View Javadoc

1   /*
2    * $Id: AuthorizationFilterTestCase.java 22414 2011-07-14 13:24:46Z dirk.olmes $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.spring.security;
12  
13  import org.mule.tck.junit4.FunctionalTestCase;
14  import org.mule.transport.http.HttpConstants;
15  
16  import org.apache.commons.httpclient.HttpClient;
17  import org.apache.commons.httpclient.UsernamePasswordCredentials;
18  import org.apache.commons.httpclient.auth.AuthScope;
19  import org.apache.commons.httpclient.methods.GetMethod;
20  import org.junit.Test;
21  
22  import static org.junit.Assert.assertEquals;
23  
24  public class AuthorizationFilterTestCase extends FunctionalTestCase
25  {
26  
27      @Override
28      protected String getConfigResources()
29      {
30          return "http-filter-test.xml";
31      }
32  
33      @Test
34      public void testAuthenticatedButNotAuthorized() throws Exception
35      {
36          doRequest(null, "localhost", "anon", "anon", getUrl(), false, 405);
37      }
38      
39      @Test
40      public void testAuthorized() throws Exception
41      {
42          doRequest(null, "localhost", "ross", "ross", getUrl(), false, 200);
43      }
44  
45      protected String getUrl()
46      {
47          return "http://localhost:4567/authorize";
48      }
49  
50      private void doRequest(String realm,
51                             String host,
52                             String user,
53                             String pass,
54                             String url,
55                             boolean handshake,
56                             int result) throws Exception
57      {
58          HttpClient client = new HttpClient();
59          client.getParams().setAuthenticationPreemptive(true);
60          client.getState().setCredentials(new AuthScope(host, -1, realm),
61              new UsernamePasswordCredentials(user, pass));
62          GetMethod get = new GetMethod(url);
63          get.setDoAuthentication(handshake);
64  
65          try
66          {
67              int status = client.executeMethod(get);
68              if (status == HttpConstants.SC_UNAUTHORIZED && handshake == true)
69              {
70                  // doAuthentication = true means that if the request returns 401, 
71                  // the HttpClient will resend the request with credentials
72                  status = client.executeMethod(get);
73                  if (status == HttpConstants.SC_UNAUTHORIZED && handshake == true)
74                  {
75                      // doAuthentication = true means that if the request returns 401, 
76                      // the HttpClient will resend the request with credentials
77                      status = client.executeMethod(get);
78                  }
79              }
80              assertEquals(result, status);
81          }
82          finally
83          {
84              get.releaseConnection();
85          }
86      }
87  
88  }