This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit a6b99d9775d6788c7bc4c49efe1b20311fb077d5 Author: Roberto Cortez <[email protected]> AuthorDate: Mon Dec 24 18:18:04 2018 +0000 TOMEE-2365 - Basic Auth test. --- .../tomee/security/client/BasicAuthFilter.java | 35 ++++++++++++++++++++++ .../tomee/security/servlet/SimpleServletTest.java | 19 +++++++++--- 2 files changed, 50 insertions(+), 4 deletions(-) diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java new file mode 100644 index 0000000..16d6322 --- /dev/null +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomee.security.client; + +import javax.ws.rs.client.ClientRequestContext; +import javax.ws.rs.client.ClientRequestFilter; +import java.io.IOException; +import java.util.Base64; + +import static javax.ws.rs.core.HttpHeaders.AUTHORIZATION; + +public class BasicAuthFilter implements ClientRequestFilter { + @Override + public void filter(final ClientRequestContext requestContext) throws IOException { + requestContext.getHeaders().add(AUTHORIZATION, basicAuth("tomcat", "tomcat")); + } + + private String basicAuth(final String username, final String password) { + return "Basic " + new String(Base64.getEncoder().encode((username + ":" + password).getBytes())); + } +} diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java index e645971..2a70385 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java @@ -16,20 +16,25 @@ */ package org.apache.tomee.security.servlet; -import org.apache.openejb.loader.IO; import org.apache.openejb.loader.JarLocation; import org.apache.openejb.util.NetworkUtil; import org.apache.tomee.embedded.Configuration; import org.apache.tomee.embedded.Container; +import org.apache.tomee.security.client.BasicAuthFilter; import org.junit.Test; +import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition; import javax.servlet.ServletException; +import javax.servlet.annotation.HttpConstraint; +import javax.servlet.annotation.ServletSecurity; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.client.Client; +import javax.ws.rs.client.ClientBuilder; +import javax.ws.rs.core.Response; import java.io.IOException; -import java.net.URL; import static org.junit.Assert.assertEquals; @@ -45,12 +50,18 @@ public class SimpleServletTest { JarLocation.jarLocation(SimpleServletTest.class), JarLocation.jarLocation(TomEESecurityServletContainerInitializer.class))) { - assertEquals("ok!", IO.slurp( - new URL("http://localhost:"; + container.getConfiguration().getHttpPort() + "/servlet"))); + final Client client = ClientBuilder.newBuilder().register(new BasicAuthFilter()).build(); + final Response response = + client.target("http://localhost:"; + container.getConfiguration().getHttpPort() + "/servlet") + .request() + .get(); + assertEquals(200, response.getStatus()); } } @WebServlet(urlPatterns = "/servlet") + @ServletSecurity(@HttpConstraint(rolesAllowed = "role")) + @BasicAuthenticationMechanismDefinition public static class TestServlet extends HttpServlet { @Override protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
