View Javadoc

1   /*
2    * $Id: HttpSecurityFilterFunctionalTestCase.java 19191 2010-08-25 21:05:23Z tcarlson $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.cxf;
12  
13  import org.mule.tck.FunctionalTestCase;
14  import org.mule.transport.http.HttpConstants;
15  
16  import org.apache.commons.httpclient.HttpClient;
17  import org.apache.commons.httpclient.UsernamePasswordCredentials;
18  import org.apache.commons.httpclient.auth.AuthScope;
19  import org.apache.commons.httpclient.methods.GetMethod;
20  import org.apache.commons.httpclient.methods.PostMethod;
21  import org.apache.commons.httpclient.methods.StringRequestEntity;
22  
23  public class HttpSecurityFilterFunctionalTestCase extends FunctionalTestCase
24  {
25      
26      private static String soapRequest = 
27          "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:unk=\"http://unknown.namespace/\">" +
28             "<soapenv:Header/>" +
29             "<soapenv:Body>" +
30                "<unk:echo>" +         
31                   "<arg0>asdf</arg0>" +
32                "</unk:echo>" +
33             "</soapenv:Body>" +
34          "</soapenv:Envelope>";
35  
36      protected String getConfigResources()
37      {
38          return "http-security-filter-test.xml";
39      }
40  
41      /**
42       * By putting this test method that uses https first we can test MULE-4558
43       * 
44       * @throws Exception
45       */
46      public void testAuthenticationFailureBadCredentialsGetHttps() throws Exception
47      {
48          doGet(null, "localhost", "anonX", "anonX", "https://localhost:60444/services/Echo", true, true, 401);
49      }
50  
51      public void testAuthenticationFailureNoContextGet() throws Exception
52      {
53          HttpClient client = new HttpClient();
54          client.getParams().setAuthenticationPreemptive(true);
55          GetMethod get = new GetMethod("http://localhost:60443/services/Echo");
56  
57          get.setDoAuthentication(false);
58  
59          try
60          {
61              int status = client.executeMethod(get);
62              assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
63              assertEquals(
64                  "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
65                                  + "but there was no security context on the session. Authentication denied on "
66                                  + "endpoint http://localhost:60443/services/Echo. Message payload is of type: "
67                                  + "String", get.getResponseBodyAsString());
68          }
69          finally
70          {
71              get.releaseConnection();
72          }
73      }
74  
75      public void testAuthenticationFailureNoContextPost() throws Exception
76      {
77          HttpClient client = new HttpClient();
78          client.getParams().setAuthenticationPreemptive(true);
79          PostMethod post = new PostMethod("http://localhost:60443/services/Echo");
80  
81          post.setDoAuthentication(false);
82  
83          StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
84          post.setRequestEntity(requestEntity);
85  
86          try
87          {
88              int status = client.executeMethod(post);
89              assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
90              assertEquals(
91                  "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
92                                  + "but there was no security context on the session. Authentication denied on "
93                                  + "endpoint http://localhost:60443/services/Echo. Message payload is of type: "
94                                  + "ContentLengthInputStream",   post.getResponseBodyAsString());
95          }
96          finally
97          {
98              post.releaseConnection();
99          }
100     }
101 
102     public void testAuthenticationFailureBadCredentialsGet() throws Exception
103     {
104         doGet(null, "localhost", "anonX", "anonX", "http://localhost:60443/services/Echo/echo/echo/hello", true, true, 401);
105     }
106 
107     public void testAuthenticationFailureBadCredentialsPost() throws Exception
108     {
109         doPost(null, "localhost", "anonX", "anonX", "http://localhost:60443/services/Echo", true, true, 401);
110     }
111 
112     public void testAuthenticationFailureBadCredentialsPostHttps() throws Exception
113     {
114         doPost(null, "localhost", "anonX", "anonX", "https://localhost:60444/services/Echo", true, true, 401);
115     }
116 
117     public void testAuthenticationAuthorisedGet() throws Exception
118     {
119         doGet(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", false, true, 200);
120     }
121 
122     public void testAuthenticationAuthorisedGetHttps() throws Exception
123     {
124         doGet(null, "localhost", "anon", "anon", "https://localhost:60444/services/Echo/echo/echo/hello", false, true, 200);
125     }
126 
127     public void testAuthenticationAuthorisedPost() throws Exception
128     {
129         doPost(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo", false, true, 200);
130     }
131 
132     public void testAuthenticationAuthorisedPostHttps() throws Exception
133     {
134         doPost(null, "localhost", "anon", "anon", "https://localhost:60444/services/Echo", false, true, 200);
135     }
136 
137     public void testAuthenticationAuthorisedWithHandshakeGet() throws Exception
138     {
139         doGet(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", true, false, 200);
140     }
141 
142     public void testAuthenticationAuthorisedWithHandshakePost() throws Exception
143     {
144         doPost(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo", true, false, 200);
145     }
146 
147     public void testAuthenticationAuthorisedWithHandshakeAndBadRealmGet() throws Exception
148     {
149         doGet("blah", "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", true, false, 401);
150     }
151 
152     public void testAuthenticationAuthorisedWithHandshakeAndBadRealmPost() throws Exception
153     {
154         doPost("blah", "localhost", "anon", "anon", "http://localhost:60443/services/Echo", true, false, 401);
155     }
156 
157     public void testAuthenticationAuthorisedWithHandshakeAndRealmGet() throws Exception
158     {
159         doGet("mule-realm", "localhost", "ross", "ross", "http://localhost:60443/services/Echo/echo/echo/hello", true, false,
160             200);
161     }
162 
163     public void testAuthenticationAuthorisedWithHandshakeAndRealmPost() throws Exception
164     {
165         doPost("mule-realm", "localhost", "ross", "ross", "http://localhost:60443/services/Echo", true,
166             false, 200);
167     }
168 
169     private void doGet(String realm,
170                        String host,
171                        String user,
172                        String pass,
173                        String url,
174                        boolean handshake,
175                        boolean preemtive,
176                        int result) throws Exception
177     {
178         HttpClient client = new HttpClient();
179         client.getParams().setAuthenticationPreemptive(preemtive);
180         client.getState().setCredentials(new AuthScope(host, -1, realm),
181             new UsernamePasswordCredentials(user, pass));
182         GetMethod get = new GetMethod(url);
183         get.setDoAuthentication(handshake);
184 
185         try
186         {
187             int status = client.executeMethod(get);
188             assertEquals(result, status);
189         }
190         finally
191         {
192             get.releaseConnection();
193         }
194     }
195 
196     private void doPost(String realm,
197                         String host,
198                         String user,
199                         String pass,
200                         String url,
201                         boolean handshake,
202                         boolean preemtive,
203                         int result) throws Exception
204     {
205         HttpClient client = new HttpClient();
206         client.getParams().setAuthenticationPreemptive(preemtive);
207         client.getState().setCredentials(new AuthScope(host, -1, realm),
208             new UsernamePasswordCredentials(user, pass));
209         PostMethod post = new PostMethod(url);
210         post.setDoAuthentication(handshake);
211         StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
212         post.setRequestEntity(requestEntity);
213         try
214         {
215             int status = client.executeMethod(post);
216             assertEquals(result, status);
217             assertNotNull(post.getResponseBodyAsString());
218         }
219         finally
220         {
221             post.releaseConnection();
222         }
223     }
224 
225 }