View Javadoc

1   /*
2    * $Id$
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  package org.mule.module.spring.security.filters.http;
11  
12  import static org.mockito.Matchers.anyObject;
13  import static org.mockito.Mockito.doThrow;
14  import static org.mockito.Mockito.mock;
15  import static org.mockito.Mockito.verify;
16  
17  import org.mule.RequestContext;
18  import org.mule.api.MuleEvent;
19  import org.mule.api.MuleMessage;
20  import org.mule.api.security.Authentication;
21  import org.mule.api.security.SecurityManager;
22  import org.mule.api.security.UnauthorisedException;
23  import org.mule.api.transport.PropertyScope;
24  import org.mule.tck.AbstractMuleTestCase;
25  import org.mule.transport.http.HttpConstants;
26  
27  public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleTestCase
28  {
29  
30      public void testAuthenticationHeaderFailure() throws Exception
31      {
32          MuleEvent oldEvent = RequestContext.getEvent();
33  
34          MuleEvent event = this.getTestEvent("a");
35          MuleMessage message = event.getMessage();
36          message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
37          RequestContext.setEvent(event);
38  
39          HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
40  
41          SecurityManager manager = mock(SecurityManager.class);
42          filter.setSecurityManager(manager);
43  
44          doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
45              (Authentication) anyObject());
46  
47          try
48          {
49              filter.authenticateInbound(event);
50              fail("An UnauthorisedException should be thrown");
51          }
52          catch (UnauthorisedException e)
53          {
54              assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
55              assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
56              verify(manager);
57          }
58          RequestContext.setEvent(oldEvent);
59      }
60  }