[tomee] 26/48: TOMEE-2365 - Additional tests to Basic Authentication.

Wed, 09 Jan 2019 09:26:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 0c8ec2b7204f5a44edee6b3efce6b4f5f16b37ef
Author: Roberto Cortez <[email protected]>
AuthorDate: Thu Dec 27 11:17:02 2018 +0000

    TOMEE-2365 - Additional tests to Basic Authentication.
---
 .../tomee/security/client/BasicAuthFilter.java     | 16 ++++++++----
 .../security/servlet/BasicAuthServletTest.java     | 30 ++++++++++++++++++++--
 .../src/test/resources/conf/tomcat-users.xml       |  1 +
 3 files changed, 40 insertions(+), 7 deletions(-)

diff --git 
a/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
 
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
index 16d6322..dad3b0f 100644
--- 
a/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
+++ 
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
@@ -24,12 +24,18 @@ import java.util.Base64;
 import static javax.ws.rs.core.HttpHeaders.AUTHORIZATION;
 
 public class BasicAuthFilter implements ClientRequestFilter {
-    @Override
-    public void filter(final ClientRequestContext requestContext) throws 
IOException {
-        requestContext.getHeaders().add(AUTHORIZATION, basicAuth("tomcat", 
"tomcat"));
+    private final String username;
+    private final String password;
+
+    public BasicAuthFilter(final String username, final String password) {
+        this.username = username;
+        this.password = password;
     }
 
-    private String basicAuth(final String username, final String password) {
-        return "Basic " + new String(Base64.getEncoder().encode((username + 
":" + password).getBytes()));
+    @Override
+    public void filter(final ClientRequestContext requestContext) throws 
IOException {
+        requestContext.getHeaders()
+                      .add(AUTHORIZATION,
+                           "Basic " + new 
String(Base64.getEncoder().encode((username + ":" + password).getBytes())));
     }
 }
diff --git 
a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java
 
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java
index e0fd2c6..e45e387 100644
--- 
a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java
+++ 
b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/BasicAuthServletTest.java
@@ -36,7 +36,7 @@ public class BasicAuthServletTest extends 
AbstractTomEESecurityTest {
     @Test
     public void authenticate() throws Exception {
         final String servlet = "http://localhost:"; + 
container.getConfiguration().getHttpPort() + "/basic";
-        assertEquals(200, ClientBuilder.newBuilder().register(new 
BasicAuthFilter()).build()
+        assertEquals(200, ClientBuilder.newBuilder().register(new 
BasicAuthFilter("tomcat", "tomcat")).build()
                                        .target(servlet)
                                        .request()
                                        .get().getStatus());
@@ -45,13 +45,39 @@ public class BasicAuthServletTest extends 
AbstractTomEESecurityTest {
     @Test
     public void missingAuthorizationHeader() throws Exception {
         final String servlet = "http://localhost:"; + 
container.getConfiguration().getHttpPort() + "/basic";
-
         assertEquals(401, ClientBuilder.newBuilder().build()
                                        .target(servlet)
                                        .request()
                                        .get().getStatus());
     }
 
+    @Test
+    public void noUser() throws Exception {
+        final String servlet = "http://localhost:"; + 
container.getConfiguration().getHttpPort() + "/basic";
+        assertEquals(401, ClientBuilder.newBuilder().register(new 
BasicAuthFilter("unknown", "tomcat")).build()
+                                       .target(servlet)
+                                       .request()
+                                       .get().getStatus());
+    }
+
+    @Test
+    public void wrongPassword() throws Exception {
+        final String servlet = "http://localhost:"; + 
container.getConfiguration().getHttpPort() + "/basic";
+        assertEquals(401, ClientBuilder.newBuilder().register(new 
BasicAuthFilter("tomcat", "wrong")).build()
+                                       .target(servlet)
+                                       .request()
+                                       .get().getStatus());
+    }
+
+    @Test
+    public void missingRole() throws Exception {
+        final String servlet = "http://localhost:"; + 
container.getConfiguration().getHttpPort() + "/basic";
+        assertEquals(403, ClientBuilder.newBuilder().register(new 
BasicAuthFilter("user", "user")).build()
+                                       .target(servlet)
+                                       .request()
+                                       .get().getStatus());
+    }
+
     @WebServlet(urlPatterns = "/basic")
     @ServletSecurity(@HttpConstraint(rolesAllowed = "tomcat"))
     @BasicAuthenticationMechanismDefinition
diff --git a/tomee/tomee-security/src/test/resources/conf/tomcat-users.xml 
b/tomee/tomee-security/src/test/resources/conf/tomcat-users.xml
index f7da309..d7de203 100644
--- a/tomee/tomee-security/src/test/resources/conf/tomcat-users.xml
+++ b/tomee/tomee-security/src/test/resources/conf/tomcat-users.xml
@@ -16,4 +16,5 @@
   -->
 <tomcat-users>
   <user name="tomcat" password="tomcat" roles="tomcat"/>
+  <user name="user" password="user" roles="user"/>
 </tomcat-users>

Reply via email to