@Test
public void testNoChallengeGET() throws IOException, ServletException {
SimpleHttpRequest request = new SimpleHttpRequest();
request.setMethod("GET");
SimpleHttpResponse response = new SimpleHttpResponse();
SimpleFilterChain chain = new SimpleFilterChain();
this.filter.doFilter(request, response, chain);
// unlike servlet filters, it's a passthrough
assertEquals(500, response.getStatus());
}
@Test
public void testUnsupportedSecurityPackagePassthrough() throws IOException, ServletException {
SimpleFilterChain filterChain = new SimpleFilterChain();
SimpleHttpRequest request = new SimpleHttpRequest();
request.addHeader("Authorization", "Unsupported challenge");
SimpleHttpResponse response = new SimpleHttpResponse();
this.filter.doFilter(request, response, filterChain);
// the filter should ignore authorization for an unsupported security package, ie. not return a
// 401
assertEquals(500, response.getStatus());
}
@Test
public void testGuestIsDisabled() throws IOException, ServletException {
String securityPackage = "Negotiate";
SimpleFilterChain filterChain = new SimpleFilterChain();
SimpleHttpRequest request = new SimpleHttpRequest();
String clientToken = BaseEncoding.base64().encode("Guest".getBytes());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
this.filter.doFilter(request, response, filterChain);
assertEquals(401, response.getStatus());
assertNull(SecurityContextHolder.getContext().getAuthentication());
}
/**
* Test challenge get.
*
* @throws IOException Signals that an I/O exception has occurred.
* @throws ServletException the servlet exception
*/
@Test
public void testChallengeGET() throws IOException, ServletException {
final SimpleHttpRequest request = new SimpleHttpRequest();
request.setMethod("GET");
final SimpleHttpResponse response = new SimpleHttpResponse();
this.entryPoint.commence(request, response, null);
final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
Assert.assertEquals(3, wwwAuthenticates.length);
Assert.assertEquals("NTLM", wwwAuthenticates[0]);
Assert.assertEquals("Negotiate", wwwAuthenticates[1]);
Assert.assertTrue(wwwAuthenticates[2].equals("Basic realm=\"TestRealm\""));
Assert.assertEquals(2, response.getHeaderNamesSize());
Assert.assertEquals("keep-alive", response.getHeader("Connection"));
Assert.assertEquals(401, response.getStatus());
}
@Test
public void testNegotiate() throws IOException, ServletException {
String securityPackage = "Negotiate";
SimpleFilterChain filterChain = new SimpleFilterChain();
SimpleHttpRequest request = new SimpleHttpRequest();
String clientToken =
BaseEncoding.base64().encode(WindowsAccountImpl.getCurrentUsername().getBytes());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
this.filter.doFilter(request, response, filterChain);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
assertNotNull(auth);
GrantedAuthority[] authorities = auth.getAuthorities();
assertNotNull(authorities);
assertEquals(3, authorities.length);
assertEquals("ROLE_USER", authorities[0].getAuthority());
assertEquals("ROLE_USERS", authorities[1].getAuthority());
assertEquals("ROLE_EVERYONE", authorities[2].getAuthority());
assertEquals(0, response.getHeaderNamesSize());
}