View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.module.acegi.filters.http;
8   
9   import org.mule.RequestContext;
10  import org.mule.api.MuleEvent;
11  import org.mule.api.MuleMessage;
12  import org.mule.api.security.Authentication;
13  import org.mule.api.security.SecurityManager;
14  import org.mule.api.security.UnauthorisedException;
15  import org.mule.api.transport.PropertyScope;
16  import org.mule.tck.junit4.AbstractMuleContextTestCase;
17  import org.mule.transport.http.HttpConstants;
18  
19  import org.junit.Test;
20  
21  import static org.junit.Assert.assertEquals;
22  import static org.junit.Assert.assertNotNull;
23  import static org.junit.Assert.fail;
24  import static org.mockito.Matchers.anyObject;
25  import static org.mockito.Mockito.doThrow;
26  import static org.mockito.Mockito.mock;
27  import static org.mockito.Mockito.verify;
28  
29  public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleContextTestCase
30  {
31  
32      @Test
33      public void testAuthenticationHeaderFailure() throws Exception
34      {
35          MuleEvent oldEvent = RequestContext.getEvent();
36  
37          MuleEvent event = this.getTestEvent("a");
38          MuleMessage message = event.getMessage();
39          message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
40          RequestContext.setEvent(event);
41  
42          HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
43  
44          SecurityManager manager = mock(SecurityManager.class);
45          filter.setSecurityManager(manager);
46  
47          doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
48              (Authentication) anyObject());
49  
50          try
51          {
52              filter.authenticateInbound(event);
53              fail("An UnauthorisedException should be thrown");
54          }
55          catch (UnauthorisedException e)
56          {
57              assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
58              assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
59              verify(manager);
60          }
61          RequestContext.setEvent(oldEvent);
62      }
63  }