@Test
 public void testSecurityCheckParameters() {
   _authenticator.setAuth(new MockWindowsAuthProvider());
   SimpleHttpRequest request = new SimpleHttpRequest();
   request.addParameter("j_security_check", "");
   request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
   request.addParameter("j_password", "");
   SimpleHttpResponse response = new SimpleHttpResponse();
   assertTrue(_authenticator.authenticate(request, response));
 }
  public void testProgrammaticSecurity() throws ServletException {
    _authenticator.setAuth(new MockWindowsAuthProvider());
    SimpleHttpRequest request = new SimpleHttpRequest();
    request.setContext((Context) _authenticator.getContainer());

    request.login(WindowsAccountImpl.getCurrentUsername(), "");

    assertEquals(WindowsAccountImpl.getCurrentUsername(), request.getRemoteUser());
    assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
    GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request.getUserPrincipal();
    assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
  }
 @Before
 public void setUp() throws LifecycleException {
   _authenticator = new MixedAuthenticator();
   SimpleContext ctx = new SimpleContext();
   Realm realm = new SimpleRealm();
   ctx.setRealm(realm);
   SimpleEngine engine = new SimpleEngine();
   ctx.setParent(engine);
   SimplePipeline pipeline = new SimplePipeline();
   engine.setPipeline(pipeline);
   ctx.setPipeline(pipeline);
   ctx.setAuthenticator(_authenticator);
   _authenticator.setContainer(ctx);
   _authenticator.start();
 }
 @Test
 public void testGet() {
   SimpleHttpRequest request = new SimpleHttpRequest();
   SimpleHttpResponse response = new SimpleHttpResponse();
   assertFalse(_authenticator.authenticate(request, response));
   assertEquals(304, response.getStatus());
   assertEquals("login.html", response.getHeader("Location"));
   assertEquals(1, response.getHeaderNames().size());
 }
  @Test
  public void testNegotiate() throws IOException {
    String securityPackage = "Negotiate";
    // client credentials handle
    IWindowsCredentialsHandle clientCredentials = null;
    WindowsSecurityContextImpl clientContext = null;
    try {
      // client credentials handle
      clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
      clientCredentials.initialize();
      // initial client security context
      clientContext = new WindowsSecurityContextImpl();
      clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
      clientContext.setCredentialsHandle(clientCredentials.getHandle());
      clientContext.setSecurityPackage(securityPackage);
      clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
      // negotiate
      boolean authenticated = false;
      SimpleHttpRequest request = new SimpleHttpRequest();
      request.setQueryString("j_negotiate_check");
      while (true) {
        String clientToken = Base64.encode(clientContext.getToken());
        request.addHeader("Authorization", securityPackage + " " + clientToken);

        SimpleHttpResponse response = new SimpleHttpResponse();
        authenticated = _authenticator.authenticate(request, response);

        if (authenticated) {
          assertTrue(response.getHeaderNames().size() >= 0);
          break;
        }

        assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
        assertEquals("keep-alive", response.getHeader("Connection"));
        assertEquals(2, response.getHeaderNames().size());
        assertEquals(401, response.getStatus());
        String continueToken =
            response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
        byte[] continueTokenBytes = Base64.decode(continueToken);
        assertTrue(continueTokenBytes.length > 0);
        SecBufferDesc continueTokenBuffer =
            new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
        clientContext.initialize(
            clientContext.getHandle(),
            continueTokenBuffer,
            WindowsAccountImpl.getCurrentUsername());
      }
      assertTrue(authenticated);
    } finally {
      if (clientContext != null) {
        clientContext.dispose();
      }
      if (clientCredentials != null) {
        clientCredentials.dispose();
      }
    }
  }
 @Test
 public void testPostSecurityCheck() {
   SimpleHttpRequest request = new SimpleHttpRequest();
   request.setQueryString("j_security_check");
   request.addParameter("j_username", "username");
   request.addParameter("j_password", "password");
   SimpleHttpResponse response = new SimpleHttpResponse();
   assertFalse(_authenticator.authenticate(request, response));
   assertEquals(304, response.getStatus());
   assertEquals("error.html", response.getHeader("Location"));
   assertEquals(1, response.getHeaderNames().size());
 }
 @Test
 public void testChallengeGET() throws IOException {
   SimpleHttpRequest request = new SimpleHttpRequest();
   request.setMethod("GET");
   request.setQueryString("j_negotiate_check");
   SimpleHttpResponse response = new SimpleHttpResponse();
   _authenticator.authenticate(request, response);
   String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
   assertEquals(2, wwwAuthenticates.length);
   assertEquals("Negotiate", wwwAuthenticates[0]);
   assertEquals("NTLM", wwwAuthenticates[1]);
   assertEquals("close", response.getHeader("Connection"));
   assertEquals(2, response.getHeaderNames().size());
   assertEquals(401, response.getStatus());
 }
 @Test
 public void testChallengePOST() throws IOException {
   String securityPackage = "Negotiate";
   IWindowsCredentialsHandle clientCredentials = null;
   WindowsSecurityContextImpl clientContext = null;
   try {
     // client credentials handle
     clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
     clientCredentials.initialize();
     // initial client security context
     clientContext = new WindowsSecurityContextImpl();
     clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
     clientContext.setCredentialsHandle(clientCredentials.getHandle());
     clientContext.setSecurityPackage(securityPackage);
     clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
     SimpleHttpRequest request = new SimpleHttpRequest();
     request.setQueryString("j_negotiate_check");
     request.setMethod("POST");
     request.setContentLength(0);
     String clientToken = Base64.encode(clientContext.getToken());
     request.addHeader("Authorization", securityPackage + " " + clientToken);
     SimpleHttpResponse response = new SimpleHttpResponse();
     _authenticator.authenticate(request, response);
     assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
     assertEquals("keep-alive", response.getHeader("Connection"));
     assertEquals(2, response.getHeaderNames().size());
     assertEquals(401, response.getStatus());
   } finally {
     if (clientContext != null) {
       clientContext.dispose();
     }
     if (clientCredentials != null) {
       clientCredentials.dispose();
     }
   }
 }
 @Test
 public void testGetInfo() {
   assertTrue(_authenticator.getInfo().length() > 0);
 }
示例#10
0
 @After
 public void tearDown() throws LifecycleException {
   _authenticator.stop();
 }