@Test
  public void shouldNotAllowUnauthenticatedRestUsersEndpointWithPATCH() throws AuthException {

    // Given
    MessageInfo messageInfo = mock(MessageInfo.class);
    HttpServletRequest request = mock(HttpServletRequest.class);

    given(request.getContextPath()).willReturn("/openam");
    given(request.getRequestURI()).willReturn("/openam/json/users");
    given(request.getMethod()).willReturn("PATCH");
    given(request.getRequestURL()).willReturn(new StringBuffer("http://www.example.com"));
    given(messageInfo.getRequestMessage()).willReturn(request);

    given(endpointManager.findEndpoint("/users")).willReturn("/users");

    // When
    openAmSessionModule.validateRequest(messageInfo, null, null);

    // Then
    verify(localSSOTokenSessionModule).validateRequest(messageInfo, null, null);
  }
  @Test
  public void shouldAllowUnauthenticatedRestUsersEndpointWithPOSTAndActionRegister()
      throws AuthException {

    // Given
    MessageInfo messageInfo = mock(MessageInfo.class);
    HttpServletRequest request = mock(HttpServletRequest.class);

    given(request.getContextPath()).willReturn("/openam");
    given(request.getRequestURI()).willReturn("/openam/json/users");
    given(request.getQueryString()).willReturn("other1=valueA&_action=register&other2=valueb");
    given(request.getMethod()).willReturn("POST");
    given(messageInfo.getRequestMessage()).willReturn(request);

    given(endpointManager.findEndpoint("/users")).willReturn("/users");

    // When
    openAmSessionModule.validateRequest(messageInfo, null, null);

    // Then
    verify(localSSOTokenSessionModule, never()).validateRequest(messageInfo, null, null);
  }
  @Test
  public void shouldAllowUnauthenticatedRestAuthEndpointWithPOST()
      throws IOException, ServletException, AuthException {

    // Given
    HttpServletRequest request = mock(HttpServletRequest.class);
    MessageInfo messageInfo = mock(MessageInfo.class);
    given(request.getContextPath()).willReturn("/openam");
    given(request.getRequestURI()).willReturn("/openam/json/authenticate");
    given(request.getMethod()).willReturn("POST");
    given(request.getRequestURL()).willReturn(new StringBuffer("http://example.com:8080/openam"));
    given(request.getContextPath()).willReturn("/openam");
    given(messageInfo.getRequestMessage()).willReturn(request);

    given(endpointManager.findEndpoint("/authenticate")).willReturn("/authenticate");

    // When
    openAmSessionModule.validateRequest(messageInfo, null, null);

    // Then
    verify(localSSOTokenSessionModule, never()).validateRequest(messageInfo, null, null);
  }