1 /* 2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25 2003/04/22 17:00:26 olegk Exp $ 3 * $Revision: 1.25 $ 4 * $Date: 2003/04/22 17:00:26 $ 5 * ==================================================================== 6 * 7 * The Apache Software License, Version 1.1 8 * 9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights 10 * reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in 21 * the documentation and/or other materials provided with the 22 * distribution. 23 * 24 * 3. The end-user documentation included with the redistribution, if 25 * any, must include the following acknowlegement: 26 * "This product includes software developed by the 27 * Apache Software Foundation (http://www.apache.org/)." 28 * Alternately, this acknowlegement may appear in the software itself, 29 * if and wherever such third-party acknowlegements normally appear. 30 * 31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software 32 * Foundation" must not be used to endorse or promote products derived 33 * from this software without prior written permission. For written 34 * permission, please contact apache@apache.org. 35 * 36 * 5. Products derived from this software may not be called "Apache" 37 * nor may "Apache" appear in their names without prior written 38 * permission of the Apache Group. 39 * 40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This software consists of voluntary contributions made by many 55 * individuals on behalf of the Apache Software Foundation. For more 56 * information on the Apache Software Foundation, please see 57 * <http://www.apache.org/>;. 58 * 59 * [Additional notices, if required by prior licensing conditions] 60 * 61 */ 62 63 package org.apache.commons.httpclient; 64 65 import junit.framework.Test; 66 import junit.framework.TestCase; 67 import junit.framework.TestSuite; 68 69 import java.util.Hashtable; 70 import java.util.StringTokenizer; 71 import org.apache.commons.httpclient.auth.*; 72 import org.apache.commons.httpclient.util.Base64; 73 74 /*** 75 * Unit tests for {@link Authenticator}. 76 * 77 * @author Rodney Waldhoff 78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a> 79 * @version $Id: TestAuthenticator.java,v 1.25 2003/04/22 17:00:26 olegk Exp $ 80 */ 81 public class TestAuthenticator extends TestCase { 82 83 // ------------------------------------------------------------ Constructor 84 public TestAuthenticator(String testName) { 85 super(testName); 86 } 87 88 // ------------------------------------------------------------------- Main 89 public static void main(String args[]) { 90 String[] testCaseName = { TestAuthenticator.class.getName() }; 91 junit.textui.TestRunner.main(testCaseName); 92 } 93 94 // ------------------------------------------------------- Utility Methods 95 96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception { 97 Hashtable table = new Hashtable(); 98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\""); 99 while(tokenizer.hasMoreTokens()){ 100 String key = null; 101 String value = null; 102 if(tokenizer.hasMoreTokens()) 103 key = tokenizer.nextToken(); 104 if(tokenizer.hasMoreTokens()) 105 value = tokenizer.nextToken(); 106 if(key != null && value != null){ 107 table.put(key.trim(),value.trim()); 108 } 109 } 110 String response = (String) table.get("response"); 111 table.put( "methodname", methodName ); 112 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table); 113 assertEquals(response, digest); 114 } 115 116 117 // ------------------------------------------------------- TestCase Methods 118 119 public static Test suite() { 120 return new TestSuite(TestAuthenticator.class); 121 } 122 123 124 // ---------------------------------- Test Methods for BasicScheme Authentication 125 126 public void testBasicAuthenticationWithNoCreds() { 127 String challenge = "Basic realm=\"realm1\""; 128 HttpState state = new HttpState(); 129 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 130 try { 131 AuthScheme authscheme = new BasicScheme(challenge); 132 HttpAuthenticator.authenticate(authscheme, method, null, state); 133 fail("Should have thrown HttpException"); 134 } catch(HttpException e) { 135 // expected 136 } 137 } 138 139 public void testBasicAuthenticationWithNoRealm() { 140 String challenge = "Basic"; 141 HttpState state = new HttpState(); 142 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 143 try { 144 AuthScheme authscheme = new BasicScheme(challenge); 145 HttpAuthenticator.authenticate(authscheme, method, null, state); 146 fail("Should have thrown HttpException"); 147 } catch(HttpException e) { 148 // expected 149 } 150 } 151 152 public void testBasicAuthenticationWithNoRealm2() { 153 String challenge = "Basic "; 154 HttpState state = new HttpState(); 155 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 156 try { 157 AuthScheme authscheme = new BasicScheme(challenge); 158 HttpAuthenticator.authenticate(authscheme, method, null, state); 159 fail("Should have thrown HttpException"); 160 } catch(HttpException e) { 161 // expected 162 } 163 } 164 165 public void testBasicAuthenticationWithNullHttpState() throws Exception { 166 String challenge = "Basic realm=\"realm1\""; 167 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 168 try { 169 AuthScheme authscheme = new BasicScheme(challenge); 170 HttpAuthenticator.authenticate(authscheme, method, null, null); 171 fail("Should have thrown IllegalArgumentException"); 172 } catch(IllegalArgumentException e) { 173 // expected 174 } 175 } 176 177 public void testInvalidAuthenticationScheme() throws Exception { 178 String challenge = "invalid realm=\"realm1\""; 179 try{ 180 HttpAuthenticator.selectAuthScheme( 181 new Header[] { new Header("WWW-Authenticate", challenge) }); 182 fail("Should have thrown UnsupportedOperationException"); 183 }catch (UnsupportedOperationException uoe){ 184 // expected 185 } 186 } 187 188 public void testBasicAuthenticationCaseInsensitivity() throws Exception { 189 String challenge = "bAsIc ReAlM=\"realm1\""; 190 HttpState state = new HttpState(); 191 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 192 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 193 AuthScheme authscheme = new BasicScheme(challenge); 194 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 195 assertTrue(null != method.getRequestHeader("Authorization")); 196 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 197 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 198 } 199 200 201 public void testBasicAuthenticationWithDefaultCreds() throws Exception { 202 HttpState state = new HttpState(); 203 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 204 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\"")); 205 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 206 assertTrue(null != method.getRequestHeader("Authorization")); 207 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 208 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 209 } 210 211 public void testBasicAuthentication() throws Exception { 212 String challenge = "Basic realm=\"realm\""; 213 HttpState state = new HttpState(); 214 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password")); 215 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 216 AuthScheme authscheme = new BasicScheme(challenge); 217 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 218 assertTrue(null != method.getRequestHeader("Authorization")); 219 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 220 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 221 } 222 223 224 public void testBasicAuthenticationWithMutlipleRealms() throws Exception { 225 String challenge1 = "Basic realm=\"realm1\""; 226 String challenge2 = "Basic realm=\"realm2\""; 227 HttpState state = new HttpState(); 228 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password")); 229 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2")); 230 AuthScheme authscheme1 = new BasicScheme(challenge1); 231 AuthScheme authscheme2 = new BasicScheme(challenge2); 232 { 233 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 234 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 235 assertTrue(null != method.getRequestHeader("Authorization")); 236 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 237 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 238 } 239 { 240 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2)); 241 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 242 assertTrue(null != method.getRequestHeader("Authorization")); 243 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2"))); 244 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 245 } 246 } 247 248 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception { 249 HttpState state = new HttpState(); 250 HttpMethod method = new SimpleHttpMethod(); 251 252 state.setAuthenticationPreemptive(true); 253 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state)); 254 assertTrue(null == method.getRequestHeader("Authorization")); 255 } 256 257 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception { 258 HttpState state = new HttpState(); 259 HttpMethod method = new SimpleHttpMethod(); 260 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 261 262 state.setAuthenticationPreemptive(true); 263 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 264 assertTrue(null != method.getRequestHeader("Authorization")); 265 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 266 assertEquals(expected, method.getRequestHeader("Authorization").getValue()); 267 } 268 269 // --------------------------------- Test Methods for DigestScheme Authentication 270 271 public void testDigestAuthenticationWithNoCreds() { 272 String challenge = "Digest realm=\"realm1\""; 273 HttpState state = new HttpState(); 274 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 275 try { 276 AuthScheme authscheme = new DigestScheme(challenge); 277 HttpAuthenticator.authenticate(authscheme, method, null, state); 278 fail("Should have thrown HttpException"); 279 } catch(HttpException e) { 280 // expected 281 } 282 } 283 284 public void testDigestAuthenticationWithNoRealm() { 285 String challenge = "Digest"; 286 HttpState state = new HttpState(); 287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 288 try { 289 AuthScheme authscheme = new DigestScheme(challenge); 290 HttpAuthenticator.authenticate(authscheme, method, null, state); 291 fail("Should have thrown HttpException"); 292 } catch(HttpException e) { 293 // expected 294 } 295 } 296 297 public void testDigestAuthenticationWithNoRealm2() { 298 String challenge = "Digest "; 299 HttpState state = new HttpState(); 300 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 301 try { 302 AuthScheme authscheme = new DigestScheme(challenge); 303 HttpAuthenticator.authenticate(authscheme, method, null, state); 304 fail("Should have thrown HttpException"); 305 } catch(HttpException e) { 306 // expected 307 } 308 } 309 310 public void testDigestAuthenticationWithNullHttpState() throws Exception { 311 String challenge = "Digest realm=\"realm1\""; 312 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 313 try { 314 AuthScheme authscheme = new DigestScheme(challenge); 315 HttpAuthenticator.authenticate(authscheme, method, null, null); 316 fail("Should have thrown IllegalArgumentException"); 317 } catch(IllegalArgumentException e) { 318 // expected 319 } 320 } 321 322 public void testDigestAuthenticationCaseInsensitivity() throws Exception { 323 String challenge = "dIgEsT ReAlM=\"realm1\""; 324 HttpState state = new HttpState(); 325 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 326 state.setCredentials(null, null, cred); 327 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 328 AuthScheme authscheme = new DigestScheme(challenge); 329 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 330 assertTrue(null != method.getRequestHeader("Authorization")); 331 } 332 333 334 public void testDigestAuthenticationWithDefaultCreds() throws Exception { 335 String challenge = "Digest realm=\"realm1\""; 336 HttpState state = new HttpState(); 337 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 338 state.setCredentials(null, null, cred); 339 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 340 AuthScheme authscheme = new DigestScheme(challenge); 341 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 342 assertTrue(null != method.getRequestHeader("Authorization")); 343 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 344 } 345 346 public void testDigestAuthentication() throws Exception { 347 String challenge = "Digest realm=\"realm1\""; 348 HttpState state = new HttpState(); 349 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 350 state.setCredentials(null, null, cred); 351 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 352 AuthScheme authscheme = new DigestScheme(challenge); 353 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 354 assertTrue(null != method.getRequestHeader("Authorization")); 355 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 356 } 357 358 public void testDigestAuthenticationWithMultipleRealms() throws Exception { 359 String challenge1 = "Digest realm=\"realm1\""; 360 String challenge2 = "Digest realm=\"realm2\""; 361 HttpState state = new HttpState(); 362 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 363 state.setCredentials("realm1", null, cred); 364 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2"); 365 state.setCredentials("realm2", null, cred2); 366 AuthScheme authscheme1 = new DigestScheme(challenge1); 367 AuthScheme authscheme2 = new DigestScheme(challenge2); 368 { 369 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 370 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 371 assertTrue(null != method.getRequestHeader("Authorization")); 372 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 373 } 374 { 375 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2)); 376 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 377 assertTrue(null != method.getRequestHeader("Authorization")); 378 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue()); 379 } 380 } 381 382 // --------------------------------- Test Methods for NTLM Authentication 383 384 public void testNTLMAuthenticationWithNoCreds() { 385 String challenge = "NTLM"; 386 HttpState state = new HttpState(); 387 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 388 method.addRequestHeader("Host", "host"); 389 try { 390 AuthScheme authscheme = new NTLMScheme(challenge); 391 HttpAuthenticator.authenticate(authscheme, method, null, state); 392 fail("Should have thrown HttpException"); 393 } catch(HttpException e) { 394 // expected 395 } 396 } 397 398 public void testNTLMAuthenticationWithNullHttpState() throws Exception { 399 String challenge = "NTLM"; 400 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 401 method.addRequestHeader("Host", "host"); 402 try { 403 AuthScheme authscheme = new NTLMScheme(challenge); 404 HttpAuthenticator.authenticate(authscheme, method, null, null); 405 fail("Should have thrown IllegalArgumentException"); 406 } catch(IllegalArgumentException e) { 407 // expected 408 } 409 } 410 411 public void testNTLMAuthenticationCaseInsensitivity() throws Exception { 412 String challenge = "nTlM"; 413 HttpState state = new HttpState(); 414 NTCredentials cred = new NTCredentials("username","password", "host", 415 "domain"); 416 state.setCredentials("host", null, cred); 417 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 418 method.addRequestHeader("Host", "host"); 419 AuthScheme authscheme = new NTLMScheme(challenge); 420 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 421 assertTrue(null != method.getRequestHeader("Authorization")); 422 } 423 424 public void testNTLMAuthenticationResponse1() throws Exception { 425 String challenge = "NTLM"; 426 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" + 427 "1NURE9NQUlO"; 428 HttpState state = new HttpState(); 429 NTCredentials cred = new NTCredentials("username","password", "host", 430 "domain"); 431 state.setCredentials("host", null, cred); 432 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 433 method.addRequestHeader("Host", "host"); 434 AuthScheme authscheme = new NTLMScheme(challenge); 435 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 436 assertTrue(null != method.getRequestHeader("Authorization")); 437 assertEquals(expected, 438 method.getRequestHeader("Authorization").getValue()); 439 } 440 441 public void testNTLMAuthenticationResponse2() throws Exception { 442 String challenge = 443 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 444 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 445 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 446 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 447 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 448 449 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 450 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 451 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 452 HttpState state = new HttpState(); 453 NTCredentials cred = new NTCredentials("username","password", "host", 454 "domain"); 455 state.setCredentials("host", null, cred); 456 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 457 method.addRequestHeader("Host", "host"); 458 AuthScheme authscheme = new NTLMScheme(challenge); 459 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 460 assertTrue(null != method.getRequestHeader("Authorization")); 461 assertEquals(expected, 462 method.getRequestHeader("Authorization").getValue()); 463 } 464 465 public void testNTLMAuthenticationWithDefaultCreds() throws Exception { 466 String challenge = 467 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 468 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 469 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 470 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 471 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 472 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 473 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 474 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 475 HttpState state = new HttpState(); 476 NTCredentials cred = new NTCredentials("username","password", "host", 477 "domain"); 478 state.setCredentials(null, null, cred); 479 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 480 method.addRequestHeader("Host", "host"); 481 AuthScheme authscheme = new NTLMScheme(challenge); 482 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 483 assertTrue(null != method.getRequestHeader("Authorization")); 484 assertEquals(expected, 485 method.getRequestHeader("Authorization").getValue()); 486 } 487 488 public void testNTLMAuthenticationRetry() throws Exception { 489 NTCredentials cred = new NTCredentials("username", "password", "host", "domain"); 490 HttpState state = new HttpState(); 491 state.setCredentials(null, null, cred); 492 HttpMethod method = new SimpleHttpMethod(); 493 SimpleHttpConnection conn = new SimpleHttpConnection(); 494 conn.addResponse( 495 "HTTP/1.1 401 Unauthorized\r\n" + 496 "WWW-Authenticate: NTLM\r\n" + 497 "Connection: close\r\n" + 498 "Server: HttpClient Test/2.0\r\n"); 499 conn.addResponse( 500 "HTTP/1.1 401 Unauthorized\r\n" + 501 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" + 502 "Connection: close\r\n" + 503 "Server: HttpClient Test/2.0\r\n"); 504 conn.addResponse( 505 "HTTP/1.1 200 OK\r\n" + 506 "Connection: close\r\n" + 507 "Server: HttpClient Test/2.0\r\n\r\n" + 508 "stuff\r\n"); 509 method.execute(state, conn); 510 assertNull(method.getResponseHeader("WWW-Authenticate")); 511 assertEquals(200, method.getStatusCode()); 512 } 513 514 /*** 515 * Test that the Unauthorized response is returned when doAuthentication is false. 516 */ 517 public void testDoAuthenticateFalse() throws Exception { 518 HttpState state = new HttpState(); 519 state.setCredentials(null, "Protected", 520 new UsernamePasswordCredentials("name", "pass")); 521 HttpMethod method = new SimpleHttpMethod(); 522 method.setDoAuthentication(false); 523 SimpleHttpConnection conn = new SimpleHttpConnection(); 524 conn.addResponse( 525 "HTTP/1.1 401 Unauthorized\r\n" + 526 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 527 "Connection: close\r\n" + 528 "Server: HttpClient Test/2.0\r\n"); 529 conn.addResponse( 530 "HTTP/1.1 200 OK\r\n" + 531 "Connection: close\r\n" + 532 "Server: HttpClient Test/2.0\r\n"); 533 method.execute(state, conn); 534 assertNotNull(method.getResponseHeader("WWW-Authenticate")); 535 assertNull(method.getRequestHeader("Authorization")); 536 assertEquals(401, method.getStatusCode()); 537 538 } 539 540 541 /*** 542 */ 543 public void testInvalidCredentials() throws Exception { 544 HttpState state = new HttpState(); 545 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass")); 546 HttpMethod method = new SimpleHttpMethod(); 547 method.setDoAuthentication(false); 548 SimpleHttpConnection conn = new SimpleHttpConnection(); 549 conn.addResponse( 550 "HTTP/1.1 401 Unauthorized\r\n" + 551 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 552 "Connection: close\r\n" + 553 "Server: HttpClient Test/2.0\r\n" 554 ); 555 method.execute(state, conn); 556 assertEquals(401, method.getStatusCode()); 557 } 558 559 560 // --------------------------------- Test Methods for Multiple Authentication 561 562 public void testMultipleChallengeBasic() throws Exception { 563 HttpState state = new HttpState(); 564 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 565 HttpMethod method = new SimpleHttpMethod(); 566 SimpleHttpConnection conn = new SimpleHttpConnection(); 567 conn.addResponse( 568 "HTTP/1.1 401 Unauthorized\r\n" + 569 "WWW-Authenticate: Unsupported\r\n" + 570 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 571 "Connection: close\r\n" + 572 "Server: HttpClient Test/2.0\r\n" 573 ); 574 conn.addResponse( 575 "HTTP/1.1 200 OK\r\n" + 576 "Connection: close\r\n" + 577 "Server: HttpClient Test/2.0\r\n" 578 ); 579 method.execute(state, conn); 580 Header authHeader = method.getRequestHeader("Authorization"); 581 assertNotNull(authHeader); 582 583 String authValue = authHeader.getValue(); 584 assertTrue(authValue.startsWith("Basic")); 585 } 586 587 public void testMultipleChallengeBasicLongRealm() throws Exception { 588 HttpState state = new HttpState(); 589 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass")); 590 HttpMethod method = new SimpleHttpMethod(); 591 SimpleHttpConnection conn = new SimpleHttpConnection(); 592 conn.addResponse( 593 "HTTP/1.1 401 Unauthorized\r\n" + 594 "WWW-Authenticate: Unsupported\r\n" + 595 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" + 596 "Connection: close\r\n" + 597 "Server: HttpClient Test/2.0\r\n" 598 ); 599 conn.addResponse( 600 "HTTP/1.1 200 OK\r\n" + 601 "Connection: close\r\n" + 602 "Server: HttpClient Test/2.0\r\n" 603 ); 604 method.execute(state, conn); 605 Header authHeader = method.getRequestHeader("Authorization"); 606 assertNotNull(authHeader); 607 608 String authValue = authHeader.getValue(); 609 assertTrue(authValue.startsWith("Basic")); 610 } 611 612 613 614 615 public void testMultipleChallengeDigest() throws Exception { 616 HttpState state = new HttpState(); 617 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 618 HttpMethod method = new SimpleHttpMethod(); 619 SimpleHttpConnection conn = new SimpleHttpConnection(); 620 conn.addResponse( 621 "HTTP/1.1 401 Unauthorized\r\n" + 622 "WWW-Authenticate: Unsupported\r\n" + 623 "WWW-Authenticate: Digest realm=\"Protected\"\r\n" + 624 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 625 "Connection: close\r\n" + 626 "Server: HttpClient Test/2.0\r\n" 627 ); 628 conn.addResponse( 629 "HTTP/1.1 200 OK\r\n" + 630 "Connection: close\r\n" + 631 "Server: HttpClient Test/2.0\r\n" 632 ); 633 method.execute(state, conn); 634 Header authHeader = method.getRequestHeader("Authorization"); 635 assertNotNull(authHeader); 636 637 String authValue = authHeader.getValue(); 638 assertTrue(authValue.startsWith("Digest")); 639 } 640 641 642 public void testMultipleProxyChallengeBasic() throws Exception { 643 HttpState state = new HttpState(); 644 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 645 HttpMethod method = new SimpleHttpMethod(); 646 SimpleHttpConnection conn = new SimpleHttpConnection(); 647 conn.addResponse( 648 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 649 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 650 "Proxy-Authenticate: Unsupported\r\n" + 651 "Connection: close\r\n" + 652 "Server: HttpClient Test/2.0\r\n" 653 ); 654 conn.addResponse( 655 "HTTP/1.1 200 OK\r\n" + 656 "Connection: close\r\n" + 657 "Server: HttpClient Test/2.0\r\n" 658 ); 659 method.execute(state, conn); 660 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 661 assertNotNull(authHeader); 662 663 String authValue = authHeader.getValue(); 664 assertTrue(authValue.startsWith("Basic")); 665 } 666 667 668 public void testMultipleProxyChallengeDigest() throws Exception { 669 HttpState state = new HttpState(); 670 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 671 HttpMethod method = new SimpleHttpMethod(); 672 SimpleHttpConnection conn = new SimpleHttpConnection(); 673 conn.addResponse( 674 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 675 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 676 "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" + 677 "Proxy-Authenticate: Unsupported\r\n" + 678 "Connection: close\r\n" + 679 "Server: HttpClient Test/2.0\r\n" 680 ); 681 conn.addResponse( 682 "HTTP/1.1 200 OK\r\n" + 683 "Connection: close\r\n" + 684 "Server: HttpClient Test/2.0\r\n" 685 ); 686 method.execute(state, conn); 687 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 688 assertNotNull(authHeader); 689 690 String authValue = authHeader.getValue(); 691 assertTrue(authValue.startsWith("Digest")); 692 } 693 694 695 // --------------------------------- Test Methods for Selecting Credentials 696 697 public void testDefaultCredentials() throws Exception { 698 HttpState state = new HttpState(); 699 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 700 state.setCredentials(null, null, expected); 701 Credentials got = state.getCredentials("realm", "host"); 702 assertEquals(got, expected); 703 } 704 705 public void testRealmCredentials() throws Exception { 706 HttpState state = new HttpState(); 707 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 708 state.setCredentials("realm", null, expected); 709 Credentials got = state.getCredentials("realm", "host"); 710 assertEquals(expected, got); 711 } 712 713 public void testHostCredentials() throws Exception { 714 HttpState state = new HttpState(); 715 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 716 state.setCredentials(null, "host", expected); 717 Credentials got = state.getCredentials("realm", "host"); 718 assertEquals(expected, got); 719 } 720 721 public void testBothCredentials() throws Exception { 722 HttpState state = new HttpState(); 723 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 724 state.setCredentials("realm", "host", expected); 725 Credentials got = state.getCredentials("realm", "host"); 726 assertEquals(expected, got); 727 } 728 729 public void testWrongHostCredentials() throws Exception { 730 HttpState state = new HttpState(); 731 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 732 state.setCredentials(null, "host1", expected); 733 Credentials got = state.getCredentials("realm", "host2"); 734 assertNotSame(expected, got); 735 } 736 737 public void testWrongRealmCredentials() throws Exception { 738 HttpState state = new HttpState(); 739 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 740 state.setCredentials("realm1", "host", cred); 741 Credentials got = state.getCredentials("realm2", "host"); 742 assertNotSame(cred, got); 743 } 744 745 public void testRealmSpoof() throws Exception { 746 HttpState state = new HttpState(); 747 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 748 state.setCredentials(null, "admin.apache.org", cred); 749 Credentials got = state.getCredentials("admin.apache.org", "myhost"); 750 assertNotSame(cred, got); 751 } 752 753 public void testRealmSpoof2() throws Exception { 754 HttpState state = new HttpState(); 755 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 756 state.setCredentials(null, "whatever", cred); 757 Credentials got = state.getCredentials("nullwhatever", null); 758 assertNotSame(cred, got); 759 } 760 }

This page was automatically generated by Maven