View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.module.spring.security;
8   
9   import org.mule.tck.junit4.FunctionalTestCase;
10  import org.mule.transport.http.HttpConstants;
11  
12  import org.apache.commons.httpclient.HttpClient;
13  import org.apache.commons.httpclient.UsernamePasswordCredentials;
14  import org.apache.commons.httpclient.auth.AuthScope;
15  import org.apache.commons.httpclient.methods.GetMethod;
16  import org.junit.Test;
17  
18  import static org.junit.Assert.assertEquals;
19  import static org.junit.Assert.assertTrue;
20  
21  public class HttpFilterFunctionalTestCase extends FunctionalTestCase
22  {
23  
24      @Override
25      protected String getConfigResources()
26      {
27          return "http-filter-test.xml";
28      }
29  
30      @Test
31      public void testAuthenticationFailureNoContext() throws Exception
32      {
33          HttpClient client = new HttpClient();
34          client.getParams().setAuthenticationPreemptive(true);
35          GetMethod get = new GetMethod(getUrl());
36  
37          get.setDoAuthentication(false);
38  
39          try
40          {
41              int status = client.executeMethod(get);
42              assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
43              assertTrue(get.getResponseBodyAsString().contains("no security context on the session. Authentication denied on endpoint"));
44          }
45          finally
46          {
47              get.releaseConnection();
48          }
49      }
50  
51      @Test
52      public void testAuthenticationFailureBadCredentials() throws Exception
53      {
54          doRequest(null, "localhost", "anonX", "anonX", getUrl(), true, false, 401);
55      }
56  
57      protected String getUrl()
58      {
59          return "http://localhost:4567/authenticate";
60      }
61  
62      @Test
63      public void testAuthenticationAuthorised() throws Exception
64      {
65          doRequest(null, "localhost", "anon", "anon", getUrl(), false, true, 200);
66      }
67  
68      @Test
69      public void testAuthenticationAuthorisedWithHandshake() throws Exception
70      {
71          doRequest(null, "localhost", "anon", "anon", getUrl(), true, false, 200);
72      }
73  
74      @Test
75      public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception
76      {
77          doRequest("blah", "localhost", "anon", "anon", getUrl(), true, false, 401);
78      }
79  
80      @Test
81      public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception
82      {
83          doRequest("mule-realm", "localhost", "ross", "ross", getUrl(), true, false, 200);
84      }
85  
86      private void doRequest(String realm,
87                             String host,
88                             String user,
89                             String pass,
90                             String url,
91                             boolean handshake,
92                             boolean preemtive,
93                             int result) throws Exception
94      {
95          HttpClient client = new HttpClient();
96          client.getParams().setAuthenticationPreemptive(preemtive);
97          client.getState().setCredentials(new AuthScope(host, -1, realm),
98              new UsernamePasswordCredentials(user, pass));
99          GetMethod get = new GetMethod(url);
100         get.setDoAuthentication(handshake);
101 
102         try
103         {
104             int status = client.executeMethod(get);
105             assertEquals(result, status);
106         }
107         finally
108         {
109             get.releaseConnection();
110         }
111     }
112 
113 }