View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.module.spring.security.filters.http;
8   
9   import org.mule.RequestContext;
10  import org.mule.api.MuleEvent;
11  import org.mule.api.MuleMessage;
12  import org.mule.api.security.Authentication;
13  import org.mule.api.security.SecurityManager;
14  import org.mule.api.security.UnauthorisedException;
15  import org.mule.api.transport.PropertyScope;
16  import org.mule.tck.junit4.AbstractMuleContextTestCase;
17  import org.mule.transport.http.HttpConstants;
18  import org.mule.transport.http.filters.HttpBasicAuthenticationFilter;
19  
20  import org.junit.Test;
21  
22  import static org.junit.Assert.assertEquals;
23  import static org.junit.Assert.assertNotNull;
24  import static org.junit.Assert.fail;
25  import static org.mockito.Matchers.anyObject;
26  import static org.mockito.Mockito.doThrow;
27  import static org.mockito.Mockito.mock;
28  import static org.mockito.Mockito.verify;
29  
30  public class HttpBasicAuthenticationFilterTestCase extends AbstractMuleContextTestCase
31  {
32  
33      @Test
34      public void testAuthenticationHeaderFailure() throws Exception
35      {
36          MuleEvent oldEvent = RequestContext.getEvent();
37  
38          MuleEvent event = this.getTestEvent("a");
39          MuleMessage message = event.getMessage();
40          message.setProperty(HttpConstants.HEADER_AUTHORIZATION, "Basic a", PropertyScope.INBOUND);
41          RequestContext.setEvent(event);
42  
43          HttpBasicAuthenticationFilter filter = new HttpBasicAuthenticationFilter();
44  
45          SecurityManager manager = mock(SecurityManager.class);
46          filter.setSecurityManager(manager);
47  
48          doThrow(new UnauthorisedException(null, (MuleEvent) null)).when(manager).authenticate(
49              (Authentication) anyObject());
50  
51          try
52          {
53              filter.authenticateInbound(event);
54              fail("An UnauthorisedException should be thrown");
55          }
56          catch (UnauthorisedException e)
57          {
58              assertNotNull(event.getMessage().getProperty("WWW-Authenticate"));
59              assertEquals("Basic realm=", event.getMessage().getProperty("WWW-Authenticate"));
60              verify(manager);
61          }
62          RequestContext.setEvent(oldEvent);
63      }
64  }