1. Technical Field
The present invention relates in general to testing of distributed computing environment security and in particular to security authentication testing for World Wide Web-based server applications. Still more particularly, the present invention relates to a test architecture for efficient testing of security authentication or authorization plug-ins for Web-based server applications.
2. Description of the Related Art
Most World Wide Web (typically referred to as "WWW" or often simply "the Web") have an authentication mechanism allowing Web site administrators to create authorized users and/or groups, and to define which local directories are accessible to those users and groups. However, designers and developers wishing to add their own authentication products to a Web server generally must implement their products as plug-ins, Java servlets, or the like to the authentication or service step of the Web server. For example, the Distributed File System (DFS) Web Secure product utilizes a plug-in to allow users to login with their Distributed Computing Environment (DCE) userid through a Web browser, then retrieve documents in DFS and run Common Gateway Interface (CGI) executables with DCE credentials through the Web server.
Commercially available programs for testing Web server-based authentication are not believed to presently exist. Such testing is apparently approached on an ad-hoc basis by entities implementing a security authentication plug-in, without a systematic testing program being available for testing various aspects of the resulting security and/or stress testing of the server. It would be preferable for the testing environment to be compatible with a Web browser, but the testing needs may be satisfied by a generalized testing architecture which can work with any environment supporting a client-side scripting language such as JavaScript.
It would be desirable, therefore, to provide an authentication testing product compatible with the SSL protocol and which may be run automatically through a Web browser. It would further be advantageous for the testing product to simultaneously test the documents and CGIs or any other program run on a Web server which are loaded during testing of an authentication plug-in.