new AuthenticationResult(token.getName(), authorizerName, name, null) ); doFilter(filterChain, httpRequest, httpResponse);
/** * Generates the token. */ private void generateToken() { StringBuffer sb = new StringBuffer(); sb.append(USER_NAME).append("=").append(getUserName()).append(ATTR_SEPARATOR); sb.append(PRINCIPAL).append("=").append(getName()).append(ATTR_SEPARATOR); sb.append(TYPE).append("=").append(getType()).append(ATTR_SEPARATOR); sb.append(EXPIRES).append("=").append(getExpires()); token = sb.toString(); }
@Test(timeout = 60000) public void testRequestWithLdapAuthorization() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); final Base64 base64 = new Base64(0); String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes()); String authHeader = BASIC + " " + credentials; Mockito.when(request.getHeader(AUTHORIZATION_HEADER)) .thenReturn(authHeader); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Assert.assertEquals(TYPE, token.getType()); Assert.assertEquals("bjones", token.getUserName()); Assert.assertEquals("bjones", token.getName()); }
@Test(timeout = 60000) public void testRequestWithAuthorization() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); final Base64 base64 = new Base64(0); String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes()); String authHeader = HttpConstants.BASIC + " " + credentials; Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)) .thenReturn(authHeader); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Assert.assertEquals(TYPE, token.getType()); Assert.assertEquals("bjones", token.getUserName()); Assert.assertEquals("bjones", token.getName()); }
@Test(timeout = 60000) public void testRequestWithAuthorization() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); final Base64 base64 = new Base64(0); String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes()); String authHeader = HttpConstants.BASIC + " " + credentials; Mockito.when(request.getHeader(HttpConstants.AUTHORIZATION_HEADER)) .thenReturn(authHeader); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Assert.assertEquals(TYPE, token.getType()); Assert.assertEquals("bjones", token.getUserName()); Assert.assertEquals("bjones", token.getName()); }
@Test(timeout=60000) public void testAlternateAuthenticationAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); // By default, a User-Agent without "java", "curl", "wget", or "perl" in it // is considered a browser Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
@Test(timeout = 60000) public void testRequestWithLdapAuthorization() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); final Base64 base64 = new Base64(0); String credentials = base64.encodeToString("bjones:p@ssw0rd".getBytes()); String authHeader = BASIC + " " + credentials; Mockito.when(request.getHeader(AUTHORIZATION_HEADER)) .thenReturn(authHeader); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); Assert.assertEquals(TYPE, token.getType()); Assert.assertEquals("bjones", token.getUserName()); Assert.assertEquals("bjones", token.getName()); }
@Test(timeout=60000) public void testAlternateAuthenticationAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); // By default, a User-Agent without "java", "curl", "wget", or "perl" in it // is considered a browser Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
@Test(timeout=60000) public void testAlternateAuthenticationAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); // By default, a User-Agent without "java", "curl", "wget", or "perl" in it // is considered a browser Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
private void _testUserName(boolean anonymous) throws Exception { PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); try { Properties props = new Properties(); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous)); handler.init(props); HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getQueryString()).thenReturn(PseudoAuthenticator.USER_NAME + "=" + "user"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Assert.assertEquals("user", token.getUserName()); Assert.assertEquals("user", token.getName()); Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType()); } finally { handler.destroy(); } }
private void _testUserName(boolean anonymous) throws Exception { PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); try { Properties props = new Properties(); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous)); handler.init(props); HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getQueryString()).thenReturn(PseudoAuthenticator.USER_NAME + "=" + "user"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Assert.assertEquals("user", token.getUserName()); Assert.assertEquals("user", token.getName()); Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType()); } finally { handler.destroy(); } }
private void _testUserName(boolean anonymous) throws Exception { PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); try { Properties props = new Properties(); props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous)); handler.init(props); HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Mockito.when(request.getQueryString()).thenReturn(PseudoAuthenticator.USER_NAME + "=" + "user"); AuthenticationToken token = handler.authenticate(request, response); Assert.assertNotNull(token); Assert.assertEquals("user", token.getUserName()); Assert.assertEquals("user", token.getName()); Assert.assertEquals(PseudoAuthenticationHandler.TYPE, token.getType()); } finally { handler.destroy(); } }
@Test(timeout=60000) public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); if (handler != null) { handler.destroy(); handler = null; } handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar"); try { handler.init(props); } catch (Exception ex) { handler = null; throw ex; } // Pretend we're something that will not match with "foo" (or "bar") Mockito.when(request.getHeader("User-Agent")).thenReturn("blah"); // Should use alt authentication AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
@Test(timeout=60000) public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); if (handler != null) { handler.destroy(); handler = null; } handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar"); try { handler.init(props); } catch (Exception ex) { handler = null; throw ex; } // Pretend we're something that will not match with "foo" (or "bar") Mockito.when(request.getHeader("User-Agent")).thenReturn("blah"); // Should use alt authentication AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
@Test(timeout=60000) public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); if (handler != null) { handler.destroy(); handler = null; } handler = getNewAuthenticationHandler(); Properties props = getDefaultProperties(); props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar"); try { handler.init(props); } catch (Exception ex) { handler = null; throw ex; } // Pretend we're something that will not match with "foo" (or "bar") Mockito.when(request.getHeader("User-Agent")).thenReturn("blah"); // Should use alt authentication AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals("A", token.getUserName()); Assert.assertEquals("B", token.getName()); Assert.assertEquals(getExpectedType(), token.getType()); }
@Test public void testGetters() throws Exception { long expires = System.currentTimeMillis() + 50; AuthenticationToken token = new AuthenticationToken("u", "p", "t"); token.setExpires(expires); Assert.assertEquals("u", token.getUserName()); Assert.assertEquals("p", token.getName()); Assert.assertEquals("t", token.getType()); Assert.assertEquals(expires, token.getExpires()); Assert.assertFalse(token.isExpired()); Thread.sleep(70); // +20 msec fuzz for timer granularity. Assert.assertTrue(token.isExpired()); }
@Test public void testToStringAndParse() throws Exception { long expires = System.currentTimeMillis() + 50; AuthenticationToken token = new AuthenticationToken("u", "p", "t"); token.setExpires(expires); String str = token.toString(); token = AuthenticationToken.parse(str); Assert.assertEquals("p", token.getName()); Assert.assertEquals("t", token.getType()); Assert.assertEquals(expires, token.getExpires()); Assert.assertFalse(token.isExpired()); Thread.sleep(70); // +20 msec fuzz for timer granularity. Assert.assertTrue(token.isExpired()); }
@Test public void testAnonymous() { Assert.assertNotNull(AuthenticationToken.ANONYMOUS); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getType()); Assert.assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires()); Assert.assertFalse(AuthenticationToken.ANONYMOUS.isExpired()); } }
@Test public void testAnonymous() { Assert.assertNotNull(AuthenticationToken.ANONYMOUS); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getType()); Assert.assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires()); Assert.assertFalse(AuthenticationToken.ANONYMOUS.isExpired()); } }
@Test public void testAnonymous() { Assert.assertNotNull(AuthenticationToken.ANONYMOUS); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getName()); Assert.assertEquals(null, AuthenticationToken.ANONYMOUS.getType()); Assert.assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires()); Assert.assertFalse(AuthenticationToken.ANONYMOUS.isExpired()); }