1
2
3
4
5
6
7 package org.mule.module.acegi.filters.http;
8
9 import org.mule.RequestContext;
10 import org.mule.api.MuleEvent;
11 import org.mule.api.MuleMessage;
12 import org.mule.api.security.Authentication;
13 import org.mule.api.security.SecurityManager;
14 import org.mule.api.security.UnauthorisedException;
15 import org.mule.api.transport.PropertyScope;
16 import org.mule.tck.junit4.AbstractMuleContextTestCase;
17 import org.mule.transport.http.HttpConstants;
18
19 import org.junit.Test;
20
21 import static org.junit.Assert.assertEquals;
22 import static org.junit.Assert.assertNotNull;
23 import static org.junit.Assert.fail;
24 import static org.mockito.Matchers.anyObject;
25 import static org.mockito.Mockito.doThrow;
26 import static org.mockito.Mockito.mock;
27 import static org.mockito.Mockito.verify;
28
29 public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleContextTestCase
30 {
31
32 @Test
33 public void testAuthenticationHeaderFailure() throws Exception
34 {
35 MuleEvent oldEvent = RequestContext.getEvent();
36
37 MuleEvent event = this.getTestEvent("a");
38 MuleMessage message = event.getMessage();
39 message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
40 RequestContext.setEvent(event);
41
42 HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
43
44 SecurityManager manager = mock(SecurityManager.class);
45 filter.setSecurityManager(manager);
46
47 doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
48 (Authentication) anyObject());
49
50 try
51 {
52 filter.authenticateInbound(event);
53 fail("An UnauthorisedException should be thrown");
54 }
55 catch (UnauthorisedException e)
56 {
57 assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
58 assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
59 verify(manager);
60 }
61 RequestContext.setEvent(oldEvent);
62 }
63 }