@Test
public void testAuthPolicyFromEndpointInfo() throws Exception {
Bus bus = new ExtensionManagerBus();
EndpointInfo ei = new EndpointInfo();
AuthorizationPolicy ap = new AuthorizationPolicy();
ap.setPassword("password");
ap.setUserName("testUser");
ei.addExtensor(ap);
ei.setAddress("http://nowhere.com/bar/foo");
HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null);
conduit.finalizeConfig();
Message message = getNewMessage();
// Test call
conduit.prepare(message);
Map<String, List<String>> headers =
CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));
assertNotNull("Authorization Header should exist", headers.get("Authorization"));
assertEquals(
"Unexpected Authorization Token",
"Basic " + Base64Utility.encode("testUser:password".getBytes()),
headers.get("Authorization").get(0));
}
/**
* Cache HTTP headers in message.
*
* @param message the current message
*/
protected void setHeaders(Message message) {
Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
copyRequestHeaders(message, requestHeaders);
message.put(Message.PROTOCOL_HEADERS, requestHeaders);
if (requestHeaders.containsKey("Authorization")) {
List<String> authorizationLines = requestHeaders.get("Authorization");
String credentials = authorizationLines.get(0);
String authType = credentials.split(" ")[0];
if ("Basic".equals(authType)) {
String authEncoded = credentials.split(" ")[1];
try {
String authDecoded = new String(Base64Utility.decode(authEncoded));
String authInfo[] = authDecoded.split(":");
String username = (authInfo.length > 0) ? authInfo[0] : "";
// Below line for systems that blank out password after authentication;
// see CXF-1495 for more info
String password = (authInfo.length > 1) ? authInfo[1] : "";
AuthorizationPolicy policy = new AuthorizationPolicy();
policy.setUserName(username);
policy.setPassword(password);
message.put(AuthorizationPolicy.class, policy);
} catch (Base64Exception ex) {
// ignore, we'll leave things alone. They can try decoding it themselves
}
}
}
if (LOG.isLoggable(Level.FINE)) {
LOG.log(Level.FINE, "Request Headers: " + requestHeaders.toString());
}
}
/**
* This test verifies the precedence of Authorization Information. Setting authorization
* information on the Message takes precedence over a Basic Auth Supplier with preemptive
* UserPass, and that followed by setting it directly on the Conduit.
*/
@Test
public void testAuthPolicyPrecedence() throws Exception {
Bus bus = new ExtensionManagerBus();
EndpointInfo ei = new EndpointInfo();
ei.setAddress("http://nowhere.com/bar/foo");
HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null);
conduit.finalizeConfig();
conduit.getAuthorization().setUserName("Satan");
conduit.getAuthorization().setPassword("hell");
Message message = getNewMessage();
// Test call
conduit.prepare(message);
Map<String, List<String>> headers =
CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));
assertNotNull("Authorization Header should exist", headers.get("Authorization"));
assertEquals(
"Unexpected Authorization Token",
"Basic " + Base64Utility.encode("Satan:hell".getBytes()),
headers.get("Authorization").get(0));
// Setting a Basic Auth User Pass should override
conduit.setAuthSupplier(new TestAuthSupplier());
message = getNewMessage();
// Test Call
conduit.prepare(message);
headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));
List<String> authorization = headers.get("Authorization");
assertNotNull("Authorization Token must be set", authorization);
assertEquals("Wrong Authorization Token", "myauth", authorization.get(0));
conduit.setAuthSupplier(null);
// Setting authorization policy on the message should override
// conduit setting
AuthorizationPolicy authPolicy = new AuthorizationPolicy();
authPolicy.setUserName("Hello");
authPolicy.setPassword("world");
authPolicy.setAuthorizationType("Basic");
message = getNewMessage();
message.put(AuthorizationPolicy.class, authPolicy);
conduit.prepare(message);
headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS));
assertEquals(
"Unexpected Authorization Token",
"Basic " + Base64Utility.encode("Hello:world".getBytes()),
headers.get("Authorization").get(0));
}