   * Makes a request after setting the user agent and verifies that the session cookie is NOT set.
   * @param userAgent
   * @throws Exception
  private void testCookieNotSetForKnownStateLessClients(String userAgent) throws Exception {
    TestContext context = TestContainer.getInstance().getTestContext();
    String username = context.getAdminUsername();
    String password = context.getPassword();
    String url = this.getBaseNexusUrl() + "content/";

    Header header = new Header("User-Agent", userAgent + "/1.6"); // user agent plus some version

    HttpClient httpClient = new HttpClient();
        .setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

    GetMethod getMethod = new GetMethod(url);
    assertThat(executeAndRelease(httpClient, getMethod), equalTo(200));

    Cookie sessionCookie = this.getSessionCookie(httpClient.getState().getCookies());
        "Session Cookie should not be set for user agent: " + userAgent,
  public void testCookieForStateFullClient() throws Exception {

    TestContext context = TestContainer.getInstance().getTestContext();
    String username = context.getAdminUsername();
    String password = context.getPassword();
    String url = this.getBaseNexusUrl() + "content/";

    // default useragent is: Jakarta Commons-HttpClient/3.1[\r][\n]
    HttpClient httpClient = new HttpClient();
        .setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));

    // stateful clients must login first, since other rest urls create no sessions
    String loginUrl = this.getBaseNexusUrl() + "service/local/authentication/login";
    httpClient.getParams().setAuthenticationPreemptive(true); // go straight to basic auth
    assertThat(executeAndRelease(httpClient, new GetMethod(loginUrl)), equalTo(200));

    GetMethod getMethod = new GetMethod(url);
    assertThat(executeAndRelease(httpClient, getMethod), equalTo(200));
    Cookie sessionCookie = this.getSessionCookie(httpClient.getState().getCookies());
    assertThat("Session Cookie not set", sessionCookie, notNullValue());
    httpClient.getState().clear(); // remove cookies, credentials, etc

    // do not set the cookie, expect failure
    GetMethod failedGetMethod = new GetMethod(url);
    assertThat(executeAndRelease(httpClient, failedGetMethod), equalTo(401));

    // set the cookie expect a 200, If a cookie is set, and cannot be found on the server, the
    // response will fail with a 401
    getMethod = new GetMethod(url);
    assertThat(executeAndRelease(httpClient, getMethod), equalTo(200));
   * 1.) Make a get request to set a cookie </BR> 2.) verify cookie works (do not send basic auth)
   * </BR> 3.) do logout </BR> 4.) repeat step 2 and expect failure.
  public void testLogout() throws Exception {
    TestContext context = TestContainer.getInstance().getTestContext();
    String username = context.getAdminUsername();
    String password = context.getPassword();
    String url = this.getBaseNexusUrl() + RequestFacade.SERVICE_LOCAL + "status";
    String logoutUrl =
        this.getBaseNexusUrl() + RequestFacade.SERVICE_LOCAL + "authentication/logout";

    Header userAgentHeader = new BasicHeader("User-Agent", "Something Stateful");

    // default useragent is: Jakarta Commons-HttpClient/3.1[\r][\n]
    DefaultHttpClient httpClient = new DefaultHttpClient();
    URI nexusBaseURI = new URI(url);
    final BasicHttpContext localcontext = new BasicHttpContext();
    final HttpHost targetHost =
        new HttpHost(nexusBaseURI.getHost(), nexusBaseURI.getPort(), nexusBaseURI.getScheme());
            new AuthScope(targetHost.getHostName(), targetHost.getPort()),
            new UsernamePasswordCredentials(username, password));
    AuthCache authCache = new BasicAuthCache();
    BasicScheme basicAuth = new BasicScheme();
    authCache.put(targetHost, basicAuth);
    localcontext.setAttribute(ClientContext.AUTH_CACHE, authCache);

    HttpGet getMethod = new HttpGet(url);
    try {
          httpClient.execute(getMethod, localcontext).getStatusLine().getStatusCode(), 200);
    } finally {

    Cookie sessionCookie = this.getSessionCookie(httpClient.getCookieStore().getCookies());
    Assert.assertNotNull("Session Cookie not set", sessionCookie);

    httpClient.getCookieStore().clear(); // remove cookies
    httpClient.getCredentialsProvider().clear(); // remove auth

    // now with just the cookie
    getMethod = new HttpGet(url);
    try {
      Assert.assertEquals(httpClient.execute(getMethod).getStatusLine().getStatusCode(), 200);
    } finally {

    // do logout
    HttpGet logoutGetMethod = new HttpGet(logoutUrl);
    try {
      final HttpResponse response = httpClient.execute(logoutGetMethod);
      Assert.assertEquals(response.getStatusLine().getStatusCode(), 200);
      Assert.assertEquals("OK", EntityUtils.toString(response.getEntity()));
    } finally {

    // set cookie again
    httpClient.getCookieStore().clear(); // remove cookies
    httpClient.getCredentialsProvider().clear(); // remove auth

    HttpGet failedGetMethod = new HttpGet(url);
    try {
      final HttpResponse response = httpClient.execute(failedGetMethod);
      Assert.assertEquals(response.getStatusLine().getStatusCode(), 401);
    } finally {