changelog.xml

markt Sun, 03 Jun 2012 09:47:49 -0700

Author: markt
Date: Sun Jun  3 16:47:16 2012
New Revision: 1345708

URL: http://svn.apache.org/viewvc?rev=1345708&view=rev
Log:
Extend test cases for BASIC auth and RFC2617 compliance.
Patch provided by Brian Burch.


Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1345704

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java?rev=1345708&r1=1345707&r2=1345708&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 Sun Jun  3 16:47:16 2012
@@ -93,7 +93,7 @@ public class TestNonLoginAndBasicAuthent
     @Test
     public void testAcceptPublicBasic() throws Exception {
         doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PUBLIC,
-                false, 200, false, 200);
+                false, false, 200, false, 200);
     }
 
     /*
@@ -104,7 +104,19 @@ public class TestNonLoginAndBasicAuthent
     @Test
     public void testAcceptProtectedBasic() throws Exception {
         doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED,
-                true, 401, false, 200);
+                false, true, 401, false, 200);
+    }
+
+    /*
+     * Try to access a protected resource in a webapp that
+     * has a BASIC login method defined. Verify the server is
+     * prepared to accept non-standard case for the auth scheme.
+     * The access should be challenged, authenticated and then permitted.
+     */
+    @Test
+    public void testAuthMethodCaseBasic() throws Exception {
+        doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED,
+                true, true, 401, false, 200);
     }
 
     /*
@@ -117,11 +129,11 @@ public class TestNonLoginAndBasicAuthent
     @Test
     public void testBasicLoginSessionTimeout() throws Exception {
         doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED,
-                true, 401, false, 200);
+                false, true, 401, false, 200);
         // wait long enough for the session above to expire
         Thread.sleep(LONG_TIMEOUT_DELAY_MSECS);
         doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED,
-                true, 401, false, 200);
+                false, true, 401, false, 200);
     }
 
     /*
@@ -134,7 +146,7 @@ public class TestNonLoginAndBasicAuthent
     @Test
     public void testBasicLoginRejectProtected() throws Exception {
         doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED,
-                true, 401, false, 200);
+                false, true, 401, false, 200);
         doTestNonLogin(CONTEXT_PATH_NOLOGIN + URI_PROTECTED,
                 true, 403);
     }
@@ -163,6 +175,7 @@ public class TestNonLoginAndBasicAuthent
     }
 
     private void doTestBasic(String user, String pwd, String uri,
+            boolean verifyAuthSchemeCase,
             boolean expectedReject1, int expectedRC1,
             boolean expectedReject2, int expectedRC2) throws Exception {
 
@@ -190,7 +203,8 @@ public class TestNonLoginAndBasicAuthent
         String credentials = user + ":" + pwd;
         byte[] credentialsBytes = ByteChunk.convertToBytes(credentials);
         String base64auth = Base64.encode(credentialsBytes);
-        String authLine = "Basic " + base64auth;
+        String authScheme = verifyAuthSchemeCase ? "bAsIc " : "Basic ";
+        String authLine = authScheme + base64auth;
 
         List<String> auth = new ArrayList<String>();
         auth.add(authLine);

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1345708&r1=1345707&r2=1345708&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jun  3 16:47:16 2012
@@ -60,6 +60,10 @@
         <bug>52055</bug>: An additional fix to ensure that the
         ChunkedInputFilter is correctly recycled. (markt)
       </fix>
+      <add>
+        <bug>53008</bug>: Additional test cases for BASIC authentication and
+        RFC2617 compliance. Patch provided by Brian Burch. (markt)
+      </add>
       <fix>
         <bug>53021</bug>: Correct WebSocket protocol version detection. (pero)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1345708 - in /tomcat/tc7.0.x/trunk: ./ test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java webapps/docs/changelog.xml

Reply via email to