1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.cxf;
12
13 import org.mule.tck.FunctionalTestCase;
14 import org.mule.transport.http.HttpConstants;
15
16 import org.apache.commons.httpclient.HttpClient;
17 import org.apache.commons.httpclient.UsernamePasswordCredentials;
18 import org.apache.commons.httpclient.auth.AuthScope;
19 import org.apache.commons.httpclient.methods.GetMethod;
20 import org.apache.commons.httpclient.methods.PostMethod;
21 import org.apache.commons.httpclient.methods.StringRequestEntity;
22
23 public class HttpSecurityFilterFunctionalTestCase extends FunctionalTestCase
24 {
25
26 private static String soapRequest =
27 "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:unk=\"http://unknown.namespace/\">" +
28 "<soapenv:Header/>" +
29 "<soapenv:Body>" +
30 "<unk:echo>" +
31 "<arg0>asdf</arg0>" +
32 "</unk:echo>" +
33 "</soapenv:Body>" +
34 "</soapenv:Envelope>";
35
36 protected String getConfigResources()
37 {
38 return "http-security-filter-test.xml";
39 }
40
41
42
43
44
45
46 public void testAuthenticationFailureBadCredentialsGetHttps() throws Exception
47 {
48 doGet(null, "localhost", "anonX", "anonX", "https://localhost:60444/services/Echo", true, true, 401);
49 }
50
51 public void testAuthenticationFailureNoContextGet() throws Exception
52 {
53 HttpClient client = new HttpClient();
54 client.getParams().setAuthenticationPreemptive(true);
55 GetMethod get = new GetMethod("http://localhost:60443/services/Echo");
56
57 get.setDoAuthentication(false);
58
59 try
60 {
61 int status = client.executeMethod(get);
62 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
63 assertEquals(
64 "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
65 + "but there was no security context on the session. Authentication denied on "
66 + "endpoint http://localhost:60443/services/Echo. Message payload is of type: "
67 + "String", get.getResponseBodyAsString());
68 }
69 finally
70 {
71 get.releaseConnection();
72 }
73 }
74
75 public void testAuthenticationFailureNoContextPost() throws Exception
76 {
77 HttpClient client = new HttpClient();
78 client.getParams().setAuthenticationPreemptive(true);
79 PostMethod post = new PostMethod("http://localhost:60443/services/Echo");
80
81 post.setDoAuthentication(false);
82
83 StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
84 post.setRequestEntity(requestEntity);
85
86 try
87 {
88 int status = client.executeMethod(post);
89 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
90 assertEquals(
91 "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
92 + "but there was no security context on the session. Authentication denied on "
93 + "endpoint http://localhost:60443/services/Echo. Message payload is of type: "
94 + "ContentLengthInputStream", post.getResponseBodyAsString());
95 }
96 finally
97 {
98 post.releaseConnection();
99 }
100 }
101
102 public void testAuthenticationFailureBadCredentialsGet() throws Exception
103 {
104 doGet(null, "localhost", "anonX", "anonX", "http://localhost:60443/services/Echo/echo/echo/hello", true, true, 401);
105 }
106
107 public void testAuthenticationFailureBadCredentialsPost() throws Exception
108 {
109 doPost(null, "localhost", "anonX", "anonX", "http://localhost:60443/services/Echo", true, true, 401);
110 }
111
112 public void testAuthenticationFailureBadCredentialsPostHttps() throws Exception
113 {
114 doPost(null, "localhost", "anonX", "anonX", "https://localhost:60444/services/Echo", true, true, 401);
115 }
116
117 public void testAuthenticationAuthorisedGet() throws Exception
118 {
119 doGet(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", false, true, 200);
120 }
121
122 public void testAuthenticationAuthorisedGetHttps() throws Exception
123 {
124 doGet(null, "localhost", "anon", "anon", "https://localhost:60444/services/Echo/echo/echo/hello", false, true, 200);
125 }
126
127 public void testAuthenticationAuthorisedPost() throws Exception
128 {
129 doPost(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo", false, true, 200);
130 }
131
132 public void testAuthenticationAuthorisedPostHttps() throws Exception
133 {
134 doPost(null, "localhost", "anon", "anon", "https://localhost:60444/services/Echo", false, true, 200);
135 }
136
137 public void testAuthenticationAuthorisedWithHandshakeGet() throws Exception
138 {
139 doGet(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", true, false, 200);
140 }
141
142 public void testAuthenticationAuthorisedWithHandshakePost() throws Exception
143 {
144 doPost(null, "localhost", "anon", "anon", "http://localhost:60443/services/Echo", true, false, 200);
145 }
146
147 public void testAuthenticationAuthorisedWithHandshakeAndBadRealmGet() throws Exception
148 {
149 doGet("blah", "localhost", "anon", "anon", "http://localhost:60443/services/Echo/echo/echo/hello", true, false, 401);
150 }
151
152 public void testAuthenticationAuthorisedWithHandshakeAndBadRealmPost() throws Exception
153 {
154 doPost("blah", "localhost", "anon", "anon", "http://localhost:60443/services/Echo", true, false, 401);
155 }
156
157 public void testAuthenticationAuthorisedWithHandshakeAndRealmGet() throws Exception
158 {
159 doGet("mule-realm", "localhost", "ross", "ross", "http://localhost:60443/services/Echo/echo/echo/hello", true, false,
160 200);
161 }
162
163 public void testAuthenticationAuthorisedWithHandshakeAndRealmPost() throws Exception
164 {
165 doPost("mule-realm", "localhost", "ross", "ross", "http://localhost:60443/services/Echo", true,
166 false, 200);
167 }
168
169 private void doGet(String realm,
170 String host,
171 String user,
172 String pass,
173 String url,
174 boolean handshake,
175 boolean preemtive,
176 int result) throws Exception
177 {
178 HttpClient client = new HttpClient();
179 client.getParams().setAuthenticationPreemptive(preemtive);
180 client.getState().setCredentials(new AuthScope(host, -1, realm),
181 new UsernamePasswordCredentials(user, pass));
182 GetMethod get = new GetMethod(url);
183 get.setDoAuthentication(handshake);
184
185 try
186 {
187 int status = client.executeMethod(get);
188 assertEquals(result, status);
189 }
190 finally
191 {
192 get.releaseConnection();
193 }
194 }
195
196 private void doPost(String realm,
197 String host,
198 String user,
199 String pass,
200 String url,
201 boolean handshake,
202 boolean preemtive,
203 int result) throws Exception
204 {
205 HttpClient client = new HttpClient();
206 client.getParams().setAuthenticationPreemptive(preemtive);
207 client.getState().setCredentials(new AuthScope(host, -1, realm),
208 new UsernamePasswordCredentials(user, pass));
209 PostMethod post = new PostMethod(url);
210 post.setDoAuthentication(handshake);
211 StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
212 post.setRequestEntity(requestEntity);
213 try
214 {
215 int status = client.executeMethod(post);
216 assertEquals(result, status);
217 assertNotNull(post.getResponseBodyAsString());
218 }
219 finally
220 {
221 post.releaseConnection();
222 }
223 }
224
225 }