2
* $Header: /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons//httpclient/src/test/org/apache/commons/httpclient/auth/TestBasicAuth.java,v 1.9 2004/11/20 17:56:40 olegk Exp $
4
* $Date: 2005-09-19 16:37:48 -0400 (Mon, 19 Sep 2005) $
5
* ====================================================================
7
* Copyright 1999-2004 The Apache Software Foundation
9
* Licensed under the Apache License, Version 2.0 (the "License");
10
* you may not use this file except in compliance with the License.
11
* You may obtain a copy of the License at
13
* http://www.apache.org/licenses/LICENSE-2.0
15
* Unless required by applicable law or agreed to in writing, software
16
* distributed under the License is distributed on an "AS IS" BASIS,
17
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
* See the License for the specific language governing permissions and
19
* limitations under the License.
20
* ====================================================================
22
* This software consists of voluntary contributions made by many
23
* individuals on behalf of the Apache Software Foundation. For more
24
* information on the Apache Software Foundation, please see
25
* <http://www.apache.org/>.
29
package org.apache.commons.httpclient.auth;
31
import java.io.IOException;
33
import junit.framework.Test;
34
import junit.framework.TestSuite;
36
import org.apache.commons.codec.binary.Base64;
37
import org.apache.commons.httpclient.EchoService;
38
import org.apache.commons.httpclient.FeedbackService;
39
import org.apache.commons.httpclient.Header;
40
import org.apache.commons.httpclient.HttpClientTestBase;
41
import org.apache.commons.httpclient.HttpState;
42
import org.apache.commons.httpclient.HttpStatus;
43
import org.apache.commons.httpclient.ProxyTestDecorator;
44
import org.apache.commons.httpclient.UsernamePasswordCredentials;
45
import org.apache.commons.httpclient.methods.GetMethod;
46
import org.apache.commons.httpclient.methods.HeadMethod;
47
import org.apache.commons.httpclient.methods.PostMethod;
48
import org.apache.commons.httpclient.methods.PutMethod;
49
import org.apache.commons.httpclient.methods.StringRequestEntity;
50
import org.apache.commons.httpclient.server.AuthRequestHandler;
51
import org.apache.commons.httpclient.server.HttpRequestHandlerChain;
52
import org.apache.commons.httpclient.server.HttpServiceHandler;
53
import org.apache.commons.httpclient.util.EncodingUtil;
56
* Basic authentication test cases.
58
* @author Oleg Kalnichevski
60
* @version $Id: TestBasicAuth.java 290260 2005-09-19 20:37:48Z olegk $
62
public class TestBasicAuth extends HttpClientTestBase {
64
// ------------------------------------------------------------ Constructor
65
public TestBasicAuth(final String testName) throws IOException {
69
// ------------------------------------------------------------------- Main
70
public static void main(String args[]) {
71
String[] testCaseName = { TestBasicAuth.class.getName() };
72
junit.textui.TestRunner.main(testCaseName);
75
// ------------------------------------------------------- TestCase Methods
77
public static Test suite() {
78
TestSuite suite = new TestSuite(TestBasicAuth.class);
79
ProxyTestDecorator.addTests(suite);
83
public void testBasicAuthenticationWithNoCreds() throws IOException {
85
UsernamePasswordCredentials creds =
86
new UsernamePasswordCredentials("testuser", "testpass");
88
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
89
handlerchain.appendHandler(new AuthRequestHandler(creds));
90
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
92
this.server.setRequestHandler(handlerchain);
93
GetMethod httpget = new GetMethod("/test/");
95
this.client.executeMethod(httpget);
96
assertNotNull(httpget.getStatusLine());
97
assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
98
AuthState authstate = httpget.getHostAuthState();
99
assertNotNull(authstate.getAuthScheme());
100
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
101
assertEquals("test", authstate.getRealm());
103
httpget.releaseConnection();
107
public void testBasicAuthenticationWithNoCredsRetry() throws IOException {
108
UsernamePasswordCredentials creds =
109
new UsernamePasswordCredentials("testuser", "testpass");
111
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
112
handlerchain.appendHandler(new AuthRequestHandler(creds));
113
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
115
this.server.setRequestHandler(handlerchain);
117
GetMethod httpget = new GetMethod("/test/");
119
this.client.executeMethod(httpget);
120
assertNotNull(httpget.getStatusLine());
121
assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
122
AuthState authstate = httpget.getHostAuthState();
123
assertNotNull(authstate.getAuthScheme());
124
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
125
assertEquals("test", authstate.getRealm());
127
httpget.releaseConnection();
129
// now try with credentials
130
httpget = new GetMethod("/test/");
132
this.client.getState().setCredentials(AuthScope.ANY, creds);
133
this.client.executeMethod(httpget);
134
assertNotNull(httpget.getStatusLine());
135
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
137
httpget.releaseConnection();
141
public void testBasicAuthenticationWithNoRealm() {
142
String challenge = "Basic";
144
AuthScheme authscheme = new BasicScheme();
145
authscheme.processChallenge(challenge);
146
fail("Should have thrown MalformedChallengeException");
147
} catch(MalformedChallengeException e) {
152
public void testBasicAuthenticationWith88591Chars() throws Exception {
153
int[] germanChars = { 0xE4, 0x2D, 0xF6, 0x2D, 0xFc };
154
StringBuffer buffer = new StringBuffer();
155
for (int i = 0; i < germanChars.length; i++) {
156
buffer.append((char)germanChars[i]);
159
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("dh", buffer.toString());
160
assertEquals("Basic ZGg65C32Lfw=",
161
BasicScheme.authenticate(credentials, "ISO-8859-1"));
164
public void testBasicAuthenticationWithDefaultCreds() throws Exception {
165
UsernamePasswordCredentials creds =
166
new UsernamePasswordCredentials("testuser", "testpass");
168
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
169
handlerchain.appendHandler(new AuthRequestHandler(creds));
170
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
172
HttpState state = new HttpState();
173
state.setCredentials(AuthScope.ANY, creds);
174
this.client.setState(state);
176
this.server.setRequestHandler(handlerchain);
178
GetMethod httpget = new GetMethod("/test/");
180
this.client.executeMethod(httpget);
182
httpget.releaseConnection();
184
assertNotNull(httpget.getStatusLine());
185
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
186
Header auth = httpget.getRequestHeader("Authorization");
188
String expected = "Basic " + EncodingUtil.getAsciiString(
189
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
190
assertEquals(expected, auth.getValue());
191
AuthState authstate = httpget.getHostAuthState();
192
assertNotNull(authstate.getAuthScheme());
193
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
194
assertEquals("test", authstate.getRealm());
197
public void testBasicAuthentication() throws Exception {
198
UsernamePasswordCredentials creds =
199
new UsernamePasswordCredentials("testuser", "testpass");
201
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
202
handlerchain.appendHandler(new AuthRequestHandler(creds));
203
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
205
HttpState state = new HttpState();
206
AuthScope authscope = new AuthScope(
207
this.server.getLocalAddress(),
208
this.server.getLocalPort(),
210
state.setCredentials(authscope, creds);
211
this.client.setState(state);
213
this.server.setRequestHandler(handlerchain);
215
GetMethod httpget = new GetMethod("/test/");
217
this.client.executeMethod(httpget);
219
httpget.releaseConnection();
221
assertNotNull(httpget.getStatusLine());
222
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
223
Header auth = httpget.getRequestHeader("Authorization");
225
String expected = "Basic " + EncodingUtil.getAsciiString(
226
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
227
assertEquals(expected, auth.getValue());
228
AuthState authstate = httpget.getHostAuthState();
229
assertNotNull(authstate.getAuthScheme());
230
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
231
assertEquals("test", authstate.getRealm());
234
public void testBasicAuthenticationWithInvalidCredentials() throws Exception {
235
UsernamePasswordCredentials creds =
236
new UsernamePasswordCredentials("testuser", "testpass");
238
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
239
handlerchain.appendHandler(new AuthRequestHandler(creds));
240
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
242
HttpState state = new HttpState();
243
AuthScope authscope = new AuthScope(
244
this.server.getLocalAddress(),
245
this.server.getLocalPort(),
247
state.setCredentials(authscope, new UsernamePasswordCredentials("test", "stuff"));
248
this.client.setState(state);
250
this.server.setRequestHandler(handlerchain);
252
GetMethod httpget = new GetMethod("/test/");
254
this.client.executeMethod(httpget);
256
httpget.releaseConnection();
258
assertNotNull(httpget.getStatusLine());
259
assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
260
AuthState authstate = httpget.getHostAuthState();
261
assertNotNull(authstate.getAuthScheme());
262
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
263
assertEquals("test", authstate.getRealm());
266
public void testBasicAuthenticationWithMutlipleRealms1() throws Exception {
267
UsernamePasswordCredentials creds =
268
new UsernamePasswordCredentials("testuser", "testpass");
270
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
271
handlerchain.appendHandler(new AuthRequestHandler(creds));
272
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
274
HttpState state = new HttpState();
275
AuthScope realm1 = new AuthScope(
276
this.server.getLocalAddress(),
277
this.server.getLocalPort(),
279
AuthScope realm2 = new AuthScope(
280
this.server.getLocalAddress(),
281
this.server.getLocalPort(),
283
state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass"));
284
state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2"));
285
this.client.setState(state);
287
this.server.setRequestHandler(handlerchain);
289
GetMethod httpget = new GetMethod("/test/");
291
this.client.executeMethod(httpget);
293
httpget.releaseConnection();
295
assertNotNull(httpget.getStatusLine());
296
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
297
Header auth = httpget.getRequestHeader("Authorization");
299
String expected = "Basic " + EncodingUtil.getAsciiString(
300
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
301
assertEquals(expected, auth.getValue());
302
AuthState authstate = httpget.getHostAuthState();
303
assertNotNull(authstate.getAuthScheme());
304
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
305
assertEquals("test", authstate.getRealm());
308
public void testBasicAuthenticationWithMutlipleRealms2() throws Exception {
309
UsernamePasswordCredentials creds =
310
new UsernamePasswordCredentials("testuser2", "testpass2");
312
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
313
handlerchain.appendHandler(new AuthRequestHandler(creds, "test2"));
314
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
316
HttpState state = new HttpState();
317
AuthScope realm1 = new AuthScope(
318
this.server.getLocalAddress(),
319
this.server.getLocalPort(),
321
AuthScope realm2 = new AuthScope(
322
this.server.getLocalAddress(),
323
this.server.getLocalPort(),
325
state.setCredentials(realm1, new UsernamePasswordCredentials("testuser","testpass"));
326
state.setCredentials(realm2, new UsernamePasswordCredentials("testuser2","testpass2"));
327
this.client.setState(state);
329
this.server.setRequestHandler(handlerchain);
331
GetMethod httpget = new GetMethod("/test2/");
333
this.client.executeMethod(httpget);
335
httpget.releaseConnection();
337
assertNotNull(httpget.getStatusLine());
338
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
339
Header auth = httpget.getRequestHeader("Authorization");
341
String expected = "Basic " + EncodingUtil.getAsciiString(
342
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser2:testpass2")));
343
assertEquals(expected, auth.getValue());
344
AuthState authstate = httpget.getHostAuthState();
345
assertNotNull(authstate.getAuthScheme());
346
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
347
assertEquals("test2", authstate.getRealm());
350
public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
351
UsernamePasswordCredentials creds =
352
new UsernamePasswordCredentials("testuser", "testpass");
354
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
355
handlerchain.appendHandler(new AuthRequestHandler(creds));
356
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
358
HttpState state = new HttpState();
359
state.setCredentials(AuthScope.ANY, creds);
360
this.client.setState(state);
361
this.client.getParams().setAuthenticationPreemptive(true);
363
this.server.setRequestHandler(handlerchain);
365
GetMethod httpget = new GetMethod("/test/");
367
this.client.executeMethod(httpget);
369
httpget.releaseConnection();
371
assertNotNull(httpget.getStatusLine());
372
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
373
Header auth = httpget.getRequestHeader("Authorization");
375
String expected = "Basic " + EncodingUtil.getAsciiString(
376
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
377
assertEquals(expected, auth.getValue());
378
AuthState authstate = httpget.getHostAuthState();
379
assertNotNull(authstate.getAuthScheme());
380
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
381
assertNull(authstate.getRealm());
382
assertTrue(authstate.isPreemptive());
385
public void testPreemptiveAuthorizationTrueWithoutCreds() throws Exception {
386
UsernamePasswordCredentials creds =
387
new UsernamePasswordCredentials("testuser", "testpass");
389
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
390
handlerchain.appendHandler(new AuthRequestHandler(creds));
391
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
393
HttpState state = new HttpState();
394
this.client.setState(state);
395
this.client.getParams().setAuthenticationPreemptive(true);
397
this.server.setRequestHandler(handlerchain);
399
GetMethod httpget = new GetMethod("/test/");
401
this.client.executeMethod(httpget);
403
httpget.releaseConnection();
405
assertNotNull(httpget.getStatusLine());
406
assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
407
Header auth = httpget.getRequestHeader("Authorization");
409
AuthState authstate = httpget.getHostAuthState();
410
assertNotNull(authstate.getAuthScheme());
411
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
412
assertNotNull(authstate.getRealm());
413
assertTrue(authstate.isPreemptive());
416
public void testCustomAuthorizationHeader() throws Exception {
417
UsernamePasswordCredentials creds =
418
new UsernamePasswordCredentials("testuser", "testpass");
420
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
421
handlerchain.appendHandler(new AuthRequestHandler(creds));
422
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
424
this.server.setRequestHandler(handlerchain);
426
GetMethod httpget = new GetMethod("/test/");
427
String authResponse = "Basic " + EncodingUtil.getAsciiString(
428
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
429
httpget.addRequestHeader(new Header("Authorization", authResponse));
431
this.client.executeMethod(httpget);
433
httpget.releaseConnection();
435
assertNotNull(httpget.getStatusLine());
436
assertEquals(HttpStatus.SC_OK, httpget.getStatusLine().getStatusCode());
439
public void testHeadBasicAuthentication() throws Exception {
440
UsernamePasswordCredentials creds =
441
new UsernamePasswordCredentials("testuser", "testpass");
443
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
444
handlerchain.appendHandler(new AuthRequestHandler(creds));
445
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
447
HttpState state = new HttpState();
448
AuthScope authscope = new AuthScope(
449
this.server.getLocalAddress(),
450
this.server.getLocalPort(),
452
state.setCredentials(authscope, creds);
453
this.client.setState(state);
455
this.server.setRequestHandler(handlerchain);
457
HeadMethod head = new HeadMethod("/test/");
459
this.client.executeMethod(head);
461
head.releaseConnection();
463
assertNotNull(head.getStatusLine());
464
assertEquals(HttpStatus.SC_OK, head.getStatusLine().getStatusCode());
465
Header auth = head.getRequestHeader("Authorization");
467
String expected = "Basic " + EncodingUtil.getAsciiString(
468
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
469
assertEquals(expected, auth.getValue());
470
AuthState authstate = head.getHostAuthState();
471
assertNotNull(authstate.getAuthScheme());
472
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
473
assertEquals("test", authstate.getRealm());
476
public void testPostBasicAuthentication() throws Exception {
477
UsernamePasswordCredentials creds =
478
new UsernamePasswordCredentials("testuser", "testpass");
480
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
481
handlerchain.appendHandler(new AuthRequestHandler(creds));
482
handlerchain.appendHandler(new HttpServiceHandler(new EchoService()));
484
HttpState state = new HttpState();
485
AuthScope authscope = new AuthScope(
486
this.server.getLocalAddress(),
487
this.server.getLocalPort(),
489
state.setCredentials(authscope, creds);
490
this.client.setState(state);
492
this.server.setRequestHandler(handlerchain);
494
PostMethod post = new PostMethod("/test/");
495
post.setRequestEntity(new StringRequestEntity("Test body"));
497
this.client.executeMethod(post);
498
assertEquals("Test body", post.getResponseBodyAsString());
500
post.releaseConnection();
502
assertNotNull(post.getStatusLine());
503
assertEquals(HttpStatus.SC_OK, post.getStatusLine().getStatusCode());
504
Header auth = post.getRequestHeader("Authorization");
506
String expected = "Basic " + EncodingUtil.getAsciiString(
507
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
508
assertEquals(expected, auth.getValue());
509
AuthState authstate = post.getHostAuthState();
510
assertNotNull(authstate.getAuthScheme());
511
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
512
assertEquals("test", authstate.getRealm());
515
public void testPutBasicAuthentication() throws Exception {
516
UsernamePasswordCredentials creds =
517
new UsernamePasswordCredentials("testuser", "testpass");
519
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
520
handlerchain.appendHandler(new AuthRequestHandler(creds));
521
handlerchain.appendHandler(new HttpServiceHandler(new EchoService()));
523
HttpState state = new HttpState();
524
AuthScope authscope = new AuthScope(
525
this.server.getLocalAddress(),
526
this.server.getLocalPort(),
528
state.setCredentials(authscope, creds);
529
this.client.setState(state);
531
this.server.setRequestHandler(handlerchain);
533
PutMethod put = new PutMethod("/test/");
534
put.setRequestEntity(new StringRequestEntity("Test body"));
536
this.client.executeMethod(put);
537
assertEquals("Test body", put.getResponseBodyAsString());
539
put.releaseConnection();
541
assertNotNull(put.getStatusLine());
542
assertEquals(HttpStatus.SC_OK, put.getStatusLine().getStatusCode());
543
Header auth = put.getRequestHeader("Authorization");
545
String expected = "Basic " + EncodingUtil.getAsciiString(
546
Base64.encodeBase64(EncodingUtil.getAsciiBytes("testuser:testpass")));
547
assertEquals(expected, auth.getValue());
548
AuthState authstate = put.getHostAuthState();
549
assertNotNull(authstate.getAuthScheme());
550
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
551
assertEquals("test", authstate.getRealm());
554
public void testPreemptiveAuthorizationFailure() throws Exception {
555
UsernamePasswordCredentials creds =
556
new UsernamePasswordCredentials("testuser", "testpass");
557
UsernamePasswordCredentials wrongcreds =
558
new UsernamePasswordCredentials("testuser", "garbage");
560
HttpRequestHandlerChain handlerchain = new HttpRequestHandlerChain();
561
handlerchain.appendHandler(new AuthRequestHandler(creds));
562
handlerchain.appendHandler(new HttpServiceHandler(new FeedbackService()));
564
HttpState state = new HttpState();
565
state.setCredentials(AuthScope.ANY, wrongcreds);
566
this.client.setState(state);
567
this.client.getParams().setAuthenticationPreemptive(true);
569
this.server.setRequestHandler(handlerchain);
571
GetMethod httpget = new GetMethod("/test/");
573
this.client.executeMethod(httpget);
575
httpget.releaseConnection();
577
assertNotNull(httpget.getStatusLine());
578
assertEquals(HttpStatus.SC_UNAUTHORIZED, httpget.getStatusLine().getStatusCode());
579
AuthState authstate = httpget.getHostAuthState();
580
assertNotNull(authstate.getAuthScheme());
581
assertTrue(authstate.getAuthScheme() instanceof BasicScheme);
582
assertEquals("test", authstate.getRealm());
583
assertTrue(authstate.isPreemptive());