1 29 30 package org.apache.commons.httpclient.auth; 31 32 import java.io.IOException ; 33 34 import junit.framework.Test; 35 import junit.framework.TestSuite; 36 37 import org.apache.commons.codec.binary.Base64; 38 import org.apache.commons.httpclient.EchoService; 39 import org.apache.commons.httpclient.FeedbackService; 40 import org.apache.commons.httpclient.Header; 41 import org.apache.commons.httpclient.HttpClientTestBase; 42 import org.apache.commons.httpclient.HttpState; 43 import org.apache.commons.httpclient.HttpStatus; 44 import org.apache.commons.httpclient.ProxyTestDecorator; 45 import org.apache.commons.httpclient.UsernamePasswordCredentials; 46 import org.apache.commons.httpclient.methods.GetMethod; 47 import org.apache.commons.httpclient.methods.HeadMethod; 48 import org.apache.commons.httpclient.methods.PostMethod; 49 import org.apache.commons.httpclient.methods.PutMethod; 50 import org.apache.commons.httpclient.methods.StringRequestEntity; 51 import org.apache.commons.httpclient.server.AuthRequestHandler; 52 import org.apache.commons.httpclient.server.HttpRequestHandlerChain; 53 import org.apache.commons.httpclient.server.HttpServiceHandler; 54 import org.apache.commons.httpclient.util.EncodingUtil; 55 56 63 public class TestBasicAuth extends HttpClientTestBase { 64 65 public TestBasicAuth(final String testName) throws IOException { 67 super(testName); 68 } 69 70 public static void main(String args[]) { 72 String [] testCaseName = { TestBasicAuth.class.getName() }; 73 junit.textui.TestRunner.main(testCaseName); 74 } 75 76 78 public static Test suite() { 79 TestSuite suite = new TestSuite(TestBasicAuth.class); 80 ProxyTestDecorator.addTests(suite); 81 return suite; 82 } 83 84 public void testBasicAuthenticationWithNoCreds() throws IOException { 85 86 UsernamePasswordCredentials creds = 87 new UsernamePasswordCredentials("testuser", "testpass"); 88 89 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 90 handlerchain.appendHandler(new AuthRequestHandler(creds)); 91 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 92 93 this.server.setRequestHandler(handlerchain); 94 GetMethod httpget = new GetMethod("/test/"); 95 try { 96 this.client.executeMethod(httpget); 97 assertNotNull(httpget.getStatusLine()); 98 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode()); 99 AuthState authstate = httpget.getHostAuthState(); 100 assertNotNull(authstate.getAuthScheme()); 101 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 102 assertEquals("test", authstate.getRealm()); 103 } finally { 104 httpget.releaseConnection(); 105 } 106 } 107 108 public void testBasicAuthenticationWithNoCredsRetry() throws IOException { 109 UsernamePasswordCredentials creds = 110 new UsernamePasswordCredentials("testuser", "testpass"); 111 112 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 113 handlerchain.appendHandler(new AuthRequestHandler(creds)); 114 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 115 116 this.server.setRequestHandler(handlerchain); 117 118 GetMethod httpget = new GetMethod("/test/"); 119 try { 120 this.client.executeMethod(httpget); 121 assertNotNull(httpget.getStatusLine()); 122 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode()); 123 AuthState authstate = httpget.getHostAuthState(); 124 assertNotNull(authstate.getAuthScheme()); 125 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 126 assertEquals("test", authstate.getRealm()); 127 } finally { 128 httpget.releaseConnection(); 129 } 130 httpget = new GetMethod("/test/"); 132 try { 133 this.client.getState().setCredentials(AuthScope.ANY, creds); 134 this.client.executeMethod(httpget); 135 assertNotNull(httpget.getStatusLine()); 136 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 137 } finally { 138 httpget.releaseConnection(); 139 } 140 } 141 142 public void testBasicAuthenticationWithNoRealm() { 143 String challenge = "Basic"; 144 try { 145 AuthScheme authscheme = new BasicScheme(); 146 authscheme.processChallenge(challenge); 147 fail("Should have thrown MalformedChallengeException"); 148 } catch(MalformedChallengeException e) { 149 } 151 } 152 153 public void testBasicAuthenticationWith88591Chars() throws Exception { 154 int[] germanChars = { 0xE4, 0x2D, 0xF6, 0x2D, 0xFc }; 155 StringBuffer buffer = new StringBuffer (); 156 for (int i = 0; i < germanChars.length; i++) { 157 buffer.append((char)germanChars[i]); 158 } 159 160 UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("dh", buffer.toString()); 161 assertEquals("Basic ZGg65C32Lfw=", 162 BasicScheme.authenticate(credentials, "ISO-8859-1")); 163 } 164 165 public void testBasicAuthenticationWithDefaultCreds() throws Exception { 166 UsernamePasswordCredentials creds = 167 new UsernamePasswordCredentials("testuser", "testpass"); 168 169 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 170 handlerchain.appendHandler(new AuthRequestHandler(creds)); 171 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 172 173 HttpState state = new HttpState(); 174 state.setCredentials(AuthScope.ANY, creds); 175 this.client.setState(state); 176 177 this.server.setRequestHandler(handlerchain); 178 179 GetMethod httpget = new GetMethod("/test/"); 180 try { 181 this.client.executeMethod(httpget); 182 } finally { 183 httpget.releaseConnection(); 184 } 185 assertNotNull(httpget.getStatusLine()); 186 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 187 Header auth = httpget.getRequestHeader("Authorization"); 188 assertNotNull(auth); 189 String expected = "Basic " + EncodingUtil.getAsciiString( 190 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 191 assertEquals(expected, auth.getValue()); 192 AuthState authstate = httpget.getHostAuthState(); 193 assertNotNull(authstate.getAuthScheme()); 194 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 195 assertEquals("test", authstate.getRealm()); 196 } 197 198 public void testBasicAuthentication() throws Exception { 199 UsernamePasswordCredentials creds = 200 new UsernamePasswordCredentials("testuser", "testpass"); 201 202 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 203 handlerchain.appendHandler(new AuthRequestHandler(creds)); 204 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 205 206 HttpState state = new HttpState(); 207 AuthScope authscope = new AuthScope( 208 this.server.getLocalAddress(), 209 this.server.getLocalPort(), 210 "test"); 211 state.setCredentials(authscope, creds); 212 this.client.setState(state); 213 214 this.server.setRequestHandler(handlerchain); 215 216 GetMethod httpget = new GetMethod("/test/"); 217 try { 218 this.client.executeMethod(httpget); 219 } finally { 220 httpget.releaseConnection(); 221 } 222 assertNotNull(httpget.getStatusLine()); 223 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 224 Header auth = httpget.getRequestHeader("Authorization"); 225 assertNotNull(auth); 226 String expected = "Basic " + EncodingUtil.getAsciiString( 227 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 228 assertEquals(expected, auth.getValue()); 229 AuthState authstate = httpget.getHostAuthState(); 230 assertNotNull(authstate.getAuthScheme()); 231 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 232 assertEquals("test", authstate.getRealm()); 233 } 234 235 public void testBasicAuthenticationWithInvalidCredentials() throws Exception { 236 UsernamePasswordCredentials creds = 237 new UsernamePasswordCredentials("testuser", "testpass"); 238 239 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 240 handlerchain.appendHandler(new AuthRequestHandler(creds)); 241 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 242 243 HttpState state = new HttpState(); 244 AuthScope authscope = new AuthScope( 245 this.server.getLocalAddress(), 246 this.server.getLocalPort(), 247 "test"); 248 state.setCredentials(authscope, new UsernamePasswordCredentials("test", "stuff")); 249 this.client.setState(state); 250 251 this.server.setRequestHandler(handlerchain); 252 253 GetMethod httpget = new GetMethod("/test/"); 254 try { 255 this.client.executeMethod(httpget); 256 } finally { 257 httpget.releaseConnection(); 258 } 259 assertNotNull(httpget.getStatusLine()); 260 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode()); 261 AuthState authstate = httpget.getHostAuthState(); 262 assertNotNull(authstate.getAuthScheme()); 263 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 264 assertEquals("test", authstate.getRealm()); 265 } 266 267 public void testBasicAuthenticationWithMutlipleRealms1() throws Exception { 268 UsernamePasswordCredentials creds = 269 new UsernamePasswordCredentials("testuser", "testpass"); 270 271 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 272 handlerchain.appendHandler(new AuthRequestHandler(creds)); 273 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 274 275 HttpState state = new HttpState(); 276 AuthScope realm1 = new AuthScope( 277 this.server.getLocalAddress(), 278 this.server.getLocalPort(), 279 "test"); 280 AuthScope realm2 = new AuthScope( 281 this.server.getLocalAddress(), 282 this.server.getLocalPort(), 283 "test2"); 284 state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass")); 285 state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2")); 286 this.client.setState(state); 287 288 this.server.setRequestHandler(handlerchain); 289 290 GetMethod httpget = new GetMethod("/test/"); 291 try { 292 this.client.executeMethod(httpget); 293 } finally { 294 httpget.releaseConnection(); 295 } 296 assertNotNull(httpget.getStatusLine()); 297 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 298 Header auth = httpget.getRequestHeader("Authorization"); 299 assertNotNull(auth); 300 String expected = "Basic " + EncodingUtil.getAsciiString( 301 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 302 assertEquals(expected, auth.getValue()); 303 AuthState authstate = httpget.getHostAuthState(); 304 assertNotNull(authstate.getAuthScheme()); 305 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 306 assertEquals("test", authstate.getRealm()); 307 } 308 309 public void testBasicAuthenticationWithMutlipleRealms2() throws Exception { 310 UsernamePasswordCredentials creds = 311 new UsernamePasswordCredentials("testuser2", "testpass2"); 312 313 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 314 handlerchain.appendHandler(new AuthRequestHandler(creds, "test2")); 315 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 316 317 HttpState state = new HttpState(); 318 AuthScope realm1 = new AuthScope( 319 this.server.getLocalAddress(), 320 this.server.getLocalPort(), 321 "test"); 322 AuthScope realm2 = new AuthScope( 323 this.server.getLocalAddress(), 324 this.server.getLocalPort(), 325 "test2"); 326 state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass")); 327 state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2")); 328 this.client.setState(state); 329 330 this.server.setRequestHandler(handlerchain); 331 332 GetMethod httpget = new GetMethod("/test2/"); 333 try { 334 this.client.executeMethod(httpget); 335 } finally { 336 httpget.releaseConnection(); 337 } 338 assertNotNull(httpget.getStatusLine()); 339 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 340 Header auth = httpget.getRequestHeader("Authorization"); 341 assertNotNull(auth); 342 String expected = "Basic " + EncodingUtil.getAsciiString( 343 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser2:testpass2"))); 344 assertEquals(expected, auth.getValue()); 345 AuthState authstate = httpget.getHostAuthState(); 346 assertNotNull(authstate.getAuthScheme()); 347 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 348 assertEquals("test2", authstate.getRealm()); 349 } 350 351 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception { 352 UsernamePasswordCredentials creds = 353 new UsernamePasswordCredentials("testuser", "testpass"); 354 355 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 356 handlerchain.appendHandler(new AuthRequestHandler(creds)); 357 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 358 359 HttpState state = new HttpState(); 360 state.setCredentials(AuthScope.ANY, creds); 361 this.client.setState(state); 362 this.client.getParams().setAuthenticationPreemptive(true); 363 364 this.server.setRequestHandler(handlerchain); 365 366 GetMethod httpget = new GetMethod("/test/"); 367 try { 368 this.client.executeMethod(httpget); 369 } finally { 370 httpget.releaseConnection(); 371 } 372 assertNotNull(httpget.getStatusLine()); 373 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 374 Header auth = httpget.getRequestHeader("Authorization"); 375 assertNotNull(auth); 376 String expected = "Basic " + EncodingUtil.getAsciiString( 377 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 378 assertEquals(expected, auth.getValue()); 379 AuthState authstate = httpget.getHostAuthState(); 380 assertNotNull(authstate.getAuthScheme()); 381 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 382 assertNull(authstate.getRealm()); 383 assertTrue(authstate.isPreemptive()); 384 } 385 386 public void testPreemptiveAuthorizationTrueWithoutCreds() throws Exception { 387 UsernamePasswordCredentials creds = 388 new UsernamePasswordCredentials("testuser", "testpass"); 389 390 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 391 handlerchain.appendHandler(new AuthRequestHandler(creds)); 392 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 393 394 HttpState state = new HttpState(); 395 this.client.setState(state); 396 this.client.getParams().setAuthenticationPreemptive(true); 397 398 this.server.setRequestHandler(handlerchain); 399 400 GetMethod httpget = new GetMethod("/test/"); 401 try { 402 this.client.executeMethod(httpget); 403 } finally { 404 httpget.releaseConnection(); 405 } 406 assertNotNull(httpget.getStatusLine()); 407 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode()); 408 Header auth = httpget.getRequestHeader("Authorization"); 409 assertNull(auth); 410 AuthState authstate = httpget.getHostAuthState(); 411 assertNotNull(authstate.getAuthScheme()); 412 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 413 assertNotNull(authstate.getRealm()); 414 assertTrue(authstate.isPreemptive()); 415 } 416 417 public void testCustomAuthorizationHeader() throws Exception { 418 UsernamePasswordCredentials creds = 419 new UsernamePasswordCredentials("testuser", "testpass"); 420 421 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 422 handlerchain.appendHandler(new AuthRequestHandler(creds)); 423 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 424 425 this.server.setRequestHandler(handlerchain); 426 427 GetMethod httpget = new GetMethod("/test/"); 428 String authResponse = "Basic " + EncodingUtil.getAsciiString( 429 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 430 httpget.addRequestHeader(new Header("Authorization", authResponse)); 431 try { 432 this.client.executeMethod(httpget); 433 } finally { 434 httpget.releaseConnection(); 435 } 436 assertNotNull(httpget.getStatusLine()); 437 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode()); 438 } 439 440 public void testHeadBasicAuthentication() throws Exception { 441 UsernamePasswordCredentials creds = 442 new UsernamePasswordCredentials("testuser", "testpass"); 443 444 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 445 handlerchain.appendHandler(new AuthRequestHandler(creds)); 446 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 447 448 HttpState state = new HttpState(); 449 AuthScope authscope = new AuthScope( 450 this.server.getLocalAddress(), 451 this.server.getLocalPort(), 452 "test"); 453 state.setCredentials(authscope, creds); 454 this.client.setState(state); 455 456 this.server.setRequestHandler(handlerchain); 457 458 HeadMethod head = new HeadMethod("/test/"); 459 try { 460 this.client.executeMethod(head); 461 } finally { 462 head.releaseConnection(); 463 } 464 assertNotNull(head.getStatusLine()); 465 assertEquals(HttpStatus.SC_OK, head.getStatusLine().getStatusCode()); 466 Header auth = head.getRequestHeader("Authorization"); 467 assertNotNull(auth); 468 String expected = "Basic " + EncodingUtil.getAsciiString( 469 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 470 assertEquals(expected, auth.getValue()); 471 AuthState authstate = head.getHostAuthState(); 472 assertNotNull(authstate.getAuthScheme()); 473 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 474 assertEquals("test", authstate.getRealm()); 475 } 476 477 public void testPostBasicAuthentication() throws Exception { 478 UsernamePasswordCredentials creds = 479 new UsernamePasswordCredentials("testuser", "testpass"); 480 481 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 482 handlerchain.appendHandler(new AuthRequestHandler(creds)); 483 handlerchain.appendHandler(new HttpServiceHandler(new EchoService())); 484 485 HttpState state = new HttpState(); 486 AuthScope authscope = new AuthScope( 487 this.server.getLocalAddress(), 488 this.server.getLocalPort(), 489 "test"); 490 state.setCredentials(authscope, creds); 491 this.client.setState(state); 492 493 this.server.setRequestHandler(handlerchain); 494 495 PostMethod post = new PostMethod("/test/"); 496 post.setRequestEntity(new StringRequestEntity("Test body", null, null)); 497 try { 498 this.client.executeMethod(post); 499 assertEquals("Test body", post.getResponseBodyAsString()); 500 } finally { 501 post.releaseConnection(); 502 } 503 assertNotNull(post.getStatusLine()); 504 assertEquals(HttpStatus.SC_OK, post.getStatusLine().getStatusCode()); 505 Header auth = post.getRequestHeader("Authorization"); 506 assertNotNull(auth); 507 String expected = "Basic " + EncodingUtil.getAsciiString( 508 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 509 assertEquals(expected, auth.getValue()); 510 AuthState authstate = post.getHostAuthState(); 511 assertNotNull(authstate.getAuthScheme()); 512 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 513 assertEquals("test", authstate.getRealm()); 514 } 515 516 public void testPutBasicAuthentication() throws Exception { 517 UsernamePasswordCredentials creds = 518 new UsernamePasswordCredentials("testuser", "testpass"); 519 520 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 521 handlerchain.appendHandler(new AuthRequestHandler(creds)); 522 handlerchain.appendHandler(new HttpServiceHandler(new EchoService())); 523 524 HttpState state = new HttpState(); 525 AuthScope authscope = new AuthScope( 526 this.server.getLocalAddress(), 527 this.server.getLocalPort(), 528 "test"); 529 state.setCredentials(authscope, creds); 530 this.client.setState(state); 531 532 this.server.setRequestHandler(handlerchain); 533 534 PutMethod put = new PutMethod("/test/"); 535 put.setRequestEntity(new StringRequestEntity("Test body", null, null)); 536 try { 537 this.client.executeMethod(put); 538 assertEquals("Test body", put.getResponseBodyAsString()); 539 } finally { 540 put.releaseConnection(); 541 } 542 assertNotNull(put.getStatusLine()); 543 assertEquals(HttpStatus.SC_OK, put.getStatusLine().getStatusCode()); 544 Header auth = put.getRequestHeader("Authorization"); 545 assertNotNull(auth); 546 String expected = "Basic " + EncodingUtil.getAsciiString( 547 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass"))); 548 assertEquals(expected, auth.getValue()); 549 AuthState authstate = put.getHostAuthState(); 550 assertNotNull(authstate.getAuthScheme()); 551 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 552 assertEquals("test", authstate.getRealm()); 553 } 554 555 public void testPreemptiveAuthorizationFailure() throws Exception { 556 UsernamePasswordCredentials creds = 557 new UsernamePasswordCredentials("testuser", "testpass"); 558 UsernamePasswordCredentials wrongcreds = 559 new UsernamePasswordCredentials("testuser", "garbage"); 560 561 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain(); 562 handlerchain.appendHandler(new AuthRequestHandler(creds)); 563 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService())); 564 565 HttpState state = new HttpState(); 566 state.setCredentials(AuthScope.ANY, wrongcreds); 567 this.client.setState(state); 568 this.client.getParams().setAuthenticationPreemptive(true); 569 570 this.server.setRequestHandler(handlerchain); 571 572 GetMethod httpget = new GetMethod("/test/"); 573 try { 574 this.client.executeMethod(httpget); 575 } finally { 576 httpget.releaseConnection(); 577 } 578 assertNotNull(httpget.getStatusLine()); 579 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode()); 580 AuthState authstate = httpget.getHostAuthState(); 581 assertNotNull(authstate.getAuthScheme()); 582 assertTrue(authstate.getAuthScheme() instanceof BasicScheme); 583 assertEquals("test", authstate.getRealm()); 584 assertTrue(authstate.isPreemptive()); 585 } 586 587 } 588 | Popular Tags |