/** * This test verifies the precedence of Authorization Information. Setting authorization * information on the Message takes precedence over a Basic Auth Supplier with preemptive * UserPass, and that followed by setting it directly on the Conduit. */ @Test public void testAuthPolicyPrecedence() throws Exception { Bus bus = new ExtensionManagerBus(); EndpointInfo ei = new EndpointInfo(); ei.setAddress("http://nowhere.com/bar/foo"); HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null); conduit.finalizeConfig(); conduit.getAuthorization().setUserName("Satan"); conduit.getAuthorization().setPassword("hell"); Message message = getNewMessage(); // Test call conduit.prepare(message); Map<String, List<String>> headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS)); assertNotNull("Authorization Header should exist", headers.get("Authorization")); assertEquals( "Unexpected Authorization Token", "Basic " + Base64Utility.encode("Satan:hell".getBytes()), headers.get("Authorization").get(0)); // Setting a Basic Auth User Pass should override conduit.setAuthSupplier(new TestAuthSupplier()); message = getNewMessage(); // Test Call conduit.prepare(message); headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS)); List<String> authorization = headers.get("Authorization"); assertNotNull("Authorization Token must be set", authorization); assertEquals("Wrong Authorization Token", "myauth", authorization.get(0)); conduit.setAuthSupplier(null); // Setting authorization policy on the message should override // conduit setting AuthorizationPolicy authPolicy = new AuthorizationPolicy(); authPolicy.setUserName("Hello"); authPolicy.setPassword("world"); authPolicy.setAuthorizationType("Basic"); message = getNewMessage(); message.put(AuthorizationPolicy.class, authPolicy); conduit.prepare(message); headers = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS)); assertEquals( "Unexpected Authorization Token", "Basic " + Base64Utility.encode("Hello:world".getBytes()), headers.get("Authorization").get(0)); }