These steps outline the testing of the various security features in the portal.
Selenium allows for automated tests of the portal to be run from a browser window. Selenium is included with the default deployment of the Gateway. {{{http://127.0.0.1:8080/selenium/}This link}} will open up the Selenium test runner for a Gateway deployment on localhost .
Bad Login
| Action | At the login prompt in the portal, attempt to login with various invalid usernames and passwords. Make sure to try a valid user with a bad password and vice versa. |
| Result | The login page should be refreshed with the same values you entered. You should not be logged in and able to see role actions under admin, transmitter, or tax staff. |
Restricted page access
| Action | Login using the transmitter account TRANSMIT1 , pass TRANSMIT1 . You should see in your browser's address bar something similar to http://127.0.0.1:8080/portal/transmitter/index.faces . Change the text /transmitter/ to /admin/ so the address looks like http://127.0.0.1:8080/portal/admin/index.faces . Press enter to load the change address. |
| Result | You should be presented with an error page explaining there was probably an authentication related issue with loading the admin page. |
Input validation - Create User
| Action | Login using the admin account DEVTEST00 , pass DEVTEST00 . Navigate to the Create User page and enter in a few invalid characters (Shift + number keys). Click Create . |
| Result | Two warnings in red should appear below each text area explaining the format for a valid username/password. |
Input validation - Create Role
| Action | Navigate to the Create Role page and enter in a few invalid characters (Shift + number keys). Click Create . |
| Result | One warning in red should appear below the text area explaining the format for a valid role name. |
Input validation - Log Viewer
| Action | Navigate to the Log Viewer page and enter in some invalid characters or the wrong format for a date in the Date field. Also enter in a few invalid characters (Shift + number keys) in the Host entry field. |
| Result | Two warnings in red should appear explaining the proper format for a date and a host under the appropriate fields. |
Input validation - Registrations
| Action | Navigate to the Tax Staff role and for each step, (Request Registration Job, Get Registration Job Status, Get Registration Job, Send Registration Acks ), enter in some invalid user info in all fields, bad usernames, random chars etc. |
| Result | For the first two steps, Request Registration Job and Get Registration Job Status , a return message should be generated saying "Invalid User ID! Please Try Again." . The last 2 steps should only refresh the page and not provide information about the bad logins. |