1   /*
2    * $Id: HttpBasicEndpointFilterTestCase.java 7963 2007-08-21 08:53:15Z dirk.olmes $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.extras.acegi;
12  
13  import org.mule.components.simple.EchoComponent;
14  import org.mule.config.ConfigurationBuilder;
15  import org.mule.config.builders.QuickConfigurationBuilder;
16  import org.mule.extras.acegi.filters.http.HttpBasicAuthenticationFilter;
17  import org.mule.impl.security.MuleSecurityManager;
18  import org.mule.providers.http.HttpConstants;
19  import org.mule.tck.FunctionalTestCase;
20  import org.mule.umo.UMODescriptor;
21  import org.mule.umo.manager.UMOManager;
22  import org.mule.umo.security.UMOSecurityProvider;
23  
24  import org.acegisecurity.GrantedAuthority;
25  import org.acegisecurity.GrantedAuthorityImpl;
26  import org.acegisecurity.providers.AuthenticationProvider;
27  import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
28  import org.acegisecurity.userdetails.User;
29  import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
30  import org.acegisecurity.userdetails.memory.UserMap;
31  import org.apache.commons.httpclient.HttpClient;
32  import org.apache.commons.httpclient.UsernamePasswordCredentials;
33  import org.apache.commons.httpclient.auth.AuthScope;
34  import org.apache.commons.httpclient.methods.GetMethod;
35  
36  public class HttpBasicEndpointFilterTestCase extends FunctionalTestCase
37  {
38  
39      protected String getConfigResources()
40      {
41          return "";
42      }
43  
44      protected ConfigurationBuilder getBuilder() throws Exception
45      {
46          MuleSecurityManager sm = new MuleSecurityManager();
47          UMOSecurityProvider provider = new AcegiProviderAdapter(getTestProvider(), "testProvider");
48          sm.addProvider(provider);
49          QuickConfigurationBuilder builder = null;
50          builder = new QuickConfigurationBuilder(true);
51          UMOManager manager = builder.createStartedManager(true, "");
52          manager.setSecurityManager(sm);
53          UMODescriptor d = builder.createDescriptor(EchoComponent.class.getName(), "echo",
54              "http://localhost:4567", null, null);
55          d.getInboundEndpoint().setSecurityFilter(new HttpBasicAuthenticationFilter("mule-realm"));
56          builder.registerComponent(d);
57  
58          return builder;
59      }
60  
61      public AuthenticationProvider getTestProvider() throws Exception
62      {
63          DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
64          InMemoryDaoImpl dao = new InMemoryDaoImpl();
65          UserMap map = new UserMap();
66          map.addUser(new User("ross", "ross", true, true, true, true,
67              new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ADMIN")}));
68          map.addUser(new User("anon", "anon", true, true, true, true,
69              new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ANONYOMUS")}));
70          dao.setUserMap(map);
71          dao.afterPropertiesSet();
72          provider.setUserDetailsService(dao); // .setAuthenticationDao(dao);
73          return provider;
74      }
75  
76      public void testAuthenticationFailureNoContext() throws Exception
77      {
78          HttpClient client = new HttpClient();
79          client.getParams().setAuthenticationPreemptive(true);
80          GetMethod get = new GetMethod("http://localhost:4567/index.html");
81  
82          get.setDoAuthentication(false);
83  
84          try
85          {
86              int status = client.executeMethod(get);
87              assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
88              assertEquals("/index.html", get.getResponseBodyAsString());
89          }
90          finally
91          {
92              get.releaseConnection();
93          }
94      }
95  
96      public void testAuthenticationFailureBadCredentials() throws Exception
97      {
98          doRequest(null, "localhost", "anonX", "anonX", "http://localhost:4567/index.html", true, false, 401);
99      }
100 
101     public void testAuthenticationAuthorised() throws Exception
102     {
103         doRequest(null, "localhost", "anon", "anon", "http://localhost:4567/index.html", false, true, 200);
104     }
105 
106     public void testAuthenticationAuthorisedWithHandshake() throws Exception
107     {
108         doRequest(null, "localhost", "anon", "anon", "http://localhost:4567/index.html", true, false, 200);
109     }
110 
111     public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception
112     {
113         doRequest("blah", "localhost", "anon", "anon", "http://localhost:4567/index.html", true, false, 401);
114     }
115 
116     public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception
117     {
118         doRequest("mule-realm", "localhost", "ross", "ross", "http://localhost:4567/index.html", true, false,
119             200);
120     }
121 
122     private void doRequest(String realm,
123                            String host,
124                            String user,
125                            String pass,
126                            String url,
127                            boolean handshake,
128                            boolean preemtive,
129                            int result) throws Exception
130     {
131         HttpClient client = new HttpClient();
132         client.getParams().setAuthenticationPreemptive(preemtive);
133         client.getState().setCredentials(new AuthScope(host, -1, realm),
134             new UsernamePasswordCredentials(user, pass));
135         GetMethod get = new GetMethod(url);
136         get.setDoAuthentication(handshake);
137 
138         try
139         {
140             int status = client.executeMethod(get);
141             assertEquals(result, status);
142         }
143         finally
144         {
145             get.releaseConnection();
146         }
147     }
148 
149 }