1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.spring.security;
12
13 import org.mule.tck.AbstractServiceAndFlowTestCase;
14 import org.mule.transport.http.HttpConstants;
15
16 import java.util.Arrays;
17 import java.util.Collection;
18
19 import org.apache.commons.httpclient.HttpClient;
20 import org.apache.commons.httpclient.UsernamePasswordCredentials;
21 import org.apache.commons.httpclient.auth.AuthScope;
22 import org.apache.commons.httpclient.methods.GetMethod;
23 import org.junit.Ignore;
24 import org.junit.Test;
25 import org.junit.runners.Parameterized.Parameters;
26
27 import static org.junit.Assert.assertEquals;
28 import static org.junit.Assert.assertTrue;
29
30 public class HttpFilterFunctionalTestCase extends AbstractServiceAndFlowTestCase
31 {
32 @Parameters
33 public static Collection<Object[]> parameters()
34 {
35 return Arrays.asList(new Object[][]{
36 {ConfigVariant.FLOW, "http-filter-test.xml"}
37 });
38 }
39
40 public HttpFilterFunctionalTestCase(ConfigVariant variant, String configResources)
41 {
42 super(variant, configResources);
43
44 }
45
46 protected String getUrl()
47 {
48 return "http://localhost:4567/authenticate";
49 }
50
51 @Test
52 public void testAuthenticationFailureNoContext() throws Exception
53 {
54 HttpClient client = new HttpClient();
55 client.getParams().setAuthenticationPreemptive(true);
56 GetMethod get = new GetMethod(getUrl());
57
58 get.setDoAuthentication(false);
59
60 try
61 {
62 int status = client.executeMethod(get);
63 assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
64 assertTrue(get.getResponseBodyAsString().contains("no security context on the session. Authentication denied on endpoint"));
65 }
66 finally
67 {
68 get.releaseConnection();
69 }
70 }
71
72 @Test
73 public void testAuthenticationFailureBadCredentials() throws Exception
74 {
75 doRequest(null, "localhost", "anonX", "anonX", getUrl(), false, 401);
76 }
77
78 @Ignore
79 @Test
80 public void testAuthenticationFailureBadRealm() throws Exception
81 {
82 doRequest("blah", "localhost", "anon", "anon", getUrl(), false, 401);
83 }
84
85 @Test
86 public void testAuthenticationAuthorised() throws Exception
87 {
88 doRequest(null, "localhost", "anon", "anon", getUrl(), false, 200);
89 }
90
91 @Test
92 public void testAuthenticationAuthorisedWithHandshake() throws Exception
93 {
94 doRequest(null, "localhost", "anon", "anon", getUrl(), true, 200);
95 }
96
97 @Ignore
98 @Test
99 public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception
100 {
101 doRequest("blah", "localhost", "anon", "anon", getUrl(), true, 401);
102 }
103
104 @Test
105 public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception
106 {
107 doRequest("mule-realm", "localhost", "ross", "ross", getUrl(), true, 200);
108 }
109
110 private void doRequest(String realm,
111 String host,
112 String user,
113 String pass,
114 String url,
115 boolean handshake,
116 int result) throws Exception
117 {
118 HttpClient client = new HttpClient();
119 client.getParams().setAuthenticationPreemptive(true);
120 client.getState().setCredentials(new AuthScope(host, -1, realm),
121 new UsernamePasswordCredentials(user, pass));
122 GetMethod get = new GetMethod(url);
123 get.setDoAuthentication(handshake);
124
125 try
126 {
127 int status = client.executeMethod(get);
128 if (status == HttpConstants.SC_UNAUTHORIZED && handshake == true)
129 {
130
131
132 status = client.executeMethod(get);
133 }
134 assertEquals(result, status);
135 }
136 finally
137 {
138 get.releaseConnection();
139 }
140 }
141 }