1 /*
2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25 2003/04/22 17:00:26 olegk Exp $
3 * $Revision: 1.25 $
4 * $Date: 2003/04/22 17:00:26 $
5 * ====================================================================
6 *
7 * The Apache Software License, Version 1.1
8 *
9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights
10 * reserved.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 *
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 *
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in
21 * the documentation and/or other materials provided with the
22 * distribution.
23 *
24 * 3. The end-user documentation included with the redistribution, if
25 * any, must include the following acknowlegement:
26 * "This product includes software developed by the
27 * Apache Software Foundation (http://www.apache.org/)."
28 * Alternately, this acknowlegement may appear in the software itself,
29 * if and wherever such third-party acknowlegements normally appear.
30 *
31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
32 * Foundation" must not be used to endorse or promote products derived
33 * from this software without prior written permission. For written
34 * permission, please contact apache@apache.org.
35 *
36 * 5. Products derived from this software may not be called "Apache"
37 * nor may "Apache" appear in their names without prior written
38 * permission of the Apache Group.
39 *
40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This software consists of voluntary contributions made by many
55 * individuals on behalf of the Apache Software Foundation. For more
56 * information on the Apache Software Foundation, please see
57 * <http://www.apache.org/>.
58 *
59 * [Additional notices, if required by prior licensing conditions]
60 *
61 */
62
63 package org.apache.commons.httpclient;
64
65 import junit.framework.Test;
66 import junit.framework.TestCase;
67 import junit.framework.TestSuite;
68
69 import java.util.Hashtable;
70 import java.util.StringTokenizer;
71 import org.apache.commons.httpclient.auth.*;
72 import org.apache.commons.httpclient.util.Base64;
73
74 /***
75 * Unit tests for {@link Authenticator}.
76 *
77 * @author Rodney Waldhoff
78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a>
79 * @version $Id: TestAuthenticator.java,v 1.25 2003/04/22 17:00:26 olegk Exp $
80 */
81 public class TestAuthenticator extends TestCase {
82
83 // ------------------------------------------------------------ Constructor
84 public TestAuthenticator(String testName) {
85 super(testName);
86 }
87
88 // ------------------------------------------------------------------- Main
89 public static void main(String args[]) {
90 String[] testCaseName = { TestAuthenticator.class.getName() };
91 junit.textui.TestRunner.main(testCaseName);
92 }
93
94 // ------------------------------------------------------- Utility Methods
95
96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception {
97 Hashtable table = new Hashtable();
98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\"");
99 while(tokenizer.hasMoreTokens()){
100 String key = null;
101 String value = null;
102 if(tokenizer.hasMoreTokens())
103 key = tokenizer.nextToken();
104 if(tokenizer.hasMoreTokens())
105 value = tokenizer.nextToken();
106 if(key != null && value != null){
107 table.put(key.trim(),value.trim());
108 }
109 }
110 String response = (String) table.get("response");
111 table.put( "methodname", methodName );
112 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table);
113 assertEquals(response, digest);
114 }
115
116
117 // ------------------------------------------------------- TestCase Methods
118
119 public static Test suite() {
120 return new TestSuite(TestAuthenticator.class);
121 }
122
123
124 // ---------------------------------- Test Methods for BasicScheme Authentication
125
126 public void testBasicAuthenticationWithNoCreds() {
127 String challenge = "Basic realm=\"realm1\"";
128 HttpState state = new HttpState();
129 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
130 try {
131 AuthScheme authscheme = new BasicScheme(challenge);
132 HttpAuthenticator.authenticate(authscheme, method, null, state);
133 fail("Should have thrown HttpException");
134 } catch(HttpException e) {
135 // expected
136 }
137 }
138
139 public void testBasicAuthenticationWithNoRealm() {
140 String challenge = "Basic";
141 HttpState state = new HttpState();
142 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
143 try {
144 AuthScheme authscheme = new BasicScheme(challenge);
145 HttpAuthenticator.authenticate(authscheme, method, null, state);
146 fail("Should have thrown HttpException");
147 } catch(HttpException e) {
148 // expected
149 }
150 }
151
152 public void testBasicAuthenticationWithNoRealm2() {
153 String challenge = "Basic ";
154 HttpState state = new HttpState();
155 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
156 try {
157 AuthScheme authscheme = new BasicScheme(challenge);
158 HttpAuthenticator.authenticate(authscheme, method, null, state);
159 fail("Should have thrown HttpException");
160 } catch(HttpException e) {
161 // expected
162 }
163 }
164
165 public void testBasicAuthenticationWithNullHttpState() throws Exception {
166 String challenge = "Basic realm=\"realm1\"";
167 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
168 try {
169 AuthScheme authscheme = new BasicScheme(challenge);
170 HttpAuthenticator.authenticate(authscheme, method, null, null);
171 fail("Should have thrown IllegalArgumentException");
172 } catch(IllegalArgumentException e) {
173 // expected
174 }
175 }
176
177 public void testInvalidAuthenticationScheme() throws Exception {
178 String challenge = "invalid realm=\"realm1\"";
179 try{
180 HttpAuthenticator.selectAuthScheme(
181 new Header[] { new Header("WWW-Authenticate", challenge) });
182 fail("Should have thrown UnsupportedOperationException");
183 }catch (UnsupportedOperationException uoe){
184 // expected
185 }
186 }
187
188 public void testBasicAuthenticationCaseInsensitivity() throws Exception {
189 String challenge = "bAsIc ReAlM=\"realm1\"";
190 HttpState state = new HttpState();
191 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
192 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
193 AuthScheme authscheme = new BasicScheme(challenge);
194 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
195 assertTrue(null != method.getRequestHeader("Authorization"));
196 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
197 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
198 }
199
200
201 public void testBasicAuthenticationWithDefaultCreds() throws Exception {
202 HttpState state = new HttpState();
203 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
204 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\""));
205 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
206 assertTrue(null != method.getRequestHeader("Authorization"));
207 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
208 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
209 }
210
211 public void testBasicAuthentication() throws Exception {
212 String challenge = "Basic realm=\"realm\"";
213 HttpState state = new HttpState();
214 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password"));
215 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
216 AuthScheme authscheme = new BasicScheme(challenge);
217 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
218 assertTrue(null != method.getRequestHeader("Authorization"));
219 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
220 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
221 }
222
223
224 public void testBasicAuthenticationWithMutlipleRealms() throws Exception {
225 String challenge1 = "Basic realm=\"realm1\"";
226 String challenge2 = "Basic realm=\"realm2\"";
227 HttpState state = new HttpState();
228 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password"));
229 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2"));
230 AuthScheme authscheme1 = new BasicScheme(challenge1);
231 AuthScheme authscheme2 = new BasicScheme(challenge2);
232 {
233 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
234 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
235 assertTrue(null != method.getRequestHeader("Authorization"));
236 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
237 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
238 }
239 {
240 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2));
241 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
242 assertTrue(null != method.getRequestHeader("Authorization"));
243 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2")));
244 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
245 }
246 }
247
248 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception {
249 HttpState state = new HttpState();
250 HttpMethod method = new SimpleHttpMethod();
251
252 state.setAuthenticationPreemptive(true);
253 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state));
254 assertTrue(null == method.getRequestHeader("Authorization"));
255 }
256
257 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
258 HttpState state = new HttpState();
259 HttpMethod method = new SimpleHttpMethod();
260 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
261
262 state.setAuthenticationPreemptive(true);
263 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
264 assertTrue(null != method.getRequestHeader("Authorization"));
265 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
266 assertEquals(expected, method.getRequestHeader("Authorization").getValue());
267 }
268
269 // --------------------------------- Test Methods for DigestScheme Authentication
270
271 public void testDigestAuthenticationWithNoCreds() {
272 String challenge = "Digest realm=\"realm1\"";
273 HttpState state = new HttpState();
274 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
275 try {
276 AuthScheme authscheme = new DigestScheme(challenge);
277 HttpAuthenticator.authenticate(authscheme, method, null, state);
278 fail("Should have thrown HttpException");
279 } catch(HttpException e) {
280 // expected
281 }
282 }
283
284 public void testDigestAuthenticationWithNoRealm() {
285 String challenge = "Digest";
286 HttpState state = new HttpState();
287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
288 try {
289 AuthScheme authscheme = new DigestScheme(challenge);
290 HttpAuthenticator.authenticate(authscheme, method, null, state);
291 fail("Should have thrown HttpException");
292 } catch(HttpException e) {
293 // expected
294 }
295 }
296
297 public void testDigestAuthenticationWithNoRealm2() {
298 String challenge = "Digest ";
299 HttpState state = new HttpState();
300 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
301 try {
302 AuthScheme authscheme = new DigestScheme(challenge);
303 HttpAuthenticator.authenticate(authscheme, method, null, state);
304 fail("Should have thrown HttpException");
305 } catch(HttpException e) {
306 // expected
307 }
308 }
309
310 public void testDigestAuthenticationWithNullHttpState() throws Exception {
311 String challenge = "Digest realm=\"realm1\"";
312 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
313 try {
314 AuthScheme authscheme = new DigestScheme(challenge);
315 HttpAuthenticator.authenticate(authscheme, method, null, null);
316 fail("Should have thrown IllegalArgumentException");
317 } catch(IllegalArgumentException e) {
318 // expected
319 }
320 }
321
322 public void testDigestAuthenticationCaseInsensitivity() throws Exception {
323 String challenge = "dIgEsT ReAlM=\"realm1\"";
324 HttpState state = new HttpState();
325 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
326 state.setCredentials(null, null, cred);
327 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
328 AuthScheme authscheme = new DigestScheme(challenge);
329 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
330 assertTrue(null != method.getRequestHeader("Authorization"));
331 }
332
333
334 public void testDigestAuthenticationWithDefaultCreds() throws Exception {
335 String challenge = "Digest realm=\"realm1\"";
336 HttpState state = new HttpState();
337 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
338 state.setCredentials(null, null, cred);
339 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
340 AuthScheme authscheme = new DigestScheme(challenge);
341 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
342 assertTrue(null != method.getRequestHeader("Authorization"));
343 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
344 }
345
346 public void testDigestAuthentication() throws Exception {
347 String challenge = "Digest realm=\"realm1\"";
348 HttpState state = new HttpState();
349 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
350 state.setCredentials(null, null, cred);
351 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
352 AuthScheme authscheme = new DigestScheme(challenge);
353 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
354 assertTrue(null != method.getRequestHeader("Authorization"));
355 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
356 }
357
358 public void testDigestAuthenticationWithMultipleRealms() throws Exception {
359 String challenge1 = "Digest realm=\"realm1\"";
360 String challenge2 = "Digest realm=\"realm2\"";
361 HttpState state = new HttpState();
362 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
363 state.setCredentials("realm1", null, cred);
364 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2");
365 state.setCredentials("realm2", null, cred2);
366 AuthScheme authscheme1 = new DigestScheme(challenge1);
367 AuthScheme authscheme2 = new DigestScheme(challenge2);
368 {
369 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
370 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
371 assertTrue(null != method.getRequestHeader("Authorization"));
372 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
373 }
374 {
375 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2));
376 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
377 assertTrue(null != method.getRequestHeader("Authorization"));
378 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue());
379 }
380 }
381
382 // --------------------------------- Test Methods for NTLM Authentication
383
384 public void testNTLMAuthenticationWithNoCreds() {
385 String challenge = "NTLM";
386 HttpState state = new HttpState();
387 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
388 method.addRequestHeader("Host", "host");
389 try {
390 AuthScheme authscheme = new NTLMScheme(challenge);
391 HttpAuthenticator.authenticate(authscheme, method, null, state);
392 fail("Should have thrown HttpException");
393 } catch(HttpException e) {
394 // expected
395 }
396 }
397
398 public void testNTLMAuthenticationWithNullHttpState() throws Exception {
399 String challenge = "NTLM";
400 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
401 method.addRequestHeader("Host", "host");
402 try {
403 AuthScheme authscheme = new NTLMScheme(challenge);
404 HttpAuthenticator.authenticate(authscheme, method, null, null);
405 fail("Should have thrown IllegalArgumentException");
406 } catch(IllegalArgumentException e) {
407 // expected
408 }
409 }
410
411 public void testNTLMAuthenticationCaseInsensitivity() throws Exception {
412 String challenge = "nTlM";
413 HttpState state = new HttpState();
414 NTCredentials cred = new NTCredentials("username","password", "host",
415 "domain");
416 state.setCredentials("host", null, cred);
417 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
418 method.addRequestHeader("Host", "host");
419 AuthScheme authscheme = new NTLMScheme(challenge);
420 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
421 assertTrue(null != method.getRequestHeader("Authorization"));
422 }
423
424 public void testNTLMAuthenticationResponse1() throws Exception {
425 String challenge = "NTLM";
426 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" +
427 "1NURE9NQUlO";
428 HttpState state = new HttpState();
429 NTCredentials cred = new NTCredentials("username","password", "host",
430 "domain");
431 state.setCredentials("host", null, cred);
432 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
433 method.addRequestHeader("Host", "host");
434 AuthScheme authscheme = new NTLMScheme(challenge);
435 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
436 assertTrue(null != method.getRequestHeader("Authorization"));
437 assertEquals(expected,
438 method.getRequestHeader("Authorization").getValue());
439 }
440
441 public void testNTLMAuthenticationResponse2() throws Exception {
442 String challenge =
443 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
444 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
445 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
446 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
447 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
448
449 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
450 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
451 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
452 HttpState state = new HttpState();
453 NTCredentials cred = new NTCredentials("username","password", "host",
454 "domain");
455 state.setCredentials("host", null, cred);
456 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
457 method.addRequestHeader("Host", "host");
458 AuthScheme authscheme = new NTLMScheme(challenge);
459 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
460 assertTrue(null != method.getRequestHeader("Authorization"));
461 assertEquals(expected,
462 method.getRequestHeader("Authorization").getValue());
463 }
464
465 public void testNTLMAuthenticationWithDefaultCreds() throws Exception {
466 String challenge =
467 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
468 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
469 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
470 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
471 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
472 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
473 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
474 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
475 HttpState state = new HttpState();
476 NTCredentials cred = new NTCredentials("username","password", "host",
477 "domain");
478 state.setCredentials(null, null, cred);
479 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
480 method.addRequestHeader("Host", "host");
481 AuthScheme authscheme = new NTLMScheme(challenge);
482 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
483 assertTrue(null != method.getRequestHeader("Authorization"));
484 assertEquals(expected,
485 method.getRequestHeader("Authorization").getValue());
486 }
487
488 public void testNTLMAuthenticationRetry() throws Exception {
489 NTCredentials cred = new NTCredentials("username", "password", "host", "domain");
490 HttpState state = new HttpState();
491 state.setCredentials(null, null, cred);
492 HttpMethod method = new SimpleHttpMethod();
493 SimpleHttpConnection conn = new SimpleHttpConnection();
494 conn.addResponse(
495 "HTTP/1.1 401 Unauthorized\r\n" +
496 "WWW-Authenticate: NTLM\r\n" +
497 "Connection: close\r\n" +
498 "Server: HttpClient Test/2.0\r\n");
499 conn.addResponse(
500 "HTTP/1.1 401 Unauthorized\r\n" +
501 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" +
502 "Connection: close\r\n" +
503 "Server: HttpClient Test/2.0\r\n");
504 conn.addResponse(
505 "HTTP/1.1 200 OK\r\n" +
506 "Connection: close\r\n" +
507 "Server: HttpClient Test/2.0\r\n\r\n" +
508 "stuff\r\n");
509 method.execute(state, conn);
510 assertNull(method.getResponseHeader("WWW-Authenticate"));
511 assertEquals(200, method.getStatusCode());
512 }
513
514 /***
515 * Test that the Unauthorized response is returned when doAuthentication is false.
516 */
517 public void testDoAuthenticateFalse() throws Exception {
518 HttpState state = new HttpState();
519 state.setCredentials(null, "Protected",
520 new UsernamePasswordCredentials("name", "pass"));
521 HttpMethod method = new SimpleHttpMethod();
522 method.setDoAuthentication(false);
523 SimpleHttpConnection conn = new SimpleHttpConnection();
524 conn.addResponse(
525 "HTTP/1.1 401 Unauthorized\r\n" +
526 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
527 "Connection: close\r\n" +
528 "Server: HttpClient Test/2.0\r\n");
529 conn.addResponse(
530 "HTTP/1.1 200 OK\r\n" +
531 "Connection: close\r\n" +
532 "Server: HttpClient Test/2.0\r\n");
533 method.execute(state, conn);
534 assertNotNull(method.getResponseHeader("WWW-Authenticate"));
535 assertNull(method.getRequestHeader("Authorization"));
536 assertEquals(401, method.getStatusCode());
537
538 }
539
540
541 /***
542 */
543 public void testInvalidCredentials() throws Exception {
544 HttpState state = new HttpState();
545 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass"));
546 HttpMethod method = new SimpleHttpMethod();
547 method.setDoAuthentication(false);
548 SimpleHttpConnection conn = new SimpleHttpConnection();
549 conn.addResponse(
550 "HTTP/1.1 401 Unauthorized\r\n" +
551 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
552 "Connection: close\r\n" +
553 "Server: HttpClient Test/2.0\r\n"
554 );
555 method.execute(state, conn);
556 assertEquals(401, method.getStatusCode());
557 }
558
559
560 // --------------------------------- Test Methods for Multiple Authentication
561
562 public void testMultipleChallengeBasic() throws Exception {
563 HttpState state = new HttpState();
564 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
565 HttpMethod method = new SimpleHttpMethod();
566 SimpleHttpConnection conn = new SimpleHttpConnection();
567 conn.addResponse(
568 "HTTP/1.1 401 Unauthorized\r\n" +
569 "WWW-Authenticate: Unsupported\r\n" +
570 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
571 "Connection: close\r\n" +
572 "Server: HttpClient Test/2.0\r\n"
573 );
574 conn.addResponse(
575 "HTTP/1.1 200 OK\r\n" +
576 "Connection: close\r\n" +
577 "Server: HttpClient Test/2.0\r\n"
578 );
579 method.execute(state, conn);
580 Header authHeader = method.getRequestHeader("Authorization");
581 assertNotNull(authHeader);
582
583 String authValue = authHeader.getValue();
584 assertTrue(authValue.startsWith("Basic"));
585 }
586
587 public void testMultipleChallengeBasicLongRealm() throws Exception {
588 HttpState state = new HttpState();
589 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass"));
590 HttpMethod method = new SimpleHttpMethod();
591 SimpleHttpConnection conn = new SimpleHttpConnection();
592 conn.addResponse(
593 "HTTP/1.1 401 Unauthorized\r\n" +
594 "WWW-Authenticate: Unsupported\r\n" +
595 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" +
596 "Connection: close\r\n" +
597 "Server: HttpClient Test/2.0\r\n"
598 );
599 conn.addResponse(
600 "HTTP/1.1 200 OK\r\n" +
601 "Connection: close\r\n" +
602 "Server: HttpClient Test/2.0\r\n"
603 );
604 method.execute(state, conn);
605 Header authHeader = method.getRequestHeader("Authorization");
606 assertNotNull(authHeader);
607
608 String authValue = authHeader.getValue();
609 assertTrue(authValue.startsWith("Basic"));
610 }
611
612
613
614
615 public void testMultipleChallengeDigest() throws Exception {
616 HttpState state = new HttpState();
617 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
618 HttpMethod method = new SimpleHttpMethod();
619 SimpleHttpConnection conn = new SimpleHttpConnection();
620 conn.addResponse(
621 "HTTP/1.1 401 Unauthorized\r\n" +
622 "WWW-Authenticate: Unsupported\r\n" +
623 "WWW-Authenticate: Digest realm=\"Protected\"\r\n" +
624 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
625 "Connection: close\r\n" +
626 "Server: HttpClient Test/2.0\r\n"
627 );
628 conn.addResponse(
629 "HTTP/1.1 200 OK\r\n" +
630 "Connection: close\r\n" +
631 "Server: HttpClient Test/2.0\r\n"
632 );
633 method.execute(state, conn);
634 Header authHeader = method.getRequestHeader("Authorization");
635 assertNotNull(authHeader);
636
637 String authValue = authHeader.getValue();
638 assertTrue(authValue.startsWith("Digest"));
639 }
640
641
642 public void testMultipleProxyChallengeBasic() throws Exception {
643 HttpState state = new HttpState();
644 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
645 HttpMethod method = new SimpleHttpMethod();
646 SimpleHttpConnection conn = new SimpleHttpConnection();
647 conn.addResponse(
648 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
649 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
650 "Proxy-Authenticate: Unsupported\r\n" +
651 "Connection: close\r\n" +
652 "Server: HttpClient Test/2.0\r\n"
653 );
654 conn.addResponse(
655 "HTTP/1.1 200 OK\r\n" +
656 "Connection: close\r\n" +
657 "Server: HttpClient Test/2.0\r\n"
658 );
659 method.execute(state, conn);
660 Header authHeader = method.getRequestHeader("Proxy-Authorization");
661 assertNotNull(authHeader);
662
663 String authValue = authHeader.getValue();
664 assertTrue(authValue.startsWith("Basic"));
665 }
666
667
668 public void testMultipleProxyChallengeDigest() throws Exception {
669 HttpState state = new HttpState();
670 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
671 HttpMethod method = new SimpleHttpMethod();
672 SimpleHttpConnection conn = new SimpleHttpConnection();
673 conn.addResponse(
674 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
675 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
676 "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" +
677 "Proxy-Authenticate: Unsupported\r\n" +
678 "Connection: close\r\n" +
679 "Server: HttpClient Test/2.0\r\n"
680 );
681 conn.addResponse(
682 "HTTP/1.1 200 OK\r\n" +
683 "Connection: close\r\n" +
684 "Server: HttpClient Test/2.0\r\n"
685 );
686 method.execute(state, conn);
687 Header authHeader = method.getRequestHeader("Proxy-Authorization");
688 assertNotNull(authHeader);
689
690 String authValue = authHeader.getValue();
691 assertTrue(authValue.startsWith("Digest"));
692 }
693
694
695 // --------------------------------- Test Methods for Selecting Credentials
696
697 public void testDefaultCredentials() throws Exception {
698 HttpState state = new HttpState();
699 Credentials expected = new UsernamePasswordCredentials("name", "pass");
700 state.setCredentials(null, null, expected);
701 Credentials got = state.getCredentials("realm", "host");
702 assertEquals(got, expected);
703 }
704
705 public void testRealmCredentials() throws Exception {
706 HttpState state = new HttpState();
707 Credentials expected = new UsernamePasswordCredentials("name", "pass");
708 state.setCredentials("realm", null, expected);
709 Credentials got = state.getCredentials("realm", "host");
710 assertEquals(expected, got);
711 }
712
713 public void testHostCredentials() throws Exception {
714 HttpState state = new HttpState();
715 Credentials expected = new UsernamePasswordCredentials("name", "pass");
716 state.setCredentials(null, "host", expected);
717 Credentials got = state.getCredentials("realm", "host");
718 assertEquals(expected, got);
719 }
720
721 public void testBothCredentials() throws Exception {
722 HttpState state = new HttpState();
723 Credentials expected = new UsernamePasswordCredentials("name", "pass");
724 state.setCredentials("realm", "host", expected);
725 Credentials got = state.getCredentials("realm", "host");
726 assertEquals(expected, got);
727 }
728
729 public void testWrongHostCredentials() throws Exception {
730 HttpState state = new HttpState();
731 Credentials expected = new UsernamePasswordCredentials("name", "pass");
732 state.setCredentials(null, "host1", expected);
733 Credentials got = state.getCredentials("realm", "host2");
734 assertNotSame(expected, got);
735 }
736
737 public void testWrongRealmCredentials() throws Exception {
738 HttpState state = new HttpState();
739 Credentials cred = new UsernamePasswordCredentials("name", "pass");
740 state.setCredentials("realm1", "host", cred);
741 Credentials got = state.getCredentials("realm2", "host");
742 assertNotSame(cred, got);
743 }
744
745 public void testRealmSpoof() throws Exception {
746 HttpState state = new HttpState();
747 Credentials cred = new UsernamePasswordCredentials("name", "pass");
748 state.setCredentials(null, "admin.apache.org", cred);
749 Credentials got = state.getCredentials("admin.apache.org", "myhost");
750 assertNotSame(cred, got);
751 }
752
753 public void testRealmSpoof2() throws Exception {
754 HttpState state = new HttpState();
755 Credentials cred = new UsernamePasswordCredentials("name", "pass");
756 state.setCredentials(null, "whatever", cred);
757 Credentials got = state.getCredentials("nullwhatever", null);
758 assertNotSame(cred, got);
759 }
760 }
This page was automatically generated by Maven