Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleaned up HttpAuthenticator unit tests 

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1405508 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2012-11-04 07:38:43 +00:00
parent 78856ca1b1
commit 3c26d6ff41
4 changed files with 170 additions and 686 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthenticationBase.java
View File

@ -1,216 +0,0 @@
/*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client.protocol;
import java.io.IOException;
import java.util.LinkedList;
import junit.framework.Assert;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthOption;
import org.apache.http.auth.AuthProtocolState;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.ContextAwareAuthScheme;
import org.apache.http.auth.Credentials;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
public class TestRequestAuthenticationBase {
static class TestRequestAuthentication extends RequestAuthenticationBase {
public void process(
final HttpRequest request,
final HttpContext context) throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute("test-auth-state");
super.process(authState, request, context);
}
}
private ContextAwareAuthScheme authScheme;
private Credentials credentials;
private AuthState authState;
private HttpContext context;
private HttpRequestInterceptor interceptor;
@Before
public void setUp() throws Exception {
this.authScheme = Mockito.mock(ContextAwareAuthScheme.class);
this.credentials = Mockito.mock(Credentials.class);
this.authState = new AuthState();
this.context = new BasicHttpContext();
this.context.setAttribute("test-auth-state", this.authState);
this.interceptor = new TestRequestAuthentication();
}
@Test
public void testAuthFailureState() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.FAILURE);
this.authState.update(this.authScheme, this.credentials);
this.interceptor.process(request, this.context);
Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme, Mockito.never()).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
}
@Test
public void testAuthChallengeStateNoOption() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.interceptor.process(request, this.context);
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthChallengeStateOneOptions() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
authOptions.add(new AuthOption(this.authScheme, this.credentials));
this.authState.update(authOptions);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.interceptor.process(request, this.context);
Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthChallengeStateMultipleOption() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class);
Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class);
Mockito.when(authScheme2.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
authOptions.add(new AuthOption(authScheme1, this.credentials));
authOptions.add(new AuthOption(authScheme2, this.credentials));
this.authState.update(authOptions);
this.interceptor.process(request, this.context);
Assert.assertSame(authScheme2, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context);
Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthSuccess() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.SUCCESS);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.interceptor.process(request, this.context);
Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthSuccessConnectionBased() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.SUCCESS);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.interceptor.process(request, this.context);
Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme, Mockito.never()).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
}
}

251
httpclient/src/test/java/org/apache/http/client/protocol/TestRequestProxyAuthentication.java
View File

@ -1,251 +0,0 @@
/*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client.protocol;
import junit.framework.Assert;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthProtocolState;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.HttpRoutedConnection;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.routing.RouteInfo.LayerType;
import org.apache.http.conn.routing.RouteInfo.TunnelType;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.ExecutionContext;
import org.apache.http.protocol.HttpContext;
import org.junit.Test;
import org.mockito.Mockito;
public class TestRequestProxyAuthentication {
@Test(expected=IllegalArgumentException.class)
public void testRequestParameterCheck() throws Exception {
HttpContext context = new BasicHttpContext();
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(null, context);
}
@Test(expected=IllegalArgumentException.class)
public void testContextParameterCheck() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, null);
}
@Test
public void testProxyAuthOverPlainConnection() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 443, "https");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, false,
TunnelType.PLAIN, LayerType.PLAIN);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNotNull(header);
Assert.assertEquals("Basic dXNlcjpzZWNyZXQ=", header.getValue());
}
@Test
public void testProxyAuthOverTunneledConnection() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 443, "https");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, true,
TunnelType.TUNNELLED, LayerType.LAYERED);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testPreserveAuthHeader() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
request.addHeader(AUTH.PROXY_AUTH_RESP, "Basic c3R1ZmY6c3R1ZmY=");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 443, "https");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, true,
TunnelType.TUNNELLED, LayerType.LAYERED);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNotNull(header);
Assert.assertEquals("Basic c3R1ZmY6c3R1ZmY=", header.getValue());
}
@Test
public void testAuthStateNotSet() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 80, "http");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, false,
TunnelType.PLAIN, LayerType.PLAIN);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, null);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testAuthSchemeNotSet() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 80, "http");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, false,
TunnelType.PLAIN, LayerType.PLAIN);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
AuthState authstate = new AuthState();
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testConnectionBasedAuthOnlyIfChallenged() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
HttpHost target = new HttpHost("localhost", 80, "http");
HttpHost proxy = new HttpHost("localhost", 8080);
HttpRoute route = new HttpRoute(target, null, proxy, false,
TunnelType.PLAIN, LayerType.PLAIN);
HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class);
Mockito.when(conn.getRoute()).thenReturn(route);
AuthState authstate = new AuthState();
BasicScheme authscheme = new BasicScheme() {
@Override
public boolean isConnectionBased() {
return true;
}
};
BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
Credentials creds = new UsernamePasswordCredentials("user", "secret");
authstate.setState(AuthProtocolState.SUCCESS);
authstate.update(authscheme, creds);
context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestProxyAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP);
Assert.assertNull(header);
}
}

189
httpclient/src/test/java/org/apache/http/client/protocol/TestRequestTargetAuthentication.java
View File

@ -1,189 +0,0 @@
/*
* ====================================================================
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.client.protocol;
import junit.framework.Assert;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthProtocolState;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.junit.Test;
public class TestRequestTargetAuthentication {
@Test(expected=IllegalArgumentException.class)
public void testRequestParameterCheck() throws Exception {
HttpContext context = new BasicHttpContext();
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(null, context);
}
@Test(expected=IllegalArgumentException.class)
public void testContextParameterCheck() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, null);
}
@Test
public void testTargetAuth() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNotNull(header);
Assert.assertEquals("Basic dXNlcjpzZWNyZXQ=", header.getValue());
}
@Test
public void testNoTargetAuthForConnectRequests() throws Exception {
HttpRequest request = new BasicHttpRequest("CONNECT", "www.somedomain.com");
HttpContext context = new BasicHttpContext();
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testPreserveAuthHeader() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
request.addHeader(AUTH.WWW_AUTH_RESP, "Basic c3R1ZmY6c3R1ZmY=");
HttpContext context = new BasicHttpContext();
BasicScheme authscheme = new BasicScheme();
Credentials creds = new UsernamePasswordCredentials("user", "secret");
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
AuthState authstate = new AuthState();
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNotNull(header);
Assert.assertEquals("Basic c3R1ZmY6c3R1ZmY=", header.getValue());
}
@Test
public void testAuthStateNotSet() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
context.setAttribute(ClientContext.TARGET_AUTH_STATE, null);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testAuthSchemeNotSet() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
AuthState authstate = new AuthState();
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
@Test
public void testConnectionBasedAuthOnlyIfChallenged() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
HttpContext context = new BasicHttpContext();
AuthState authstate = new AuthState();
BasicScheme authscheme = new BasicScheme() {
@Override
public boolean isConnectionBased() {
return true;
}
};
BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm");
authscheme.processChallenge(challenge);
Credentials creds = new UsernamePasswordCredentials("user", "secret");
authstate.setState(AuthProtocolState.SUCCESS);
authstate.update(authscheme, creds);
context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate);
HttpRequestInterceptor interceptor = new RequestTargetAuthentication();
interceptor.process(request, context);
Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP);
Assert.assertNull(header);
}
}

200
httpclient/src/test/java/org/apache/http/impl/client/TestHttpAuthenticator.java
View File

@ -26,20 +26,23 @@
package org.apache.http.impl.client;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Queue;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.HttpVersion;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthOption;
import org.apache.http.auth.AuthProtocolState;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.ContextAwareAuthScheme;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.client.AuthCache;
@ -51,6 +54,7 @@ import org.apache.http.impl.auth.DigestScheme;
import org.apache.http.impl.auth.DigestSchemeFactory;
import org.apache.http.impl.auth.NTLMSchemeFactory;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.message.BasicHttpResponse;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.ExecutionContext;
@ -64,7 +68,7 @@ public class TestHttpAuthenticator {
private AuthenticationStrategy authStrategy;
private AuthState authState;
private AuthScheme authScheme;
private ContextAwareAuthScheme authScheme;
private HttpContext context;
private HttpHost host;
private HttpHost proxy;
@ -78,8 +82,9 @@ public class TestHttpAuthenticator {
public void setUp() throws Exception {
this.authStrategy = Mockito.mock(AuthenticationStrategy.class);
this.authState = new AuthState();
this.authScheme = new BasicScheme();
this.authScheme.processChallenge(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=test"));
this.authScheme = Mockito.mock(ContextAwareAuthScheme.class);
Mockito.when(this.authScheme.getSchemeName()).thenReturn("Basic");
Mockito.when(this.authScheme.isComplete()).thenReturn(true);
this.context = new BasicHttpContext();
this.host = new HttpHost("localhost", 80);
this.proxy = new HttpHost("localhost", 8888);
@ -174,7 +179,7 @@ public class TestHttpAuthenticator {
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertTrue(this.httpAuthenticator.authenticate(host,
Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
@ -199,7 +204,7 @@ public class TestHttpAuthenticator {
Mockito.any(HttpResponse.class),
Mockito.any(HttpContext.class))).thenReturn(new HashMap<String, Header>());
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, this.authStrategy, this.authState, this.context));
}
@ -212,7 +217,7 @@ public class TestHttpAuthenticator {
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
}
@ -227,7 +232,7 @@ public class TestHttpAuthenticator {
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
}
@ -238,29 +243,12 @@ public class TestHttpAuthenticator {
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
this.authState.setState(AuthProtocolState.FAILURE);
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
}
@Test
public void testAuthenticationNoAuthScheme() throws Exception {
HttpHost host = new HttpHost("somehost", 80);
HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(this.authScheme, this.credentials);
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
@ -268,6 +256,23 @@ public class TestHttpAuthenticator {
Mockito.verify(this.authCache).remove(host);
}
@Test
public void testAuthenticationFailedPreviously() throws Exception {
HttpHost host = new HttpHost("somehost", 80);
HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
this.authState.setState(AuthProtocolState.FAILURE);
TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
}
@Test
public void testAuthenticationFailure() throws Exception {
HttpHost host = new HttpHost("somehost", 80);
@ -281,7 +286,7 @@ public class TestHttpAuthenticator {
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(new BasicScheme(), this.credentials);
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
Assert.assertNull(this.authState.getCredentials());
@ -300,7 +305,7 @@ public class TestHttpAuthenticator {
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(new DigestScheme(), this.credentials);
Assert.assertTrue(this.httpAuthenticator.authenticate(host,
Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.HANDSHAKE, this.authState.getState());
@ -318,7 +323,7 @@ public class TestHttpAuthenticator {
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(new BasicScheme(), this.credentials);
Assert.assertTrue(this.httpAuthenticator.authenticate(host,
Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
response, authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
@ -342,7 +347,7 @@ public class TestHttpAuthenticator {
Mockito.any(HttpResponse.class),
Mockito.any(HttpContext.class));
Assert.assertFalse(this.httpAuthenticator.authenticate(host,
Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
response, this.authStrategy, this.authState, this.context));
Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
@ -350,4 +355,139 @@ public class TestHttpAuthenticator {
Assert.assertNull(this.authState.getCredentials());
}
@Test
public void testAuthFailureState() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.FAILURE);
this.authState.update(this.authScheme, this.credentials);
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme, Mockito.never()).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
}
@Test
public void testAuthChallengeStateNoOption() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthChallengeStateOneOptions() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
authOptions.add(new AuthOption(this.authScheme, this.credentials));
this.authState.update(authOptions);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthChallengeStateMultipleOption() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.CHALLENGED);
LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class);
Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class);
Mockito.when(authScheme2.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
authOptions.add(new AuthOption(authScheme1, this.credentials));
authOptions.add(new AuthOption(authScheme2, this.credentials));
this.authState.update(authOptions);
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertSame(authScheme2, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context);
Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthSuccess() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.SUCCESS);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
Assert.assertSame(this.credentials, this.authState.getCredentials());
Assert.assertNull(this.authState.getAuthOptions());
Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}
@Test
public void testAuthSuccessConnectionBased() throws Exception {
HttpRequest request = new BasicHttpRequest("GET", "/");
this.authState.setState(AuthProtocolState.SUCCESS);
this.authState.update(this.authScheme, this.credentials);
Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE);
Mockito.when(this.authScheme.authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
this.httpAuthenticator.generateAuthResponse(request, authState, context);
Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
Mockito.verify(this.authScheme, Mockito.never()).authenticate(
Mockito.any(Credentials.class),
Mockito.any(HttpRequest.class),
Mockito.any(HttpContext.class));
}
}