View Javadoc

1   /*
2    * $Id: HttpFilterFunctionalTestCase.java 22421 2011-07-15 05:05:06Z dirk.olmes $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.spring.security;
12  
13  import org.mule.tck.AbstractServiceAndFlowTestCase;
14  import org.mule.transport.http.HttpConstants;
15  
16  import java.util.Arrays;
17  import java.util.Collection;
18  
19  import org.apache.commons.httpclient.HttpClient;
20  import org.apache.commons.httpclient.UsernamePasswordCredentials;
21  import org.apache.commons.httpclient.auth.AuthScope;
22  import org.apache.commons.httpclient.methods.GetMethod;
23  import org.junit.Ignore;
24  import org.junit.Test;
25  import org.junit.runners.Parameterized.Parameters;
26  
27  import static org.junit.Assert.assertEquals;
28  import static org.junit.Assert.assertTrue;
29  
30  public class HttpFilterFunctionalTestCase extends AbstractServiceAndFlowTestCase
31  {
32      @Parameters
33      public static Collection<Object[]> parameters()
34      {
35          return Arrays.asList(new Object[][]{
36              {ConfigVariant.FLOW, "http-filter-test.xml"}
37          });
38      }
39  
40      public HttpFilterFunctionalTestCase(ConfigVariant variant, String configResources)
41      {
42          super(variant, configResources);
43  
44      }
45  
46      protected String getUrl()
47      {
48          return "http://localhost:4567/authenticate";
49      }
50  
51      @Test
52      public void testAuthenticationFailureNoContext() throws Exception
53      {
54          HttpClient client = new HttpClient();
55          client.getParams().setAuthenticationPreemptive(true);
56          GetMethod get = new GetMethod(getUrl());
57  
58          get.setDoAuthentication(false);
59  
60          try
61          {
62              int status = client.executeMethod(get);
63              assertEquals(HttpConstants.SC_UNAUTHORIZED, status);
64              assertTrue(get.getResponseBodyAsString().contains("no security context on the session. Authentication denied on endpoint"));
65          }
66          finally
67          {
68              get.releaseConnection();
69          }
70      }
71  
72      @Test
73      public void testAuthenticationFailureBadCredentials() throws Exception
74      {
75          doRequest(null, "localhost", "anonX", "anonX", getUrl(), false, 401);
76      }
77  
78      @Ignore // TODO Realm validataion seems to be completely ignored
79      @Test
80      public void testAuthenticationFailureBadRealm() throws Exception
81      {
82          doRequest("blah", "localhost", "anon", "anon", getUrl(), false, 401);
83      }
84  
85      @Test
86      public void testAuthenticationAuthorised() throws Exception
87      {
88          doRequest(null, "localhost", "anon", "anon", getUrl(), false, 200);
89      }
90  
91      @Test
92      public void testAuthenticationAuthorisedWithHandshake() throws Exception
93      {
94          doRequest(null, "localhost", "anon", "anon", getUrl(), true, 200);
95      }
96  
97      @Ignore // TODO Realm validataion seems to be completely ignored
98      @Test
99      public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception
100     {
101         doRequest("blah", "localhost", "anon", "anon", getUrl(), true, 401);
102     }
103 
104     @Test
105     public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception
106     {
107         doRequest("mule-realm", "localhost", "ross", "ross", getUrl(), true, 200);
108     }
109 
110     private void doRequest(String realm,
111                            String host,
112                            String user,
113                            String pass,
114                            String url,
115                            boolean handshake,
116                            int result) throws Exception
117     {
118         HttpClient client = new HttpClient();
119         client.getParams().setAuthenticationPreemptive(true);
120         client.getState().setCredentials(new AuthScope(host, -1, realm),
121             new UsernamePasswordCredentials(user, pass));
122         GetMethod get = new GetMethod(url);
123         get.setDoAuthentication(handshake);
124 
125         try
126         {
127             int status = client.executeMethod(get);
128             if (status == HttpConstants.SC_UNAUTHORIZED && handshake == true)
129             {
130                 // doAuthentication = true means that if the request returns 401,
131                 // the HttpClient will resend the request with credentials
132                 status = client.executeMethod(get);
133             }
134             assertEquals(result, status);
135         }
136         finally
137         {
138             get.releaseConnection();
139         }
140     }
141 }