1
2
3
4
5
6
7
8
9
10
11 package org.mule.extras.acegi;
12
13 import org.mule.components.simple.EchoComponent;
14 import org.mule.config.ConfigurationBuilder;
15 import org.mule.config.builders.QuickConfigurationBuilder;
16 import org.mule.extras.acegi.filters.http.HttpBasicAuthenticationFilter;
17 import org.mule.impl.security.MuleSecurityManager;
18 import org.mule.providers.http.HttpConstants;
19 import org.mule.tck.FunctionalTestCase;
20 import org.mule.umo.UMODescriptor;
21 import org.mule.umo.manager.UMOManager;
22 import org.mule.umo.security.UMOSecurityProvider;
23
24 import org.acegisecurity.GrantedAuthority;
25 import org.acegisecurity.GrantedAuthorityImpl;
26 import org.acegisecurity.providers.AuthenticationProvider;
27 import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
28 import org.acegisecurity.userdetails.User;
29 import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
30 import org.acegisecurity.userdetails.memory.UserMap;
31 import org.apache.commons.httpclient.HttpClient;
32 import org.apache.commons.httpclient.UsernamePasswordCredentials;
33 import org.apache.commons.httpclient.auth.AuthScope;
34 import org.apache.commons.httpclient.methods.GetMethod;
35
36 public class HttpBasicEndpointFilterTestCase extends FunctionalTestCase
37 {
38
39 protected String getConfigResources()
40 {
41 return "";
42 }
43
44 protected ConfigurationBuilder getBuilder() throws Exception
45 {
46 MuleSecurityManager sm = new MuleSecurityManager();
47 UMOSecurityProvider provider = new AcegiProviderAdapter(getTestProvider(), "testProvider");
48 sm.addProvider(provider);
49 QuickConfigurationBuilder builder = null;
50 builder = new QuickConfigurationBuilder(true);
51 UMOManager manager = builder.createStartedManager(true, "");
52 manager.setSecurityManager(sm);
53 UMODescriptor d = builder.createDescriptor(EchoComponent.class.getName(), "echo",
54 "http://localhost:4567", null, null);
55 d.getInboundEndpoint().setSecurityFilter(new HttpBasicAuthenticationFilter("mule-realm"));
56 builder.registerComponent(d);
57
58 return builder;
59 }
60
61 public AuthenticationProvider getTestProvider() throws Exception
62 {
63 DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
64 InMemoryDaoImpl dao = new InMemoryDaoImpl();
65 UserMap map = new UserMap();
66 map.addUser(new User("ross", "ross", true, true, true, true,
67 new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ADMIN")}));
68 map.addUser(new User("anon", "anon", true, true, true, true,
69 new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ANONYOMUS")}));
70 dao.setUserMap(map);
71 dao.afterPropertiesSet();
72 provider.setUserDetailsService(dao);
73 return provider;
74 }
75
76 public void testAuthenticationFailureNoContext() throws Exception
77 {
78 HttpClient client = new HttpClient();
79 client.getParams().setAuthenticationPreemptive(true);
80 GetMethod get = new GetMethod("http://localhost:4567/index.html");
81
82 get.setDoAuthentication(false);
83
84 try
85 {
86 int status = client.executeMethod(get);
87 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
88 assertEquals("/index.html", get.getResponseBodyAsString());
89 }
90 finally
91 {
92 get.releaseConnection();
93 }
94 }
95
96 public void testAuthenticationFailureBadCredentials() throws Exception
97 {
98 doRequest(null, "localhost", "anonX", "anonX", "http://localhost:4567/index.html", true, false, 401);
99 }
100
101 public void testAuthenticationAuthorised() throws Exception
102 {
103 doRequest(null, "localhost", "anon", "anon", "http://localhost:4567/index.html", false, true, 200);
104 }
105
106 public void testAuthenticationAuthorisedWithHandshake() throws Exception
107 {
108 doRequest(null, "localhost", "anon", "anon", "http://localhost:4567/index.html", true, false, 200);
109 }
110
111 public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception
112 {
113 doRequest("blah", "localhost", "anon", "anon", "http://localhost:4567/index.html", true, false, 401);
114 }
115
116 public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception
117 {
118 doRequest("mule-realm", "localhost", "ross", "ross", "http://localhost:4567/index.html", true, false,
119 200);
120 }
121
122 private void doRequest(String realm,
123 String host,
124 String user,
125 String pass,
126 String url,
127 boolean handshake,
128 boolean preemtive,
129 int result) throws Exception
130 {
131 HttpClient client = new HttpClient();
132 client.getParams().setAuthenticationPreemptive(preemtive);
133 client.getState().setCredentials(new AuthScope(host, -1, realm),
134 new UsernamePasswordCredentials(user, pass));
135 GetMethod get = new GetMethod(url);
136 get.setDoAuthentication(handshake);
137
138 try
139 {
140 int status = client.executeMethod(get);
141 assertEquals(result, status);
142 }
143 finally
144 {
145 get.releaseConnection();
146 }
147 }
148
149 }