1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29 package org.apache.commons.httpclient.auth;
30
31 import java.io.IOException;
32
33 import junit.framework.Test;
34 import junit.framework.TestSuite;
35
36 import org.apache.commons.codec.binary.Base64;
37 import org.apache.commons.httpclient.EchoService;
38 import org.apache.commons.httpclient.FeedbackService;
39 import org.apache.commons.httpclient.Header;
40 import org.apache.commons.httpclient.HttpClientTestBase;
41 import org.apache.commons.httpclient.HttpState;
42 import org.apache.commons.httpclient.HttpStatus;
43 import org.apache.commons.httpclient.ProxyTestDecorator;
44 import org.apache.commons.httpclient.UsernamePasswordCredentials;
45 import org.apache.commons.httpclient.methods.GetMethod;
46 import org.apache.commons.httpclient.methods.HeadMethod;
47 import org.apache.commons.httpclient.methods.PostMethod;
48 import org.apache.commons.httpclient.methods.PutMethod;
49 import org.apache.commons.httpclient.methods.StringRequestEntity;
50 import org.apache.commons.httpclient.server.AuthRequestHandler;
51 import org.apache.commons.httpclient.server.HttpRequestHandlerChain;
52 import org.apache.commons.httpclient.server.HttpServiceHandler;
53 import org.apache.commons.httpclient.util.EncodingUtil;
54
55 /***
56 * Basic authentication test cases.
57 *
58 * @author Oleg Kalnichevski
59 *
60 * @version $Id: TestBasicAuth.java 290260 2005-09-19 20:37:48Z olegk $
61 */
62 public class TestBasicAuth extends HttpClientTestBase {
63
64
65 public TestBasicAuth(final String testName) throws IOException {
66 super(testName);
67 }
68
69
70 public static void main(String args[]) {
71 String[] testCaseName = { TestBasicAuth.class.getName() };
72 junit.textui.TestRunner.main(testCaseName);
73 }
74
75
76
77 public static Test suite() {
78 TestSuite suite = new TestSuite(TestBasicAuth.class);
79 ProxyTestDecorator.addTests(suite);
80 return suite;
81 }
82
83 public void testBasicAuthenticationWithNoCreds() throws IOException {
84
85 UsernamePasswordCredentials creds =
86 new UsernamePasswordCredentials("testuser", "testpass");
87
88 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
89 handlerchain.appendHandler(new AuthRequestHandler(creds));
90 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
91
92 this.server.setRequestHandler(handlerchain);
93 GetMethod httpget = new GetMethod("/test/");
94 try {
95 this.client.executeMethod(httpget);
96 assertNotNull(httpget.getStatusLine());
97 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
98 AuthState authstate = httpget.getHostAuthState();
99 assertNotNull(authstate.getAuthScheme());
100 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
101 assertEquals("test", authstate.getRealm());
102 } finally {
103 httpget.releaseConnection();
104 }
105 }
106
107 public void testBasicAuthenticationWithNoCredsRetry() throws IOException {
108 UsernamePasswordCredentials creds =
109 new UsernamePasswordCredentials("testuser", "testpass");
110
111 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
112 handlerchain.appendHandler(new AuthRequestHandler(creds));
113 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
114
115 this.server.setRequestHandler(handlerchain);
116
117 GetMethod httpget = new GetMethod("/test/");
118 try {
119 this.client.executeMethod(httpget);
120 assertNotNull(httpget.getStatusLine());
121 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
122 AuthState authstate = httpget.getHostAuthState();
123 assertNotNull(authstate.getAuthScheme());
124 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
125 assertEquals("test", authstate.getRealm());
126 } finally {
127 httpget.releaseConnection();
128 }
129
130 httpget = new GetMethod("/test/");
131 try {
132 this.client.getState().setCredentials(AuthScope.ANY, creds);
133 this.client.executeMethod(httpget);
134 assertNotNull(httpget.getStatusLine());
135 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
136 } finally {
137 httpget.releaseConnection();
138 }
139 }
140
141 public void testBasicAuthenticationWithNoRealm() {
142 String challenge = "Basic";
143 try {
144 AuthScheme authscheme = new BasicScheme();
145 authscheme.processChallenge(challenge);
146 fail("Should have thrown MalformedChallengeException");
147 } catch(MalformedChallengeException e) {
148
149 }
150 }
151
152 public void testBasicAuthenticationWith88591Chars() throws Exception {
153 int[] germanChars = { 0xE4, 0x2D, 0xF6, 0x2D, 0xFc };
154 StringBuffer buffer = new StringBuffer();
155 for (int i = 0; i < germanChars.length; i++) {
156 buffer.append((char)germanChars[i]);
157 }
158
159 UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("dh", buffer.toString());
160 assertEquals("Basic ZGg65C32Lfw=",
161 BasicScheme.authenticate(credentials, "ISO-8859-1"));
162 }
163
164 public void testBasicAuthenticationWithDefaultCreds() throws Exception {
165 UsernamePasswordCredentials creds =
166 new UsernamePasswordCredentials("testuser", "testpass");
167
168 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
169 handlerchain.appendHandler(new AuthRequestHandler(creds));
170 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
171
172 HttpState state = new HttpState();
173 state.setCredentials(AuthScope.ANY, creds);
174 this.client.setState(state);
175
176 this.server.setRequestHandler(handlerchain);
177
178 GetMethod httpget = new GetMethod("/test/");
179 try {
180 this.client.executeMethod(httpget);
181 } finally {
182 httpget.releaseConnection();
183 }
184 assertNotNull(httpget.getStatusLine());
185 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
186 Header auth = httpget.getRequestHeader("Authorization");
187 assertNotNull(auth);
188 String expected = "Basic " + EncodingUtil.getAsciiString(
189 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
190 assertEquals(expected, auth.getValue());
191 AuthState authstate = httpget.getHostAuthState();
192 assertNotNull(authstate.getAuthScheme());
193 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
194 assertEquals("test", authstate.getRealm());
195 }
196
197 public void testBasicAuthentication() throws Exception {
198 UsernamePasswordCredentials creds =
199 new UsernamePasswordCredentials("testuser", "testpass");
200
201 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
202 handlerchain.appendHandler(new AuthRequestHandler(creds));
203 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
204
205 HttpState state = new HttpState();
206 AuthScope authscope = new AuthScope(
207 this.server.getLocalAddress(),
208 this.server.getLocalPort(),
209 "test");
210 state.setCredentials(authscope, creds);
211 this.client.setState(state);
212
213 this.server.setRequestHandler(handlerchain);
214
215 GetMethod httpget = new GetMethod("/test/");
216 try {
217 this.client.executeMethod(httpget);
218 } finally {
219 httpget.releaseConnection();
220 }
221 assertNotNull(httpget.getStatusLine());
222 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
223 Header auth = httpget.getRequestHeader("Authorization");
224 assertNotNull(auth);
225 String expected = "Basic " + EncodingUtil.getAsciiString(
226 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
227 assertEquals(expected, auth.getValue());
228 AuthState authstate = httpget.getHostAuthState();
229 assertNotNull(authstate.getAuthScheme());
230 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
231 assertEquals("test", authstate.getRealm());
232 }
233
234 public void testBasicAuthenticationWithInvalidCredentials() throws Exception {
235 UsernamePasswordCredentials creds =
236 new UsernamePasswordCredentials("testuser", "testpass");
237
238 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
239 handlerchain.appendHandler(new AuthRequestHandler(creds));
240 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
241
242 HttpState state = new HttpState();
243 AuthScope authscope = new AuthScope(
244 this.server.getLocalAddress(),
245 this.server.getLocalPort(),
246 "test");
247 state.setCredentials(authscope, new UsernamePasswordCredentials("test", "stuff"));
248 this.client.setState(state);
249
250 this.server.setRequestHandler(handlerchain);
251
252 GetMethod httpget = new GetMethod("/test/");
253 try {
254 this.client.executeMethod(httpget);
255 } finally {
256 httpget.releaseConnection();
257 }
258 assertNotNull(httpget.getStatusLine());
259 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
260 AuthState authstate = httpget.getHostAuthState();
261 assertNotNull(authstate.getAuthScheme());
262 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
263 assertEquals("test", authstate.getRealm());
264 }
265
266 public void testBasicAuthenticationWithMutlipleRealms1() throws Exception {
267 UsernamePasswordCredentials creds =
268 new UsernamePasswordCredentials("testuser", "testpass");
269
270 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
271 handlerchain.appendHandler(new AuthRequestHandler(creds));
272 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
273
274 HttpState state = new HttpState();
275 AuthScope realm1 = new AuthScope(
276 this.server.getLocalAddress(),
277 this.server.getLocalPort(),
278 "test");
279 AuthScope realm2 = new AuthScope(
280 this.server.getLocalAddress(),
281 this.server.getLocalPort(),
282 "test2");
283 state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass"));
284 state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2"));
285 this.client.setState(state);
286
287 this.server.setRequestHandler(handlerchain);
288
289 GetMethod httpget = new GetMethod("/test/");
290 try {
291 this.client.executeMethod(httpget);
292 } finally {
293 httpget.releaseConnection();
294 }
295 assertNotNull(httpget.getStatusLine());
296 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
297 Header auth = httpget.getRequestHeader("Authorization");
298 assertNotNull(auth);
299 String expected = "Basic " + EncodingUtil.getAsciiString(
300 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
301 assertEquals(expected, auth.getValue());
302 AuthState authstate = httpget.getHostAuthState();
303 assertNotNull(authstate.getAuthScheme());
304 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
305 assertEquals("test", authstate.getRealm());
306 }
307
308 public void testBasicAuthenticationWithMutlipleRealms2() throws Exception {
309 UsernamePasswordCredentials creds =
310 new UsernamePasswordCredentials("testuser2", "testpass2");
311
312 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
313 handlerchain.appendHandler(new AuthRequestHandler(creds, "test2"));
314 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
315
316 HttpState state = new HttpState();
317 AuthScope realm1 = new AuthScope(
318 this.server.getLocalAddress(),
319 this.server.getLocalPort(),
320 "test");
321 AuthScope realm2 = new AuthScope(
322 this.server.getLocalAddress(),
323 this.server.getLocalPort(),
324 "test2");
325 state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass"));
326 state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2"));
327 this.client.setState(state);
328
329 this.server.setRequestHandler(handlerchain);
330
331 GetMethod httpget = new GetMethod("/test2/");
332 try {
333 this.client.executeMethod(httpget);
334 } finally {
335 httpget.releaseConnection();
336 }
337 assertNotNull(httpget.getStatusLine());
338 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
339 Header auth = httpget.getRequestHeader("Authorization");
340 assertNotNull(auth);
341 String expected = "Basic " + EncodingUtil.getAsciiString(
342 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser2:testpass2")));
343 assertEquals(expected, auth.getValue());
344 AuthState authstate = httpget.getHostAuthState();
345 assertNotNull(authstate.getAuthScheme());
346 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
347 assertEquals("test2", authstate.getRealm());
348 }
349
350 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
351 UsernamePasswordCredentials creds =
352 new UsernamePasswordCredentials("testuser", "testpass");
353
354 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
355 handlerchain.appendHandler(new AuthRequestHandler(creds));
356 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
357
358 HttpState state = new HttpState();
359 state.setCredentials(AuthScope.ANY, creds);
360 this.client.setState(state);
361 this.client.getParams().setAuthenticationPreemptive(true);
362
363 this.server.setRequestHandler(handlerchain);
364
365 GetMethod httpget = new GetMethod("/test/");
366 try {
367 this.client.executeMethod(httpget);
368 } finally {
369 httpget.releaseConnection();
370 }
371 assertNotNull(httpget.getStatusLine());
372 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
373 Header auth = httpget.getRequestHeader("Authorization");
374 assertNotNull(auth);
375 String expected = "Basic " + EncodingUtil.getAsciiString(
376 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
377 assertEquals(expected, auth.getValue());
378 AuthState authstate = httpget.getHostAuthState();
379 assertNotNull(authstate.getAuthScheme());
380 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
381 assertNull(authstate.getRealm());
382 assertTrue(authstate.isPreemptive());
383 }
384
385 public void testPreemptiveAuthorizationTrueWithoutCreds() throws Exception {
386 UsernamePasswordCredentials creds =
387 new UsernamePasswordCredentials("testuser", "testpass");
388
389 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
390 handlerchain.appendHandler(new AuthRequestHandler(creds));
391 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
392
393 HttpState state = new HttpState();
394 this.client.setState(state);
395 this.client.getParams().setAuthenticationPreemptive(true);
396
397 this.server.setRequestHandler(handlerchain);
398
399 GetMethod httpget = new GetMethod("/test/");
400 try {
401 this.client.executeMethod(httpget);
402 } finally {
403 httpget.releaseConnection();
404 }
405 assertNotNull(httpget.getStatusLine());
406 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
407 Header auth = httpget.getRequestHeader("Authorization");
408 assertNull(auth);
409 AuthState authstate = httpget.getHostAuthState();
410 assertNotNull(authstate.getAuthScheme());
411 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
412 assertNotNull(authstate.getRealm());
413 assertTrue(authstate.isPreemptive());
414 }
415
416 public void testCustomAuthorizationHeader() throws Exception {
417 UsernamePasswordCredentials creds =
418 new UsernamePasswordCredentials("testuser", "testpass");
419
420 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
421 handlerchain.appendHandler(new AuthRequestHandler(creds));
422 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
423
424 this.server.setRequestHandler(handlerchain);
425
426 GetMethod httpget = new GetMethod("/test/");
427 String authResponse = "Basic " + EncodingUtil.getAsciiString(
428 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
429 httpget.addRequestHeader(new Header("Authorization", authResponse));
430 try {
431 this.client.executeMethod(httpget);
432 } finally {
433 httpget.releaseConnection();
434 }
435 assertNotNull(httpget.getStatusLine());
436 assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
437 }
438
439 public void testHeadBasicAuthentication() throws Exception {
440 UsernamePasswordCredentials creds =
441 new UsernamePasswordCredentials("testuser", "testpass");
442
443 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
444 handlerchain.appendHandler(new AuthRequestHandler(creds));
445 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
446
447 HttpState state = new HttpState();
448 AuthScope authscope = new AuthScope(
449 this.server.getLocalAddress(),
450 this.server.getLocalPort(),
451 "test");
452 state.setCredentials(authscope, creds);
453 this.client.setState(state);
454
455 this.server.setRequestHandler(handlerchain);
456
457 HeadMethod head = new HeadMethod("/test/");
458 try {
459 this.client.executeMethod(head);
460 } finally {
461 head.releaseConnection();
462 }
463 assertNotNull(head.getStatusLine());
464 assertEquals(HttpStatus.SC_OK, head.getStatusLine().getStatusCode());
465 Header auth = head.getRequestHeader("Authorization");
466 assertNotNull(auth);
467 String expected = "Basic " + EncodingUtil.getAsciiString(
468 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
469 assertEquals(expected, auth.getValue());
470 AuthState authstate = head.getHostAuthState();
471 assertNotNull(authstate.getAuthScheme());
472 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
473 assertEquals("test", authstate.getRealm());
474 }
475
476 public void testPostBasicAuthentication() throws Exception {
477 UsernamePasswordCredentials creds =
478 new UsernamePasswordCredentials("testuser", "testpass");
479
480 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
481 handlerchain.appendHandler(new AuthRequestHandler(creds));
482 handlerchain.appendHandler(new HttpServiceHandler(new EchoService()));
483
484 HttpState state = new HttpState();
485 AuthScope authscope = new AuthScope(
486 this.server.getLocalAddress(),
487 this.server.getLocalPort(),
488 "test");
489 state.setCredentials(authscope, creds);
490 this.client.setState(state);
491
492 this.server.setRequestHandler(handlerchain);
493
494 PostMethod post = new PostMethod("/test/");
495 post.setRequestEntity(new StringRequestEntity("Test body"));
496 try {
497 this.client.executeMethod(post);
498 assertEquals("Test body", post.getResponseBodyAsString());
499 } finally {
500 post.releaseConnection();
501 }
502 assertNotNull(post.getStatusLine());
503 assertEquals(HttpStatus.SC_OK, post.getStatusLine().getStatusCode());
504 Header auth = post.getRequestHeader("Authorization");
505 assertNotNull(auth);
506 String expected = "Basic " + EncodingUtil.getAsciiString(
507 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
508 assertEquals(expected, auth.getValue());
509 AuthState authstate = post.getHostAuthState();
510 assertNotNull(authstate.getAuthScheme());
511 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
512 assertEquals("test", authstate.getRealm());
513 }
514
515 public void testPutBasicAuthentication() throws Exception {
516 UsernamePasswordCredentials creds =
517 new UsernamePasswordCredentials("testuser", "testpass");
518
519 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
520 handlerchain.appendHandler(new AuthRequestHandler(creds));
521 handlerchain.appendHandler(new HttpServiceHandler(new EchoService()));
522
523 HttpState state = new HttpState();
524 AuthScope authscope = new AuthScope(
525 this.server.getLocalAddress(),
526 this.server.getLocalPort(),
527 "test");
528 state.setCredentials(authscope, creds);
529 this.client.setState(state);
530
531 this.server.setRequestHandler(handlerchain);
532
533 PutMethod put = new PutMethod("/test/");
534 put.setRequestEntity(new StringRequestEntity("Test body"));
535 try {
536 this.client.executeMethod(put);
537 assertEquals("Test body", put.getResponseBodyAsString());
538 } finally {
539 put.releaseConnection();
540 }
541 assertNotNull(put.getStatusLine());
542 assertEquals(HttpStatus.SC_OK, put.getStatusLine().getStatusCode());
543 Header auth = put.getRequestHeader("Authorization");
544 assertNotNull(auth);
545 String expected = "Basic " + EncodingUtil.getAsciiString(
546 Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
547 assertEquals(expected, auth.getValue());
548 AuthState authstate = put.getHostAuthState();
549 assertNotNull(authstate.getAuthScheme());
550 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
551 assertEquals("test", authstate.getRealm());
552 }
553
554 public void testPreemptiveAuthorizationFailure() throws Exception {
555 UsernamePasswordCredentials creds =
556 new UsernamePasswordCredentials("testuser", "testpass");
557 UsernamePasswordCredentials wrongcreds =
558 new UsernamePasswordCredentials("testuser", "garbage");
559
560 HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
561 handlerchain.appendHandler(new AuthRequestHandler(creds));
562 handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
563
564 HttpState state = new HttpState();
565 state.setCredentials(AuthScope.ANY, wrongcreds);
566 this.client.setState(state);
567 this.client.getParams().setAuthenticationPreemptive(true);
568
569 this.server.setRequestHandler(handlerchain);
570
571 GetMethod httpget = new GetMethod("/test/");
572 try {
573 this.client.executeMethod(httpget);
574 } finally {
575 httpget.releaseConnection();
576 }
577 assertNotNull(httpget.getStatusLine());
578 assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
579 AuthState authstate = httpget.getHostAuthState();
580 assertNotNull(authstate.getAuthScheme());
581 assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
582 assertEquals("test", authstate.getRealm());
583 assertTrue(authstate.isPreemptive());
584 }
585
586 }