From 3c26d6ff4199afc81933aa27852f81783696e699 Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Sun, 4 Nov 2012 07:38:43 +0000 Subject: [PATCH] Cleaned up HttpAuthenticator unit tests git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1405508 13f79535-47bb-0310-9956-ffa450edef68 --- .../TestRequestAuthenticationBase.java | 216 --------------- .../TestRequestProxyAuthentication.java | 251 ------------------ .../TestRequestTargetAuthentication.java | 189 ------------- .../impl/client/TestHttpAuthenticator.java | 200 +++++++++++--- 4 files changed, 170 insertions(+), 686 deletions(-) delete mode 100644 httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthenticationBase.java delete mode 100644 httpclient/src/test/java/org/apache/http/client/protocol/TestRequestProxyAuthentication.java delete mode 100644 httpclient/src/test/java/org/apache/http/client/protocol/TestRequestTargetAuthentication.java diff --git a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthenticationBase.java b/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthenticationBase.java deleted file mode 100644 index f792e5199..000000000 --- a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthenticationBase.java +++ /dev/null @@ -1,216 +0,0 @@ -/* - * ==================================================================== - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * . - * - */ - -package org.apache.http.client.protocol; - -import java.io.IOException; -import java.util.LinkedList; - -import junit.framework.Assert; - -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.auth.AUTH; -import org.apache.http.auth.AuthOption; -import org.apache.http.auth.AuthProtocolState; -import org.apache.http.auth.AuthState; -import org.apache.http.auth.AuthenticationException; -import org.apache.http.auth.ContextAwareAuthScheme; -import org.apache.http.auth.Credentials; -import org.apache.http.message.BasicHeader; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.BasicHttpContext; -import org.apache.http.protocol.HttpContext; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; - -public class TestRequestAuthenticationBase { - - static class TestRequestAuthentication extends RequestAuthenticationBase { - - public void process( - final HttpRequest request, - final HttpContext context) throws HttpException, IOException { - AuthState authState = (AuthState) context.getAttribute("test-auth-state"); - super.process(authState, request, context); - } - - } - - private ContextAwareAuthScheme authScheme; - private Credentials credentials; - private AuthState authState; - private HttpContext context; - private HttpRequestInterceptor interceptor; - - @Before - public void setUp() throws Exception { - this.authScheme = Mockito.mock(ContextAwareAuthScheme.class); - this.credentials = Mockito.mock(Credentials.class); - this.authState = new AuthState(); - this.context = new BasicHttpContext(); - this.context.setAttribute("test-auth-state", this.authState); - this.interceptor = new TestRequestAuthentication(); - } - - @Test - public void testAuthFailureState() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.FAILURE); - this.authState.update(this.authScheme, this.credentials); - - this.interceptor.process(request, this.context); - - Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(this.authScheme, Mockito.never()).authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class)); - } - - @Test - public void testAuthChallengeStateNoOption() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.CHALLENGED); - this.authState.update(this.authScheme, this.credentials); - - Mockito.when(this.authScheme.authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); - - this.interceptor.process(request, this.context); - - Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); - } - - @Test - public void testAuthChallengeStateOneOptions() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.CHALLENGED); - LinkedList authOptions = new LinkedList(); - authOptions.add(new AuthOption(this.authScheme, this.credentials)); - this.authState.update(authOptions); - - Mockito.when(this.authScheme.authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); - - this.interceptor.process(request, this.context); - - Assert.assertSame(this.authScheme, this.authState.getAuthScheme()); - Assert.assertSame(this.credentials, this.authState.getCredentials()); - Assert.assertNull(this.authState.getAuthOptions()); - - Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); - } - - @Test - public void testAuthChallengeStateMultipleOption() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.CHALLENGED); - - LinkedList authOptions = new LinkedList(); - ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class); - Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class)); - ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class); - Mockito.when(authScheme2.authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); - authOptions.add(new AuthOption(authScheme1, this.credentials)); - authOptions.add(new AuthOption(authScheme2, this.credentials)); - this.authState.update(authOptions); - - this.interceptor.process(request, this.context); - - Assert.assertSame(authScheme2, this.authState.getAuthScheme()); - Assert.assertSame(this.credentials, this.authState.getCredentials()); - Assert.assertNull(this.authState.getAuthOptions()); - - Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context); - Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context); - } - - @Test - public void testAuthSuccess() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.SUCCESS); - this.authState.update(this.authScheme, this.credentials); - - Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE); - Mockito.when(this.authScheme.authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); - - this.interceptor.process(request, this.context); - - Assert.assertSame(this.authScheme, this.authState.getAuthScheme()); - Assert.assertSame(this.credentials, this.authState.getCredentials()); - Assert.assertNull(this.authState.getAuthOptions()); - - Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); - } - - @Test - public void testAuthSuccessConnectionBased() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - this.authState.setState(AuthProtocolState.SUCCESS); - this.authState.update(this.authScheme, this.credentials); - - Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE); - Mockito.when(this.authScheme.authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); - - this.interceptor.process(request, this.context); - - Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP)); - - Mockito.verify(this.authScheme, Mockito.never()).authenticate( - Mockito.any(Credentials.class), - Mockito.any(HttpRequest.class), - Mockito.any(HttpContext.class)); - } - -} diff --git a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestProxyAuthentication.java b/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestProxyAuthentication.java deleted file mode 100644 index c3dc228cd..000000000 --- a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestProxyAuthentication.java +++ /dev/null @@ -1,251 +0,0 @@ -/* - * ==================================================================== - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * . - * - */ - -package org.apache.http.client.protocol; - -import junit.framework.Assert; - -import org.apache.http.Header; -import org.apache.http.HttpHost; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.auth.AUTH; -import org.apache.http.auth.AuthProtocolState; -import org.apache.http.auth.AuthState; -import org.apache.http.auth.Credentials; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.conn.HttpRoutedConnection; -import org.apache.http.conn.routing.HttpRoute; -import org.apache.http.conn.routing.RouteInfo.LayerType; -import org.apache.http.conn.routing.RouteInfo.TunnelType; -import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.message.BasicHeader; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.BasicHttpContext; -import org.apache.http.protocol.ExecutionContext; -import org.apache.http.protocol.HttpContext; -import org.junit.Test; -import org.mockito.Mockito; - -public class TestRequestProxyAuthentication { - - @Test(expected=IllegalArgumentException.class) - public void testRequestParameterCheck() throws Exception { - HttpContext context = new BasicHttpContext(); - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(null, context); - } - - @Test(expected=IllegalArgumentException.class) - public void testContextParameterCheck() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, null); - } - - @Test - public void testProxyAuthOverPlainConnection() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 443, "https"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, false, - TunnelType.PLAIN, LayerType.PLAIN); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNotNull(header); - Assert.assertEquals("Basic dXNlcjpzZWNyZXQ=", header.getValue()); - } - - @Test - public void testProxyAuthOverTunneledConnection() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 443, "https"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, true, - TunnelType.TUNNELLED, LayerType.LAYERED); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - - BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testPreserveAuthHeader() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - request.addHeader(AUTH.PROXY_AUTH_RESP, "Basic c3R1ZmY6c3R1ZmY="); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 443, "https"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, true, - TunnelType.TUNNELLED, LayerType.LAYERED); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - - BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNotNull(header); - Assert.assertEquals("Basic c3R1ZmY6c3R1ZmY=", header.getValue()); - } - - @Test - public void testAuthStateNotSet() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 80, "http"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, false, - TunnelType.PLAIN, LayerType.PLAIN); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, null); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testAuthSchemeNotSet() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 80, "http"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, false, - TunnelType.PLAIN, LayerType.PLAIN); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - AuthState authstate = new AuthState(); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testConnectionBasedAuthOnlyIfChallenged() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - HttpHost target = new HttpHost("localhost", 80, "http"); - HttpHost proxy = new HttpHost("localhost", 8080); - HttpRoute route = new HttpRoute(target, null, proxy, false, - TunnelType.PLAIN, LayerType.PLAIN); - - HttpRoutedConnection conn = Mockito.mock(HttpRoutedConnection.class); - Mockito.when(conn.getRoute()).thenReturn(route); - - AuthState authstate = new AuthState(); - - BasicScheme authscheme = new BasicScheme() { - - @Override - public boolean isConnectionBased() { - return true; - } - - }; - - BasicHeader challenge = new BasicHeader(AUTH.PROXY_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - - authstate.setState(AuthProtocolState.SUCCESS); - authstate.update(authscheme, creds); - - context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn); - context.setAttribute(ClientContext.PROXY_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestProxyAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.PROXY_AUTH_RESP); - Assert.assertNull(header); - } - -} diff --git a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestTargetAuthentication.java b/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestTargetAuthentication.java deleted file mode 100644 index 04c26231d..000000000 --- a/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestTargetAuthentication.java +++ /dev/null @@ -1,189 +0,0 @@ -/* - * ==================================================================== - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * . - * - */ - -package org.apache.http.client.protocol; - -import junit.framework.Assert; - -import org.apache.http.Header; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.auth.AUTH; -import org.apache.http.auth.AuthProtocolState; -import org.apache.http.auth.AuthState; -import org.apache.http.auth.Credentials; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.message.BasicHeader; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.BasicHttpContext; -import org.apache.http.protocol.HttpContext; -import org.junit.Test; - -public class TestRequestTargetAuthentication { - - @Test(expected=IllegalArgumentException.class) - public void testRequestParameterCheck() throws Exception { - HttpContext context = new BasicHttpContext(); - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(null, context); - } - - @Test(expected=IllegalArgumentException.class) - public void testContextParameterCheck() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, null); - } - - @Test - public void testTargetAuth() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNotNull(header); - Assert.assertEquals("Basic dXNlcjpzZWNyZXQ=", header.getValue()); - } - - @Test - public void testNoTargetAuthForConnectRequests() throws Exception { - HttpRequest request = new BasicHttpRequest("CONNECT", "www.somedomain.com"); - HttpContext context = new BasicHttpContext(); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testPreserveAuthHeader() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - request.addHeader(AUTH.WWW_AUTH_RESP, "Basic c3R1ZmY6c3R1ZmY="); - HttpContext context = new BasicHttpContext(); - - BasicScheme authscheme = new BasicScheme(); - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - - BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - AuthState authstate = new AuthState(); - authstate.update(authscheme, creds); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNotNull(header); - Assert.assertEquals("Basic c3R1ZmY6c3R1ZmY=", header.getValue()); - } - - @Test - public void testAuthStateNotSet() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, null); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testAuthSchemeNotSet() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - AuthState authstate = new AuthState(); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNull(header); - } - - @Test - public void testConnectionBasedAuthOnlyIfChallenged() throws Exception { - HttpRequest request = new BasicHttpRequest("GET", "/"); - HttpContext context = new BasicHttpContext(); - - AuthState authstate = new AuthState(); - - BasicScheme authscheme = new BasicScheme() { - - @Override - public boolean isConnectionBased() { - return true; - } - - }; - - BasicHeader challenge = new BasicHeader(AUTH.WWW_AUTH, "BASIC realm=auth-realm"); - authscheme.processChallenge(challenge); - - Credentials creds = new UsernamePasswordCredentials("user", "secret"); - - authstate.setState(AuthProtocolState.SUCCESS); - authstate.update(authscheme, creds); - - context.setAttribute(ClientContext.TARGET_AUTH_STATE, authstate); - - HttpRequestInterceptor interceptor = new RequestTargetAuthentication(); - interceptor.process(request, context); - Header header = request.getFirstHeader(AUTH.WWW_AUTH_RESP); - Assert.assertNull(header); - } - -} diff --git a/httpclient/src/test/java/org/apache/http/impl/client/TestHttpAuthenticator.java b/httpclient/src/test/java/org/apache/http/impl/client/TestHttpAuthenticator.java index 91c5899a6..8ce1bc57b 100644 --- a/httpclient/src/test/java/org/apache/http/impl/client/TestHttpAuthenticator.java +++ b/httpclient/src/test/java/org/apache/http/impl/client/TestHttpAuthenticator.java @@ -26,20 +26,23 @@ package org.apache.http.impl.client; import java.util.HashMap; +import java.util.LinkedList; import java.util.Queue; import org.apache.http.Header; import org.apache.http.HttpHost; +import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; import org.apache.http.HttpVersion; import org.apache.http.auth.AUTH; import org.apache.http.auth.AuthOption; import org.apache.http.auth.AuthProtocolState; -import org.apache.http.auth.AuthScheme; import org.apache.http.auth.AuthSchemeRegistry; import org.apache.http.auth.AuthScope; import org.apache.http.auth.AuthState; +import org.apache.http.auth.AuthenticationException; +import org.apache.http.auth.ContextAwareAuthScheme; import org.apache.http.auth.Credentials; import org.apache.http.auth.MalformedChallengeException; import org.apache.http.client.AuthCache; @@ -51,6 +54,7 @@ import org.apache.http.impl.auth.DigestScheme; import org.apache.http.impl.auth.DigestSchemeFactory; import org.apache.http.impl.auth.NTLMSchemeFactory; import org.apache.http.message.BasicHeader; +import org.apache.http.message.BasicHttpRequest; import org.apache.http.message.BasicHttpResponse; import org.apache.http.protocol.BasicHttpContext; import org.apache.http.protocol.ExecutionContext; @@ -64,7 +68,7 @@ public class TestHttpAuthenticator { private AuthenticationStrategy authStrategy; private AuthState authState; - private AuthScheme authScheme; + private ContextAwareAuthScheme authScheme; private HttpContext context; private HttpHost host; private HttpHost proxy; @@ -78,8 +82,9 @@ public class TestHttpAuthenticator { public void setUp() throws Exception { this.authStrategy = Mockito.mock(AuthenticationStrategy.class); this.authState = new AuthState(); - this.authScheme = new BasicScheme(); - this.authScheme.processChallenge(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=test")); + this.authScheme = Mockito.mock(ContextAwareAuthScheme.class); + Mockito.when(this.authScheme.getSchemeName()).thenReturn("Basic"); + Mockito.when(this.authScheme.isComplete()).thenReturn(true); this.context = new BasicHttpContext(); this.host = new HttpHost("localhost", 80); this.proxy = new HttpHost("localhost", 8888); @@ -174,7 +179,7 @@ public class TestHttpAuthenticator { TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); - Assert.assertTrue(this.httpAuthenticator.authenticate(host, + Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState()); @@ -199,7 +204,7 @@ public class TestHttpAuthenticator { Mockito.any(HttpResponse.class), Mockito.any(HttpContext.class))).thenReturn(new HashMap()); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, this.authStrategy, this.authState, this.context)); } @@ -212,7 +217,7 @@ public class TestHttpAuthenticator { TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); } @@ -227,7 +232,7 @@ public class TestHttpAuthenticator { TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); } @@ -238,29 +243,12 @@ public class TestHttpAuthenticator { response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\"")); response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\"")); - this.authState.setState(AuthProtocolState.FAILURE); - - TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); - - Assert.assertFalse(this.httpAuthenticator.authenticate(host, - response, authStrategy, this.authState, this.context)); - - Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState()); - } - - @Test - public void testAuthenticationNoAuthScheme() throws Exception { - HttpHost host = new HttpHost("somehost", 80); - HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED"); - response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\"")); - response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\"")); - this.authState.setState(AuthProtocolState.CHALLENGED); this.authState.update(this.authScheme, this.credentials); TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState()); @@ -268,6 +256,23 @@ public class TestHttpAuthenticator { Mockito.verify(this.authCache).remove(host); } + @Test + public void testAuthenticationFailedPreviously() throws Exception { + HttpHost host = new HttpHost("somehost", 80); + HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED"); + response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\"")); + response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\"")); + + this.authState.setState(AuthProtocolState.FAILURE); + + TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy(); + + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, + response, authStrategy, this.authState, this.context)); + + Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState()); + } + @Test public void testAuthenticationFailure() throws Exception { HttpHost host = new HttpHost("somehost", 80); @@ -281,7 +286,7 @@ public class TestHttpAuthenticator { this.authState.setState(AuthProtocolState.CHALLENGED); this.authState.update(new BasicScheme(), this.credentials); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState()); Assert.assertNull(this.authState.getCredentials()); @@ -300,7 +305,7 @@ public class TestHttpAuthenticator { this.authState.setState(AuthProtocolState.CHALLENGED); this.authState.update(new DigestScheme(), this.credentials); - Assert.assertTrue(this.httpAuthenticator.authenticate(host, + Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.HANDSHAKE, this.authState.getState()); @@ -318,7 +323,7 @@ public class TestHttpAuthenticator { this.authState.setState(AuthProtocolState.CHALLENGED); this.authState.update(new BasicScheme(), this.credentials); - Assert.assertTrue(this.httpAuthenticator.authenticate(host, + Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host, response, authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState()); @@ -342,7 +347,7 @@ public class TestHttpAuthenticator { Mockito.any(HttpResponse.class), Mockito.any(HttpContext.class)); - Assert.assertFalse(this.httpAuthenticator.authenticate(host, + Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host, response, this.authStrategy, this.authState, this.context)); Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState()); @@ -350,4 +355,139 @@ public class TestHttpAuthenticator { Assert.assertNull(this.authState.getCredentials()); } + @Test + public void testAuthFailureState() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.FAILURE); + this.authState.update(this.authScheme, this.credentials); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(this.authScheme, Mockito.never()).authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class)); + } + + @Test + public void testAuthChallengeStateNoOption() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.CHALLENGED); + this.authState.update(this.authScheme, this.credentials); + + Mockito.when(this.authScheme.authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); + } + + @Test + public void testAuthChallengeStateOneOptions() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.CHALLENGED); + LinkedList authOptions = new LinkedList(); + authOptions.add(new AuthOption(this.authScheme, this.credentials)); + this.authState.update(authOptions); + + Mockito.when(this.authScheme.authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertSame(this.authScheme, this.authState.getAuthScheme()); + Assert.assertSame(this.credentials, this.authState.getCredentials()); + Assert.assertNull(this.authState.getAuthOptions()); + + Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); + } + + @Test + public void testAuthChallengeStateMultipleOption() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.CHALLENGED); + + LinkedList authOptions = new LinkedList(); + ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class); + Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class)); + ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class); + Mockito.when(authScheme2.authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); + authOptions.add(new AuthOption(authScheme1, this.credentials)); + authOptions.add(new AuthOption(authScheme2, this.credentials)); + this.authState.update(authOptions); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertSame(authScheme2, this.authState.getAuthScheme()); + Assert.assertSame(this.credentials, this.authState.getCredentials()); + Assert.assertNull(this.authState.getAuthOptions()); + + Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context); + Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context); + } + + @Test + public void testAuthSuccess() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.SUCCESS); + this.authState.update(this.authScheme, this.credentials); + + Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE); + Mockito.when(this.authScheme.authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertSame(this.authScheme, this.authState.getAuthScheme()); + Assert.assertSame(this.credentials, this.authState.getCredentials()); + Assert.assertNull(this.authState.getAuthOptions()); + + Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context); + } + + @Test + public void testAuthSuccessConnectionBased() throws Exception { + HttpRequest request = new BasicHttpRequest("GET", "/"); + this.authState.setState(AuthProtocolState.SUCCESS); + this.authState.update(this.authScheme, this.credentials); + + Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE); + Mockito.when(this.authScheme.authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff")); + + this.httpAuthenticator.generateAuthResponse(request, authState, context); + + Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP)); + + Mockito.verify(this.authScheme, Mockito.never()).authenticate( + Mockito.any(Credentials.class), + Mockito.any(HttpRequest.class), + Mockito.any(HttpContext.class)); + } + }