Skip to content

dtonhofer/url_access_checker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.idea
.idea
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dependency-reduced-pom.xml
dependency-reduced-pom.xml
 
 
pom.xml
pom.xml
 
 
runner.sh
runner.sh
 
 

Repository files navigation

url_access_checker

A simple program that checks a list of URLs to see whether they are properly locked down or, on the contrary, properly accessible.

This started with a smallish Perl script calling curl which rapidly became unmanageable due to lack of static typing and proper data structures. Dynamic typing, hash and array are nice for short scripts, but the complexity doesn't go magically away if you are pretendly "fast". Intially time "save" is spent later on debugging and having to re-think everything once you want to add functionality. More interestingly, if you are working with proper types and online linting provided by the IDE, you notice you have been much too optimistic with the scripting language and missed a lot of paths that you should have properly handled.

  • Based on Java 21.
  • Uses the rather simple java.net.HttpClient to perform requests (rather than Apache HTTPClient for example.)
  • Uses Picocli to handle command line arguments.
  • No complex exchange with the remote website is made, the program just queries some URL and then checks the HTTP status code (ok, unauthorized, forbidden, missing, moved etc.)
  • The URLs to check are hardcoded in dedicated classes. That should probably be loosened, with data pulled in from a YAML file instead.
  • Credentials (username-password pairs) are pulled in from external files.
  • The program is supposed to be run with different scenarios:
    • local scenario: the program runs on machine that is considered "local". Most of the requests checked will result in "ok" and credentials are generally not needed. The requests to perform are defined in TestSuiteBuilder_Local.java.
    • insider scenario: the program runs on machine that is considered part of an "insider" group. Most of the request checked will result in "ok" if proper credentials are presented. The requests to perform are defined in TestSuiteBuilder_Insider.java.
    • ousider scenario: the program runs on machine that is considered part of an "outsider" group. Most of the request checked will result in "forbidden", irrespective of the credentials used. The requests to perform are defined in TestSuiteBuilder_Outsider.java.
  • The main class is UrlAccessChecker.
  • A bash script to start the program is provided with runner.sh

Notes

  • java.net.HttpClient gives some trouble as a forbidden response (403) is communicated by java.net.HttpClient as a base IOException, which is just bad design. An absolutely valid response from the remote webserver should not yield an exception at this level of abstraction, especially not a very general one. So we have to code around this phenomenon. See HttpRequesting.java.
  • HTTP Status codes are represented by a dedicated "quasi-enum" class: HttpStatusCode.java.

About

A simple Java 21 program that checks a list of URLs to see whether they are password-secured.

Topics

java testing http-client educational picocli website-testing

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages