1
2
3
4
5
6
7 package org.mule.module.cxf;
8
9 import org.mule.tck.junit4.FunctionalTestCase;
10 import org.mule.tck.junit4.rule.DynamicPort;
11 import org.mule.transport.http.HttpConstants;
12
13 import org.apache.commons.httpclient.HttpClient;
14 import org.apache.commons.httpclient.UsernamePasswordCredentials;
15 import org.apache.commons.httpclient.auth.AuthScope;
16 import org.apache.commons.httpclient.methods.GetMethod;
17 import org.apache.commons.httpclient.methods.PostMethod;
18 import org.apache.commons.httpclient.methods.StringRequestEntity;
19 import org.junit.Rule;
20 import org.junit.Test;
21
22 import static org.junit.Assert.assertEquals;
23 import static org.junit.Assert.assertNotNull;
24
25 public class HttpSecurityFilterFunctionalTestCase extends FunctionalTestCase
26 {
27
28 private static String soapRequest =
29 "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:unk=\"http://unknown.namespace/\">" +
30 "<soapenv:Header/>" +
31 "<soapenv:Body>" +
32 "<unk:echo>" +
33 "<arg0>asdf</arg0>" +
34 "</unk:echo>" +
35 "</soapenv:Body>" +
36 "</soapenv:Envelope>";
37
38 @Rule
39 public DynamicPort dynamicPort1 = new DynamicPort("port1");
40
41 @Rule
42 public DynamicPort dynamicPort2 = new DynamicPort("port2");
43
44 @Override
45 protected String getConfigResources()
46 {
47 return "http-security-filter-test.xml";
48 }
49
50
51
52
53
54
55 @Test
56 public void testAuthenticationFailureBadCredentialsGetHttps() throws Exception
57 {
58 doGet(null, "localhost", "anonX", "anonX", "https://localhost:" + dynamicPort2.getNumber() + "/services/Echo", true, true, 401);
59 }
60
61 @Test
62 public void testAuthenticationFailureNoContextGet() throws Exception
63 {
64 HttpClient client = new HttpClient();
65 client.getParams().setAuthenticationPreemptive(true);
66 GetMethod get = new GetMethod("http://localhost:" + dynamicPort1.getNumber() + "/services/Echo");
67
68 get.setDoAuthentication(false);
69
70 try
71 {
72 int status = client.executeMethod(get);
73 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
74 assertEquals(
75 "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
76 + "but there was no security context on the session. Authentication denied on "
77 + "endpoint http://localhost:" + dynamicPort1.getNumber() + "/services/Echo. Message payload is of type: "
78 + "String", get.getResponseBodyAsString());
79 }
80 finally
81 {
82 get.releaseConnection();
83 }
84 }
85
86 @Test
87 public void testAuthenticationFailureNoContextPost() throws Exception
88 {
89 HttpClient client = new HttpClient();
90 client.getParams().setAuthenticationPreemptive(true);
91 PostMethod post = new PostMethod("http://localhost:" + dynamicPort1.getNumber() + "/services/Echo");
92
93 post.setDoAuthentication(false);
94
95 StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
96 post.setRequestEntity(requestEntity);
97
98 try
99 {
100 int status = client.executeMethod(post);
101 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
102 assertEquals(
103 "Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter "
104 + "but there was no security context on the session. Authentication denied on "
105 + "endpoint http://localhost:" + dynamicPort1.getNumber() + "/services/Echo. Message payload is of type: "
106 + "ContentLengthInputStream", post.getResponseBodyAsString());
107 }
108 finally
109 {
110 post.releaseConnection();
111 }
112 }
113
114 @Test
115 public void testAuthenticationFailureBadCredentialsGet() throws Exception
116 {
117 doGet(null, "localhost", "anonX", "anonX", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, true, 401);
118 }
119
120 @Test
121 public void testAuthenticationFailureBadCredentialsPost() throws Exception
122 {
123 doPost(null, "localhost", "anonX", "anonX", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo", true, true, 401);
124 }
125
126 @Test
127 public void testAuthenticationFailureBadCredentialsPostHttps() throws Exception
128 {
129 doPost(null, "localhost", "anonX", "anonX", "https://localhost:" + dynamicPort2.getNumber() + "/services/Echo", true, true, 401);
130 }
131
132 @Test
133 public void testAuthenticationAuthorisedGet() throws Exception
134 {
135 doGet(null, "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", false, true, 200);
136 }
137
138 @Test
139 public void testAuthenticationAuthorisedGetHttps() throws Exception
140 {
141 doGet(null, "localhost", "anon", "anon", "https://localhost:" + dynamicPort2.getNumber() + "/services/Echo/echo/echo/hello", false, true, 200);
142 }
143
144 @Test
145 public void testAuthenticationAuthorisedPost() throws Exception
146 {
147 doPost(null, "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo", false, true, 200);
148 }
149
150 @Test
151 public void testAuthenticationAuthorisedPostHttps() throws Exception
152 {
153 doPost(null, "localhost", "anon", "anon", "https://localhost:" + dynamicPort2.getNumber() + "/services/Echo", false, true, 200);
154 }
155
156 @Test
157 public void testAuthenticationAuthorisedWithHandshakeGet() throws Exception
158 {
159 doGet(null, "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false, 200);
160 }
161
162 @Test
163 public void testAuthenticationAuthorisedWithHandshakePost() throws Exception
164 {
165 doPost(null, "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo", true, false, 200);
166 }
167
168 @Test
169 public void testAuthenticationAuthorisedWithHandshakeAndBadRealmGet() throws Exception
170 {
171 doGet("blah", "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false, 401);
172 }
173
174 @Test
175 public void testAuthenticationAuthorisedWithHandshakeAndBadRealmPost() throws Exception
176 {
177 doPost("blah", "localhost", "anon", "anon", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo", true, false, 401);
178 }
179
180 @Test
181 public void testAuthenticationAuthorisedWithHandshakeAndRealmGet() throws Exception
182 {
183 doGet("mule-realm", "localhost", "ross", "ross", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false,
184 200);
185 }
186
187 @Test
188 public void testAuthenticationAuthorisedWithHandshakeAndRealmPost() throws Exception
189 {
190 doPost("mule-realm", "localhost", "ross", "ross", "http://localhost:" + dynamicPort1.getNumber() + "/services/Echo", true,
191 false, 200);
192 }
193
194 private void doGet(String realm,
195 String host,
196 String user,
197 String pass,
198 String url,
199 boolean handshake,
200 boolean preemtive,
201 int result) throws Exception
202 {
203 HttpClient client = new HttpClient();
204 client.getParams().setAuthenticationPreemptive(preemtive);
205 client.getState().setCredentials(new AuthScope(host, -1, realm),
206 new UsernamePasswordCredentials(user, pass));
207 GetMethod get = new GetMethod(url);
208 get.setDoAuthentication(handshake);
209
210 try
211 {
212 int status = client.executeMethod(get);
213 assertEquals(result, status);
214 }
215 finally
216 {
217 get.releaseConnection();
218 }
219 }
220
221 private void doPost(String realm,
222 String host,
223 String user,
224 String pass,
225 String url,
226 boolean handshake,
227 boolean preemtive,
228 int result) throws Exception
229 {
230 HttpClient client = new HttpClient();
231 client.getParams().setAuthenticationPreemptive(preemtive);
232 client.getState().setCredentials(new AuthScope(host, -1, realm),
233 new UsernamePasswordCredentials(user, pass));
234 PostMethod post = new PostMethod(url);
235 post.setDoAuthentication(handshake);
236 StringRequestEntity requestEntity = new StringRequestEntity(soapRequest, "text/xml", "UTF-8");
237 post.setRequestEntity(requestEntity);
238 try
239 {
240 int status = client.executeMethod(post);
241 assertEquals(result, status);
242 assertNotNull(post.getResponseBodyAsString());
243 }
244 finally
245 {
246 post.releaseConnection();
247 }
248 }
249
250 }