@Test
public void testSecurityCheckParameters() {
_authenticator.setAuth(new MockWindowsAuthProvider());
SimpleHttpRequest request = new SimpleHttpRequest();
request.addParameter("j_security_check", "");
request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
request.addParameter("j_password", "");
SimpleHttpResponse response = new SimpleHttpResponse();
assertTrue(_authenticator.authenticate(request, response));
}
public void testProgrammaticSecurity() throws ServletException {
_authenticator.setAuth(new MockWindowsAuthProvider());
SimpleHttpRequest request = new SimpleHttpRequest();
request.setContext((Context) _authenticator.getContainer());
request.login(WindowsAccountImpl.getCurrentUsername(), "");
assertEquals(WindowsAccountImpl.getCurrentUsername(), request.getRemoteUser());
assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request.getUserPrincipal();
assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
}
@Before
public void setUp() throws LifecycleException {
_authenticator = new MixedAuthenticator();
SimpleContext ctx = new SimpleContext();
Realm realm = new SimpleRealm();
ctx.setRealm(realm);
SimpleEngine engine = new SimpleEngine();
ctx.setParent(engine);
SimplePipeline pipeline = new SimplePipeline();
engine.setPipeline(pipeline);
ctx.setPipeline(pipeline);
ctx.setAuthenticator(_authenticator);
_authenticator.setContainer(ctx);
_authenticator.start();
}
@Test
public void testGet() {
SimpleHttpRequest request = new SimpleHttpRequest();
SimpleHttpResponse response = new SimpleHttpResponse();
assertFalse(_authenticator.authenticate(request, response));
assertEquals(304, response.getStatus());
assertEquals("login.html", response.getHeader("Location"));
assertEquals(1, response.getHeaderNames().size());
}
@Test
public void testNegotiate() throws IOException {
String securityPackage = "Negotiate";
// client credentials handle
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
// negotiate
boolean authenticated = false;
SimpleHttpRequest request = new SimpleHttpRequest();
request.setQueryString("j_negotiate_check");
while (true) {
String clientToken = Base64.encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
authenticated = _authenticator.authenticate(request, response);
if (authenticated) {
assertTrue(response.getHeaderNames().size() >= 0);
break;
}
assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
assertEquals("keep-alive", response.getHeader("Connection"));
assertEquals(2, response.getHeaderNames().size());
assertEquals(401, response.getStatus());
String continueToken =
response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
byte[] continueTokenBytes = Base64.decode(continueToken);
assertTrue(continueTokenBytes.length > 0);
SecBufferDesc continueTokenBuffer =
new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
clientContext.initialize(
clientContext.getHandle(),
continueTokenBuffer,
WindowsAccountImpl.getCurrentUsername());
}
assertTrue(authenticated);
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
@Test
public void testPostSecurityCheck() {
SimpleHttpRequest request = new SimpleHttpRequest();
request.setQueryString("j_security_check");
request.addParameter("j_username", "username");
request.addParameter("j_password", "password");
SimpleHttpResponse response = new SimpleHttpResponse();
assertFalse(_authenticator.authenticate(request, response));
assertEquals(304, response.getStatus());
assertEquals("error.html", response.getHeader("Location"));
assertEquals(1, response.getHeaderNames().size());
}
@Test
public void testChallengeGET() throws IOException {
SimpleHttpRequest request = new SimpleHttpRequest();
request.setMethod("GET");
request.setQueryString("j_negotiate_check");
SimpleHttpResponse response = new SimpleHttpResponse();
_authenticator.authenticate(request, response);
String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
assertEquals(2, wwwAuthenticates.length);
assertEquals("Negotiate", wwwAuthenticates[0]);
assertEquals("NTLM", wwwAuthenticates[1]);
assertEquals("close", response.getHeader("Connection"));
assertEquals(2, response.getHeaderNames().size());
assertEquals(401, response.getStatus());
}
@Test
public void testChallengePOST() throws IOException {
String securityPackage = "Negotiate";
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
SimpleHttpRequest request = new SimpleHttpRequest();
request.setQueryString("j_negotiate_check");
request.setMethod("POST");
request.setContentLength(0);
String clientToken = Base64.encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
_authenticator.authenticate(request, response);
assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
assertEquals("keep-alive", response.getHeader("Connection"));
assertEquals(2, response.getHeaderNames().size());
assertEquals(401, response.getStatus());
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
@Test
public void testGetInfo() {
assertTrue(_authenticator.getInfo().length() > 0);
}
@After
public void tearDown() throws LifecycleException {
_authenticator.stop();
}