTicketResponse; import org.alfresco.rest.api.model.LoginTicketResponse;
import org.alfresco.rest.api.sites.SiteEntityResource; import org.alfresco.rest.api.sites.SiteEntityResource;
@@ -113,7 +114,7 @@ public class AuthenticationsTest extends AbstractBaseApiTest
getAll(SiteEntityResource.class, null, paging, null, 401); getAll(SiteEntityResource.class, null, paging, null, 401);
/* /*
* user1 login * user1 login - via alf_ticket parameter
*/ */
// User1 login request // User1 login request
@@ -121,54 +122,60 @@ public class AuthenticationsTest extends AbstractBaseApiTest
// Invalid login details // Invalid login details
post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400); post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400);
loginRequest.setUsername(null); loginRequest.setUserId(null);
loginRequest.setPassword("user1Password"); loginRequest.setPassword("user1Password");
// Invalid login details // Invalid login details
post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400); post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400);
loginRequest.setUsername(user1); loginRequest.setUserId(user1);
loginRequest.setPassword(null); loginRequest.setPassword(null);
// Invalid login details // Invalid login details
post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400); post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 400);
loginRequest.setUsername(user1); loginRequest.setUserId(user1);
loginRequest.setPassword("user1Password"); loginRequest.setPassword("user1Password");
// Authenticate and create a ticket // Authenticate and create a ticket
HttpResponse response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201); HttpResponse response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201);
LoginTicketResponse loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class); LoginTicketResponse loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull(loginResponse.getTicket()); assertNotNull(loginResponse.getId());
assertNotNull(loginResponse.getUsername()); assertNotNull(loginResponse.getUserId());
// Get list of sites by appending the alf_ticket to the URL // Get list of sites by appending the alf_ticket to the URL
// e.g. .../alfresco/versions/1/sites/?alf_ticket=TICKET_57866258ea56c28491bb3e75d8355ebf6fbaaa23 // e.g. .../alfresco/versions/1/sites/?alf_ticket=TICKET_57866258ea56c28491bb3e75d8355ebf6fbaaa23
Map<String, String> ticket = Collections.singletonMap("alf_ticket", loginResponse.getTicket()); Map<String, String> ticket = Collections.singletonMap("alf_ticket", loginResponse.getId());
getAll(SiteEntityResource.class, null, paging, ticket, 200); getAll(SiteEntityResource.class, null, paging, ticket, 200);
// Validate ticket // Unauthorized - Invalid ticket
response = getSingle("tickets", null, loginResponse.getTicket(), ticket, 200); getAll(SiteEntityResource.class, null, paging, Collections.singletonMap("alf_ticket", "TICKET_" + System.currentTimeMillis()), 401);
LoginTicketResponse validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertEquals(loginResponse.getTicket(), validatedTicket.getTicket());
// Validate ticket - non-existent ticket // Validate ticket - Invalid parameter. Only '-me-' is supported
getSingle("tickets", null, "TICKET_" + System.currentTimeMillis(), ticket, 404); getSingle("tickets", null, loginResponse.getId(), ticket, 400);
// Validate ticket
response = getSingle("tickets", null, People.DEFAULT_USER, ticket, 200);
LoginTicketResponse validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertEquals(loginResponse.getId(), validatedTicket.getId());
// Validate ticket - Invalid parameter. Only '-me-' is supported
getSingle("tickets", null, loginResponse.getId(), ticket, 400);
// Delete the ticket - Logout // Delete the ticket - Logout
delete("tickets", null, loginResponse.getTicket(), ticket, 204); delete("tickets", null, People.DEFAULT_USER, ticket, 204);
// Validate ticket - 401 as ticket has been invalidated so the API call is unauthorized // Validate ticket - 401 as ticket has been invalidated so the API call is unauthorized
getSingle("tickets", null, loginResponse.getTicket(), ticket, 401); getSingle("tickets", null, People.DEFAULT_USER, ticket, 401);
// Check the ticket has been invalidated - the difference with the above is that the API call is authorized // Check the ticket has been invalidated - the difference with the above is that the API call is authorized
getSingle("tickets", user1, loginResponse.getTicket(), ticket, 404); getSingle("tickets", user1, People.DEFAULT_USER, ticket, 404);
// Ticket has already been invalidated // Ticket has already been invalidated
delete("tickets", user1, loginResponse.getTicket(), ticket, 404); delete("tickets", user1, People.DEFAULT_USER, ticket, 404);
// Get list of site by appending the invalidated ticket // Get list of site by appending the invalidated ticket
getAll(SiteEntityResource.class, null, paging, ticket, 401); getAll(SiteEntityResource.class, null, paging, ticket, 401);
/* /*
* user2 login * user2 login - Via Authorization header
*/ */
// User2 create a folder within his home folder (-my-) // User2 create a folder within his home folder (-my-)
@@ -179,26 +186,26 @@ public class AuthenticationsTest extends AbstractBaseApiTest
// User2 login request // User2 login request
loginRequest = new LoginTicket(); loginRequest = new LoginTicket();
loginRequest.setUsername(user2); loginRequest.setUserId(user2);
loginRequest.setPassword("wrongPassword"); loginRequest.setPassword("wrongPassword");
// Authentication failed - wrong password // Authentication failed - wrong password
post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 403); post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 403);
loginRequest.setUsername(user1); loginRequest.setUserId(user1);
loginRequest.setPassword("user2Password"); loginRequest.setPassword("user2Password");
// Authentication failed - username/password mismatch // Authentication failed - userId/password mismatch
post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 403); post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 403);
// Set the correct details // Set the correct details
loginRequest.setUsername(user2); loginRequest.setUserId(user2);
loginRequest.setPassword("user2Password"); loginRequest.setPassword("user2Password");
// Authenticate and create a ticket // Authenticate and create a ticket
response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201); response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201);
loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class); loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull(loginResponse.getTicket()); assertNotNull(loginResponse.getId());
assertNotNull(loginResponse.getUsername()); assertNotNull(loginResponse.getUserId());
String encodedTicket = Base64.encodeBase64String(loginResponse.getTicket().getBytes()); String encodedTicket = encodeB64(loginResponse.getId());
// Set the authorization (encoded ticket only) header rather than appending the ticket to the URL // Set the authorization (encoded ticket only) header rather than appending the ticket to the URL
Map<String, String> header = Collections.singletonMap("Authorization", "Basic " + encodedTicket); Map<String, String> header = Collections.singletonMap("Authorization", "Basic " + encodedTicket);
// Get children of user2 home folder // Get children of user2 home folder
@@ -206,67 +213,47 @@ public class AuthenticationsTest extends AbstractBaseApiTest
List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class); List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
assertEquals(1, nodes.size()); assertEquals(1, nodes.size());
// Validate ticket - Invalid parameter. Only '-me-' is supported
getSingle("tickets", null, loginResponse.getId(), null, header, 400);
// Validate ticket - user2 // Validate ticket - user2
response = getSingle("tickets", null, loginResponse.getTicket(), null, header, 200); response = getSingle("tickets", null, People.DEFAULT_USER, null, header, 200);
validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class); validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertEquals(loginResponse.getTicket(), validatedTicket.getTicket()); assertEquals(loginResponse.getId(), validatedTicket.getId());
// Try list children for user2 again. // Try list children for user2 again.
// Encode Alfresco predefined username for ticket authentication, ROLE_TICKET, and the ticket // Encode Alfresco predefined userId for ticket authentication, ROLE_TICKET, and the ticket
String encodedUsernameAndTicket = Base64.encodeBase64String(("ROLE_TICKET:" + loginResponse.getTicket()).getBytes()); String encodedUserIdAndTicket = encodeB64("ROLE_TICKET:" + loginResponse.getId());
// Set the authorization (encoded username:ticket) header rather than appending the ticket to the URL // Set the authorization (encoded userId:ticket) header rather than appending the ticket to the URL
header = Collections.singletonMap("Authorization", "Basic " + encodedUsernameAndTicket); header = Collections.singletonMap("Authorization", "Basic " + encodedUserIdAndTicket);
// Get children of user2 home folder // Get children of user2 home folder
response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, null, header, 200); response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, null, header, 200);
nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class); nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
assertEquals(1, nodes.size()); assertEquals(1, nodes.size());
// Try list children for user2 again - appending ticket // Try list children for user2 again - appending ticket
ticket = Collections.singletonMap("alf_ticket", loginResponse.getTicket()); ticket = Collections.singletonMap("alf_ticket", loginResponse.getId());
response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, ticket, 200); response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, ticket, 200);
nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class); nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
assertEquals(1, nodes.size()); assertEquals(1, nodes.size());
// Try to validate the ticket without supplying the Authorization header or the alf_ticket param
getSingle("tickets", user2, People.DEFAULT_USER, null, null, 400);
// Delete the ticket - Invalid parameter. Only '-me-' is supported
header = Collections.singletonMap("Authorization", "Basic " + encodedUserIdAndTicket);
delete("tickets", null, loginResponse.getId(), null, header, 400);
// Delete the ticket - Logout // Delete the ticket - Logout
header = Collections.singletonMap("Authorization", "Basic " + encodedUsernameAndTicket); delete("tickets", null, People.DEFAULT_USER, null, header, 204);
delete("tickets", null, loginResponse.getTicket(), null, header, 204);
// Get children of user2 home folder - invalidated ticket // Get children of user2 home folder - invalidated ticket
getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, null, header, 401); getAll(getNodeChildrenUrl(Nodes.PATH_MY), null, paging, null, header, 401);
}
/* private String encodeB64(String str)
* user1 and user2 login {
*/ return Base64.encodeBase64String(str.getBytes());
loginRequest = new LoginTicket();
loginRequest.setUsername(user1);
loginRequest.setPassword("user1Password");
// Authenticate and create a ticket
response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201);
LoginTicketResponse user1_loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
Map<String, String> user1_ticket = Collections.singletonMap("alf_ticket", user1_loginResponse.getTicket());
loginRequest = new LoginTicket();
loginRequest.setUsername(user2);
loginRequest.setPassword("user2Password");
// Authenticate and create a ticket
response = post("tickets", null, RestApiUtil.toJsonAsString(loginRequest), 201);
LoginTicketResponse user2_loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
Map<String, String> user2_ticket = Collections.singletonMap("alf_ticket", user2_loginResponse.getTicket());
// Validate ticket - user1 tries to validate user2's ticket
getSingle("tickets", null, user2_loginResponse.getTicket(), user1_ticket, 404);
// Check that user2 ticket is still valid
getSingle("tickets", null, user2_loginResponse.getTicket(), user2_ticket, 200);
// User1 tries to delete user2's ticket
delete("tickets", null, user2_loginResponse.getTicket(), user1_ticket, 404);
// User1 logs out
delete("tickets", null, user1_loginResponse.getTicket(), user1_ticket, 204);
// User2 logs out
delete("tickets", null, user2_loginResponse.getTicket(), user2_ticket, 204);
} }
@Override @Override