Esempio n. 1
0
  @Test
  public void testAuthPolicyFromEndpointInfo() throws Exception {
    Bus bus = new ExtensionManagerBus();
    EndpointInfo ei = new EndpointInfo();
    AuthorizationPolicy ap = new AuthorizationPolicy();
    ap.setPassword("password");
    ap.setUserName("testUser");
    ei.addExtensor(ap);
    ei.setAddress("http://nowhere.com/bar/foo");
    HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null);
    conduit.finalizeConfig();
    Message message = getNewMessage();

    // Test call
    conduit.prepare(message);

    Map<String, List<String>> headers =
        CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));

    assertNotNull("Authorization Header should exist", headers.get("Authorization"));

    assertEquals(
        "Unexpected Authorization Token",
        "Basic " + Base64Utility.encode("testUser:password".getBytes()),
        headers.get("Authorization").get(0));
  }
  /**
   * Cache HTTP headers in message.
   *
   * @param message the current message
   */
  protected void setHeaders(Message message) {
    Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
    copyRequestHeaders(message, requestHeaders);
    message.put(Message.PROTOCOL_HEADERS, requestHeaders);

    if (requestHeaders.containsKey("Authorization")) {
      List<String> authorizationLines = requestHeaders.get("Authorization");
      String credentials = authorizationLines.get(0);
      String authType = credentials.split(" ")[0];
      if ("Basic".equals(authType)) {
        String authEncoded = credentials.split(" ")[1];
        try {
          String authDecoded = new String(Base64Utility.decode(authEncoded));
          String authInfo[] = authDecoded.split(":");
          String username = (authInfo.length > 0) ? authInfo[0] : "";
          // Below line for systems that blank out password after authentication;
          // see CXF-1495 for more info
          String password = (authInfo.length > 1) ? authInfo[1] : "";
          AuthorizationPolicy policy = new AuthorizationPolicy();
          policy.setUserName(username);
          policy.setPassword(password);

          message.put(AuthorizationPolicy.class, policy);
        } catch (Base64Exception ex) {
          // ignore, we'll leave things alone.  They can try decoding it themselves
        }
      }
    }

    if (LOG.isLoggable(Level.FINE)) {
      LOG.log(Level.FINE, "Request Headers: " + requestHeaders.toString());
    }
  }
Esempio n. 3
0
  /**
   * This test verifies the precedence of Authorization Information. Setting authorization
   * information on the Message takes precedence over a Basic Auth Supplier with preemptive
   * UserPass, and that followed by setting it directly on the Conduit.
   */
  @Test
  public void testAuthPolicyPrecedence() throws Exception {
    Bus bus = new ExtensionManagerBus();
    EndpointInfo ei = new EndpointInfo();
    ei.setAddress("http://nowhere.com/bar/foo");
    HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null);
    conduit.finalizeConfig();

    conduit.getAuthorization().setUserName("Satan");
    conduit.getAuthorization().setPassword("hell");
    Message message = getNewMessage();

    // Test call
    conduit.prepare(message);

    Map<String, List<String>> headers =
        CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));

    assertNotNull("Authorization Header should exist", headers.get("Authorization"));

    assertEquals(
        "Unexpected Authorization Token",
        "Basic " + Base64Utility.encode("Satan:hell".getBytes()),
        headers.get("Authorization").get(0));

    // Setting a Basic Auth User Pass should override
    conduit.setAuthSupplier(new TestAuthSupplier());
    message = getNewMessage();

    // Test Call
    conduit.prepare(message);

    headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));
    List<String> authorization = headers.get("Authorization");
    assertNotNull("Authorization Token must be set", authorization);
    assertEquals("Wrong Authorization Token", "myauth", authorization.get(0));

    conduit.setAuthSupplier(null);
    // Setting authorization policy on the message should override
    // conduit setting
    AuthorizationPolicy authPolicy = new AuthorizationPolicy();
    authPolicy.setUserName("Hello");
    authPolicy.setPassword("world");
    authPolicy.setAuthorizationType("Basic");
    message = getNewMessage();
    message.put(AuthorizationPolicy.class, authPolicy);

    conduit.prepare(message);

    headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));

    assertEquals(
        "Unexpected Authorization Token",
        "Basic " + Base64Utility.encode("Hello:world".getBytes()),
        headers.get("Authorization").get(0));
  }