1
2
3
4
5
6
7
8
9
10 package org.mule.module.spring.security.filters.http;
11
12 import static org.mockito.Matchers.anyObject;
13 import static org.mockito.Mockito.doThrow;
14 import static org.mockito.Mockito.mock;
15 import static org.mockito.Mockito.verify;
16
17 import org.mule.RequestContext;
18 import org.mule.api.MuleEvent;
19 import org.mule.api.MuleMessage;
20 import org.mule.api.security.Authentication;
21 import org.mule.api.security.SecurityManager;
22 import org.mule.api.security.UnauthorisedException;
23 import org.mule.api.transport.PropertyScope;
24 import org.mule.tck.AbstractMuleTestCase;
25 import org.mule.transport.http.HttpConstants;
26
27 public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleTestCase
28 {
29
30 public void testAuthenticationHeaderFailure() throws Exception
31 {
32 MuleEvent oldEvent = RequestContext.getEvent();
33
34 MuleEvent event = this.getTestEvent("a");
35 MuleMessage message = event.getMessage();
36 message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
37 RequestContext.setEvent(event);
38
39 HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
40
41 SecurityManager manager = mock(SecurityManager.class);
42 filter.setSecurityManager(manager);
43
44 doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
45 (Authentication) anyObject());
46
47 try
48 {
49 filter.authenticateInbound(event);
50 fail("An UnauthorisedException should be thrown");
51 }
52 catch (UnauthorisedException e)
53 {
54 assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
55 assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
56 verify(manager);
57 }
58 RequestContext.setEvent(oldEvent);
59 }
60 }