1 /*
2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25.2.3 2003/09/11 09:04:34 oglueck Exp $
3 * $Revision: 1.25.2.3 $
4 * $Date: 2003/09/11 09:04:34 $
5 * ====================================================================
6 *
7 * The Apache Software License, Version 1.1
8 *
9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights
10 * reserved.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 *
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 *
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in
21 * the documentation and/or other materials provided with the
22 * distribution.
23 *
24 * 3. The end-user documentation included with the redistribution, if
25 * any, must include the following acknowlegement:
26 * "This product includes software developed by the
27 * Apache Software Foundation (http://www.apache.org/)."
28 * Alternately, this acknowlegement may appear in the software itself,
29 * if and wherever such third-party acknowlegements normally appear.
30 *
31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
32 * Foundation" must not be used to endorse or promote products derived
33 * from this software without prior written permission. For written
34 * permission, please contact apache@apache.org.
35 *
36 * 5. Products derived from this software may not be called "Apache"
37 * nor may "Apache" appear in their names without prior written
38 * permission of the Apache Group.
39 *
40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This software consists of voluntary contributions made by many
55 * individuals on behalf of the Apache Software Foundation. For more
56 * information on the Apache Software Foundation, please see
57 * <http://www.apache.org/>.
58 *
59 * [Additional notices, if required by prior licensing conditions]
60 *
61 */
62
63 package org.apache.commons.httpclient;
64
65 import junit.framework.Test;
66 import junit.framework.TestCase;
67 import junit.framework.TestSuite;
68
69 import java.util.Hashtable;
70 import java.util.StringTokenizer;
71 import org.apache.commons.httpclient.auth.*;
72 import org.apache.commons.httpclient.util.Base64;
73
74 /***
75 * Unit tests for {@link Authenticator}.
76 *
77 * @author Rodney Waldhoff
78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a>
79 * @version $Id: TestAuthenticator.java,v 1.25.2.3 2003/09/11 09:04:34 oglueck Exp $
80 */
81 public class TestAuthenticator extends TestCase {
82
83 // ------------------------------------------------------------ Constructor
84 public TestAuthenticator(String testName) {
85 super(testName);
86 }
87
88 // ------------------------------------------------------------------- Main
89 public static void main(String args[]) {
90 String[] testCaseName = { TestAuthenticator.class.getName() };
91 junit.textui.TestRunner.main(testCaseName);
92 }
93
94 // ------------------------------------------------------- Utility Methods
95
96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception {
97 Hashtable table = new Hashtable();
98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\"");
99 while(tokenizer.hasMoreTokens()){
100 String key = null;
101 String value = null;
102 if(tokenizer.hasMoreTokens())
103 key = tokenizer.nextToken();
104 if(tokenizer.hasMoreTokens())
105 value = tokenizer.nextToken();
106 if(key != null && value != null){
107 table.put(key.trim(),value.trim());
108 }
109 }
110 String response = (String) table.get("response");
111 table.put( "methodname", methodName );
112 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table);
113 assertEquals(response, digest);
114 }
115
116
117 // ------------------------------------------------------- TestCase Methods
118
119 public static Test suite() {
120 return new TestSuite(TestAuthenticator.class);
121 }
122
123
124 // ---------------------------------- Test Methods for BasicScheme Authentication
125
126 public void testBasicAuthenticationWithNoCreds() {
127 String challenge = "Basic realm=\"realm1\"";
128 HttpState state = new HttpState();
129 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
130 try {
131 AuthScheme authscheme = new BasicScheme(challenge);
132 HttpAuthenticator.authenticate(authscheme, method, null, state);
133 fail("Should have thrown HttpException");
134 } catch(HttpException e) {
135 // expected
136 }
137 }
138
139 public void testBasicAuthenticationWithNoRealm() {
140 String challenge = "Basic";
141 HttpState state = new HttpState();
142 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
143 try {
144 AuthScheme authscheme = new BasicScheme(challenge);
145 HttpAuthenticator.authenticate(authscheme, method, null, state);
146 fail("Should have thrown HttpException");
147 } catch(HttpException e) {
148 // expected
149 }
150 }
151
152 public void testBasicAuthenticationWithNoRealm2() {
153 String challenge = "Basic ";
154 HttpState state = new HttpState();
155 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
156 try {
157 AuthScheme authscheme = new BasicScheme(challenge);
158 HttpAuthenticator.authenticate(authscheme, method, null, state);
159 fail("Should have thrown HttpException");
160 } catch(HttpException e) {
161 // expected
162 }
163 }
164
165 public void testBasicAuthenticationWithNullHttpState() throws Exception {
166 String challenge = "Basic realm=\"realm1\"";
167 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
168 try {
169 AuthScheme authscheme = new BasicScheme(challenge);
170 HttpAuthenticator.authenticate(authscheme, method, null, null);
171 fail("Should have thrown IllegalArgumentException");
172 } catch(IllegalArgumentException e) {
173 // expected
174 }
175 }
176
177 public void testInvalidAuthenticationScheme() throws Exception {
178 String challenge = "invalid realm=\"realm1\"";
179 try{
180 HttpAuthenticator.selectAuthScheme(
181 new Header[] { new Header("WWW-Authenticate", challenge) });
182 fail("Should have thrown UnsupportedOperationException");
183 }catch (UnsupportedOperationException uoe){
184 // expected
185 }
186 }
187
188 public void testBasicAuthenticationCaseInsensitivity() throws Exception {
189 String challenge = "bAsIc ReAlM=\"realm1\"";
190 HttpState state = new HttpState();
191 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
192 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
193 AuthScheme authscheme = new BasicScheme(challenge);
194 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
195 assertTrue(null != method.getRequestHeader("Authorization"));
196 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
197 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
198 }
199
200
201 public void testBasicAuthenticationWithDefaultCreds() throws Exception {
202 HttpState state = new HttpState();
203 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
204 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\""));
205 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
206 assertTrue(null != method.getRequestHeader("Authorization"));
207 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
208 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
209 }
210
211 public void testBasicAuthentication() throws Exception {
212 String challenge = "Basic realm=\"realm\"";
213 HttpState state = new HttpState();
214 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password"));
215 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
216 AuthScheme authscheme = new BasicScheme(challenge);
217 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
218 assertTrue(null != method.getRequestHeader("Authorization"));
219 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
220 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
221 }
222
223
224 public void testBasicAuthenticationWithMutlipleRealms() throws Exception {
225 String challenge1 = "Basic realm=\"realm1\"";
226 String challenge2 = "Basic realm=\"realm2\"";
227 HttpState state = new HttpState();
228 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password"));
229 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2"));
230 AuthScheme authscheme1 = new BasicScheme(challenge1);
231 AuthScheme authscheme2 = new BasicScheme(challenge2);
232 {
233 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
234 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
235 assertTrue(null != method.getRequestHeader("Authorization"));
236 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
237 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
238 }
239 {
240 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2));
241 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
242 assertTrue(null != method.getRequestHeader("Authorization"));
243 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2")));
244 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
245 }
246 }
247
248 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception {
249 HttpState state = new HttpState();
250 HttpMethod method = new SimpleHttpMethod();
251
252 state.setAuthenticationPreemptive(true);
253 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state));
254 assertTrue(null == method.getRequestHeader("Authorization"));
255 }
256
257 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
258 HttpState state = new HttpState();
259 HttpMethod method = new SimpleHttpMethod();
260 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
261
262 state.setAuthenticationPreemptive(true);
263 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
264 assertTrue(null != method.getRequestHeader("Authorization"));
265 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
266 assertEquals(expected, method.getRequestHeader("Authorization").getValue());
267 }
268
269 // --------------------------------- Test Methods for DigestScheme Authentication
270
271 public void testDigestAuthenticationWithNoCreds() {
272 String challenge = "Digest realm=\"realm1\"";
273 HttpState state = new HttpState();
274 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
275 try {
276 AuthScheme authscheme = new DigestScheme(challenge);
277 HttpAuthenticator.authenticate(authscheme, method, null, state);
278 fail("Should have thrown HttpException");
279 } catch(HttpException e) {
280 // expected
281 }
282 }
283
284 public void testDigestAuthenticationWithNoRealm() {
285 String challenge = "Digest";
286 HttpState state = new HttpState();
287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
288 try {
289 AuthScheme authscheme = new DigestScheme(challenge);
290 HttpAuthenticator.authenticate(authscheme, method, null, state);
291 fail("Should have thrown HttpException");
292 } catch(HttpException e) {
293 // expected
294 }
295 }
296
297 public void testDigestAuthenticationWithNoRealm2() {
298 String challenge = "Digest ";
299 HttpState state = new HttpState();
300 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
301 try {
302 AuthScheme authscheme = new DigestScheme(challenge);
303 HttpAuthenticator.authenticate(authscheme, method, null, state);
304 fail("Should have thrown HttpException");
305 } catch(HttpException e) {
306 // expected
307 }
308 }
309
310 public void testDigestAuthenticationWithNullHttpState() throws Exception {
311 String challenge = "Digest realm=\"realm1\"";
312 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
313 try {
314 AuthScheme authscheme = new DigestScheme(challenge);
315 HttpAuthenticator.authenticate(authscheme, method, null, null);
316 fail("Should have thrown IllegalArgumentException");
317 } catch(IllegalArgumentException e) {
318 // expected
319 }
320 }
321
322 public void testDigestAuthenticationCaseInsensitivity() throws Exception {
323 String challenge = "dIgEsT ReAlM=\"realm1\"";
324 HttpState state = new HttpState();
325 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
326 state.setCredentials(null, null, cred);
327 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
328 AuthScheme authscheme = new DigestScheme(challenge);
329 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
330 assertTrue(null != method.getRequestHeader("Authorization"));
331 }
332
333
334 public void testDigestAuthenticationWithDefaultCreds() throws Exception {
335 String challenge = "Digest realm=\"realm1\"";
336 HttpState state = new HttpState();
337 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
338 state.setCredentials(null, null, cred);
339 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
340 AuthScheme authscheme = new DigestScheme(challenge);
341 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
342 assertTrue(null != method.getRequestHeader("Authorization"));
343 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
344 }
345
346 public void testDigestAuthentication() throws Exception {
347 String challenge = "Digest realm=\"realm1\"";
348 HttpState state = new HttpState();
349 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
350 state.setCredentials(null, null, cred);
351 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
352 AuthScheme authscheme = new DigestScheme(challenge);
353 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
354 assertTrue(null != method.getRequestHeader("Authorization"));
355 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
356 }
357
358 public void testDigestAuthenticationWithStaleNonce() throws Exception {
359
360 String headers =
361 "HTTP/1.1 401 OK\r\n" +
362 "Connection: close\r\n" +
363 "Content-Length: 0\r\n" +
364 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"ABC123\"\r\n";
365 String headers2 =
366 "HTTP/1.1 401 OK\r\n" +
367 "Connection: close\r\n" +
368 "Content-Length: 0\r\n" +
369 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"321CBA\", stale=\"true\"\r\n";
370 String headers3 =
371 "HTTP/1.1 200 OK\r\n" +
372 "Connection: close\r\n" +
373 "Server: HttpClient Test/2.0\r\n\r\n" +
374 "stuff\r\n";
375
376 SimpleHttpConnection conn = new SimpleHttpConnection();
377
378 conn.addResponse(headers);
379 conn.addResponse(headers2);
380 conn.addResponse(headers3);
381 HttpState state = new HttpState();
382 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
383 state.setCredentials(null, null, cred);
384
385 SimpleHttpMethod method = new SimpleHttpMethod();
386 method.setDoAuthentication(true);
387 assertEquals("Authentication failed", 200, method.execute(state, conn));
388 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
389 }
390
391 public void testDigestAuthenticationWithMultipleRealms() throws Exception {
392 String challenge1 = "Digest realm=\"realm1\"";
393 String challenge2 = "Digest realm=\"realm2\"";
394 HttpState state = new HttpState();
395 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
396 state.setCredentials("realm1", null, cred);
397 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2");
398 state.setCredentials("realm2", null, cred2);
399 AuthScheme authscheme1 = new DigestScheme(challenge1);
400 AuthScheme authscheme2 = new DigestScheme(challenge2);
401 {
402 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
403 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
404 assertTrue(null != method.getRequestHeader("Authorization"));
405 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
406 }
407 {
408 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2));
409 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
410 assertTrue(null != method.getRequestHeader("Authorization"));
411 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue());
412 }
413 }
414
415 /***
416 * Test digest authentication using the MD5-sess algorithm.
417 */
418 public void testDigestAuthenticationMD5Sess() throws Exception {
419 // Example using Digest auth with MD5-sess
420
421 String realm="realm";
422 String username="username";
423 String password="password";
424 String nonce="e273f1776275974f1a120d8b92c5b3cb";
425
426 String challenge="Digest realm=\"" + realm + "\", "
427 + nonce + "\"" + nonce + "\", "
428 + "opaque=\"SomeString\", "
429 + "stale=false, "
430 + "algorithm=MD5-sess, "
431 + "qop=\"auth\"";
432
433 HttpState state = new HttpState();
434 UsernamePasswordCredentials cred =
435 new UsernamePasswordCredentials(username, password);
436 state.setCredentials(realm, null, cred);
437 AuthScheme authscheme = new DigestScheme(challenge);
438 HttpMethod method =
439 new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
440 assertTrue(HttpAuthenticator.authenticate(
441 authscheme, method, null, state));
442 assertTrue(null != method.getRequestHeader("Authorization"));
443 checkAuthorization(cred, method.getName(),
444 method.getRequestHeader("Authorization").getValue());
445 }
446
447 // --------------------------------- Test Methods for NTLM Authentication
448
449 public void testNTLMAuthenticationWithNoCreds() {
450 String challenge = "NTLM";
451 HttpState state = new HttpState();
452 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
453 method.addRequestHeader("Host", "host");
454 try {
455 AuthScheme authscheme = new NTLMScheme(challenge);
456 HttpAuthenticator.authenticate(authscheme, method, null, state);
457 fail("Should have thrown HttpException");
458 } catch(HttpException e) {
459 // expected
460 }
461 }
462
463 public void testNTLMAuthenticationWithNullHttpState() throws Exception {
464 String challenge = "NTLM";
465 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
466 method.addRequestHeader("Host", "host");
467 try {
468 AuthScheme authscheme = new NTLMScheme(challenge);
469 HttpAuthenticator.authenticate(authscheme, method, null, null);
470 fail("Should have thrown IllegalArgumentException");
471 } catch(IllegalArgumentException e) {
472 // expected
473 }
474 }
475
476 public void testNTLMAuthenticationCaseInsensitivity() throws Exception {
477 String challenge = "nTlM";
478 HttpState state = new HttpState();
479 NTCredentials cred = new NTCredentials("username","password", "host",
480 "domain");
481 state.setCredentials(null, null, cred);
482 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
483 AuthScheme authscheme = new NTLMScheme(challenge);
484 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
485 assertTrue(null != method.getRequestHeader("Authorization"));
486 }
487
488 public void testNTLMAuthenticationResponse1() throws Exception {
489 String challenge = "NTLM";
490 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" +
491 "1NURE9NQUlO";
492 HttpState state = new HttpState();
493 NTCredentials cred = new NTCredentials("username","password", "host",
494 "domain");
495 state.setCredentials(null, null, cred);
496 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
497 AuthScheme authscheme = new NTLMScheme(challenge);
498 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
499 assertTrue(null != method.getRequestHeader("Authorization"));
500 assertEquals(expected,
501 method.getRequestHeader("Authorization").getValue());
502 }
503
504 public void testNTLMAuthenticationResponse2() throws Exception {
505 String challenge =
506 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
507 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
508 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
509 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
510 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
511
512 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
513 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
514 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
515 HttpState state = new HttpState();
516 NTCredentials cred = new NTCredentials("username","password", "host",
517 "domain");
518 state.setCredentials(null, null, cred);
519 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
520 AuthScheme authscheme = new NTLMScheme(challenge);
521 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
522 assertTrue(null != method.getRequestHeader("Authorization"));
523 assertEquals(expected,
524 method.getRequestHeader("Authorization").getValue());
525 }
526
527 public void testNTLMAuthenticationWithDefaultCreds() throws Exception {
528 String challenge =
529 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
530 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
531 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
532 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
533 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
534 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
535 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
536 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
537 HttpState state = new HttpState();
538 NTCredentials cred = new NTCredentials("username","password", "host",
539 "domain");
540 state.setCredentials(null, null, cred);
541 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
542 method.addRequestHeader("Host", "host");
543 AuthScheme authscheme = new NTLMScheme(challenge);
544 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
545 assertTrue(null != method.getRequestHeader("Authorization"));
546 assertEquals(expected,
547 method.getRequestHeader("Authorization").getValue());
548 }
549
550 public void testNTLMAuthenticationRetry() throws Exception {
551 NTCredentials cred = new NTCredentials("username", "password", "host", "domain");
552 HttpState state = new HttpState();
553 state.setCredentials(null, null, cred);
554 HttpMethod method = new SimpleHttpMethod();
555 SimpleHttpConnection conn = new SimpleHttpConnection();
556 conn.addResponse(
557 "HTTP/1.1 401 Unauthorized\r\n" +
558 "WWW-Authenticate: NTLM\r\n" +
559 "Connection: close\r\n" +
560 "Server: HttpClient Test/2.0\r\n");
561 conn.addResponse(
562 "HTTP/1.1 401 Unauthorized\r\n" +
563 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" +
564 "Connection: close\r\n" +
565 "Server: HttpClient Test/2.0\r\n");
566 conn.addResponse(
567 "HTTP/1.1 200 OK\r\n" +
568 "Connection: close\r\n" +
569 "Server: HttpClient Test/2.0\r\n\r\n" +
570 "stuff\r\n");
571 method.execute(state, conn);
572 assertNull(method.getResponseHeader("WWW-Authenticate"));
573 assertEquals(200, method.getStatusCode());
574 }
575
576 /***
577 * Test that the Unauthorized response is returned when doAuthentication is false.
578 */
579 public void testDoAuthenticateFalse() throws Exception {
580 HttpState state = new HttpState();
581 state.setCredentials(null, "Protected",
582 new UsernamePasswordCredentials("name", "pass"));
583 HttpMethod method = new SimpleHttpMethod();
584 method.setDoAuthentication(false);
585 SimpleHttpConnection conn = new SimpleHttpConnection();
586 conn.addResponse(
587 "HTTP/1.1 401 Unauthorized\r\n" +
588 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
589 "Connection: close\r\n" +
590 "Server: HttpClient Test/2.0\r\n");
591 conn.addResponse(
592 "HTTP/1.1 200 OK\r\n" +
593 "Connection: close\r\n" +
594 "Server: HttpClient Test/2.0\r\n");
595 method.execute(state, conn);
596 assertNotNull(method.getResponseHeader("WWW-Authenticate"));
597 assertNull(method.getRequestHeader("Authorization"));
598 assertEquals(401, method.getStatusCode());
599
600 }
601
602
603 /***
604 */
605 public void testInvalidCredentials() throws Exception {
606 HttpState state = new HttpState();
607 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass"));
608 HttpMethod method = new SimpleHttpMethod();
609 method.setDoAuthentication(false);
610 SimpleHttpConnection conn = new SimpleHttpConnection();
611 conn.addResponse(
612 "HTTP/1.1 401 Unauthorized\r\n" +
613 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
614 "Connection: close\r\n" +
615 "Server: HttpClient Test/2.0\r\n"
616 );
617 method.execute(state, conn);
618 assertEquals(401, method.getStatusCode());
619 }
620
621
622 // --------------------------------- Test Methods for Multiple Authentication
623
624 public void testMultipleChallengeBasic() throws Exception {
625 HttpState state = new HttpState();
626 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
627 HttpMethod method = new SimpleHttpMethod();
628 SimpleHttpConnection conn = new SimpleHttpConnection();
629 conn.addResponse(
630 "HTTP/1.1 401 Unauthorized\r\n" +
631 "WWW-Authenticate: Unsupported\r\n" +
632 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
633 "Connection: close\r\n" +
634 "Server: HttpClient Test/2.0\r\n"
635 );
636 conn.addResponse(
637 "HTTP/1.1 200 OK\r\n" +
638 "Connection: close\r\n" +
639 "Server: HttpClient Test/2.0\r\n"
640 );
641 method.execute(state, conn);
642 Header authHeader = method.getRequestHeader("Authorization");
643 assertNotNull(authHeader);
644
645 String authValue = authHeader.getValue();
646 assertTrue(authValue.startsWith("Basic"));
647 }
648
649 public void testMultipleChallengeBasicLongRealm() throws Exception {
650 HttpState state = new HttpState();
651 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass"));
652 HttpMethod method = new SimpleHttpMethod();
653 SimpleHttpConnection conn = new SimpleHttpConnection();
654 conn.addResponse(
655 "HTTP/1.1 401 Unauthorized\r\n" +
656 "WWW-Authenticate: Unsupported\r\n" +
657 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" +
658 "Connection: close\r\n" +
659 "Server: HttpClient Test/2.0\r\n"
660 );
661 conn.addResponse(
662 "HTTP/1.1 200 OK\r\n" +
663 "Connection: close\r\n" +
664 "Server: HttpClient Test/2.0\r\n"
665 );
666 method.execute(state, conn);
667 Header authHeader = method.getRequestHeader("Authorization");
668 assertNotNull(authHeader);
669
670 String authValue = authHeader.getValue();
671 assertTrue(authValue.startsWith("Basic"));
672 }
673
674
675
676
677 public void testMultipleChallengeDigest() throws Exception {
678 HttpState state = new HttpState();
679 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
680 HttpMethod method = new SimpleHttpMethod();
681 SimpleHttpConnection conn = new SimpleHttpConnection();
682 conn.addResponse(
683 "HTTP/1.1 401 Unauthorized\r\n" +
684 "WWW-Authenticate: Unsupported\r\n" +
685 "WWW-Authenticate: Digest realm=\"Protected\"\r\n" +
686 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
687 "Connection: close\r\n" +
688 "Server: HttpClient Test/2.0\r\n"
689 );
690 conn.addResponse(
691 "HTTP/1.1 200 OK\r\n" +
692 "Connection: close\r\n" +
693 "Server: HttpClient Test/2.0\r\n"
694 );
695 method.execute(state, conn);
696 Header authHeader = method.getRequestHeader("Authorization");
697 assertNotNull(authHeader);
698
699 String authValue = authHeader.getValue();
700 assertTrue(authValue.startsWith("Digest"));
701 }
702
703
704 public void testMultipleProxyChallengeBasic() throws Exception {
705 HttpState state = new HttpState();
706 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
707 HttpMethod method = new SimpleHttpMethod();
708 SimpleHttpConnection conn = new SimpleHttpConnection();
709 conn.addResponse(
710 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
711 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
712 "Proxy-Authenticate: Unsupported\r\n" +
713 "Connection: close\r\n" +
714 "Server: HttpClient Test/2.0\r\n"
715 );
716 conn.addResponse(
717 "HTTP/1.1 200 OK\r\n" +
718 "Connection: close\r\n" +
719 "Server: HttpClient Test/2.0\r\n"
720 );
721 method.execute(state, conn);
722 Header authHeader = method.getRequestHeader("Proxy-Authorization");
723 assertNotNull(authHeader);
724
725 String authValue = authHeader.getValue();
726 assertTrue(authValue.startsWith("Basic"));
727 }
728
729
730 public void testMultipleProxyChallengeDigest() throws Exception {
731 HttpState state = new HttpState();
732 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
733 HttpMethod method = new SimpleHttpMethod();
734 SimpleHttpConnection conn = new SimpleHttpConnection();
735 conn.addResponse(
736 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
737 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
738 "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" +
739 "Proxy-Authenticate: Unsupported\r\n" +
740 "Connection: close\r\n" +
741 "Server: HttpClient Test/2.0\r\n"
742 );
743 conn.addResponse(
744 "HTTP/1.1 200 OK\r\n" +
745 "Connection: close\r\n" +
746 "Server: HttpClient Test/2.0\r\n"
747 );
748 method.execute(state, conn);
749 Header authHeader = method.getRequestHeader("Proxy-Authorization");
750 assertNotNull(authHeader);
751
752 String authValue = authHeader.getValue();
753 assertTrue(authValue.startsWith("Digest"));
754 }
755
756
757 // --------------------------------- Test Methods for Selecting Credentials
758
759 public void testDefaultCredentials() throws Exception {
760 HttpState state = new HttpState();
761 Credentials expected = new UsernamePasswordCredentials("name", "pass");
762 state.setCredentials(null, null, expected);
763 Credentials got = state.getCredentials("realm", "host");
764 assertEquals(got, expected);
765 }
766
767 public void testRealmCredentials() throws Exception {
768 HttpState state = new HttpState();
769 Credentials expected = new UsernamePasswordCredentials("name", "pass");
770 state.setCredentials("realm", null, expected);
771 Credentials got = state.getCredentials("realm", "host");
772 assertEquals(expected, got);
773 }
774
775 public void testHostCredentials() throws Exception {
776 HttpState state = new HttpState();
777 Credentials expected = new UsernamePasswordCredentials("name", "pass");
778 state.setCredentials(null, "host", expected);
779 Credentials got = state.getCredentials("realm", "host");
780 assertEquals(expected, got);
781 }
782
783 public void testBothCredentials() throws Exception {
784 HttpState state = new HttpState();
785 Credentials expected = new UsernamePasswordCredentials("name", "pass");
786 state.setCredentials("realm", "host", expected);
787 Credentials got = state.getCredentials("realm", "host");
788 assertEquals(expected, got);
789 }
790
791 public void testWrongHostCredentials() throws Exception {
792 HttpState state = new HttpState();
793 Credentials expected = new UsernamePasswordCredentials("name", "pass");
794 state.setCredentials(null, "host1", expected);
795 Credentials got = state.getCredentials("realm", "host2");
796 assertNotSame(expected, got);
797 }
798
799 public void testWrongRealmCredentials() throws Exception {
800 HttpState state = new HttpState();
801 Credentials cred = new UsernamePasswordCredentials("name", "pass");
802 state.setCredentials("realm1", "host", cred);
803 Credentials got = state.getCredentials("realm2", "host");
804 assertNotSame(cred, got);
805 }
806
807 public void testRealmSpoof() throws Exception {
808 HttpState state = new HttpState();
809 Credentials cred = new UsernamePasswordCredentials("name", "pass");
810 state.setCredentials(null, "admin.apache.org", cred);
811 Credentials got = state.getCredentials("admin.apache.org", "myhost");
812 assertNotSame(cred, got);
813 }
814
815 public void testRealmSpoof2() throws Exception {
816 HttpState state = new HttpState();
817 Credentials cred = new UsernamePasswordCredentials("name", "pass");
818 state.setCredentials(null, "whatever", cred);
819 Credentials got = state.getCredentials("nullwhatever", null);
820 assertNotSame(cred, got);
821 }
822 }
This page was automatically generated by Maven