1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.acegi.filters.http;
12
13 import static org.mockito.Matchers.anyObject;
14 import static org.mockito.Mockito.doThrow;
15 import static org.mockito.Mockito.mock;
16 import static org.mockito.Mockito.verify;
17
18 import org.mule.RequestContext;
19 import org.mule.api.MuleEvent;
20 import org.mule.api.MuleMessage;
21 import org.mule.api.security.Authentication;
22 import org.mule.api.security.SecurityManager;
23 import org.mule.api.security.UnauthorisedException;
24 import org.mule.api.transport.PropertyScope;
25 import org.mule.tck.AbstractMuleTestCase;
26 import org.mule.transport.http.HttpConstants;
27
28 public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleTestCase
29 {
30
31 public void testAuthenticationHeaderFailure() throws Exception
32 {
33 MuleEvent oldEvent = RequestContext.getEvent();
34
35 MuleEvent event = this.getTestEvent("a");
36 MuleMessage message = event.getMessage();
37 message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
38 RequestContext.setEvent(event);
39
40 HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
41
42 SecurityManager manager = mock(SecurityManager.class);
43 filter.setSecurityManager(manager);
44
45 doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
46 (Authentication) anyObject());
47
48 try
49 {
50 filter.authenticateInbound(event);
51 fail("An UnauthorisedException should be thrown");
52 }
53 catch (UnauthorisedException e)
54 {
55 assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
56 assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
57 verify(manager);
58 }
59 RequestContext.setEvent(oldEvent);
60 }
61 }