PageRenderTime 42ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 1ms

/trunk/org.mwc.asset.comms/docs/restlet_src/org.restlet.test/org/restlet/test/security/HttpBasicTestCase.java

https://bitbucket.org/haris_peco/debrief
Java | 283 lines | 187 code | 52 blank | 44 comment | 3 complexity | a63fbffe2b25782b06e7d4fb0d176a43 MD5 | raw file
    

  1. /**
    2. 

  2.  * Copyright 2005-2010 Noelios Technologies.
    3. 

  3.  * 
    4. 

  4.  * The contents of this file are subject to the terms of one of the following
    5. 

  5.  * open source licenses: LGPL 3.0 or LGPL 2.1 or CDDL 1.0 or EPL 1.0 (the
    6. 

  6.  * "Licenses"). You can select the license that you prefer but you may not use
    7. 

  7.  * this file except in compliance with one of these Licenses.
    8. 

  8.  * 
    9. 

  9.  * You can obtain a copy of the LGPL 3.0 license at
    10. 

  10.  * http://www.opensource.org/licenses/lgpl-3.0.html
    11. 

  11.  * 
    12. 

  12.  * You can obtain a copy of the LGPL 2.1 license at
    13. 

  13.  * http://www.opensource.org/licenses/lgpl-2.1.php
    14. 

  14.  * 
    15. 

  15.  * You can obtain a copy of the CDDL 1.0 license at
    16. 

  16.  * http://www.opensource.org/licenses/cddl1.php
    17. 

  17.  * 
    18. 

  18.  * You can obtain a copy of the EPL 1.0 license at
    19. 

  19.  * http://www.opensource.org/licenses/eclipse-1.0.php
    20. 

  20.  * 
    21. 

  21.  * See the Licenses for the specific language governing permissions and
    22. 

  22.  * limitations under the Licenses.
    23. 

  23.  * 
    24. 

  24.  * Alternatively, you can obtain a royalty free commercial license with less
    25. 

  25.  * limitations, transferable or non-transferable, directly at
    26. 

  26.  * http://www.noelios.com/products/restlet-engine
    27. 

  27.  * 
    28. 

  28.  * Restlet is a registered trademark of Noelios Technologies.
    29. 

  29.  */
    30. 

  30. 

  31. package org.restlet.test.security;
    32. 

  32. 

  33. import java.util.Arrays;
    34. 

  34. 

  35. import org.junit.After;
    36. 

  36. import org.junit.Before;
    37. 

  37. import org.restlet.Application;
    38. 

  38. import org.restlet.Client;
    39. 

  39. import org.restlet.Component;
    40. 

  40. import org.restlet.Request;
    41. 

  41. import org.restlet.Response;
    42. 

  42. import org.restlet.Restlet;
    43. 

  43. import org.restlet.data.ChallengeResponse;
    44. 

  44. import org.restlet.data.ChallengeScheme;
    45. 

  45. import org.restlet.data.MediaType;
    46. 

  46. import org.restlet.data.Method;
    47. 

  47. import org.restlet.data.Protocol;
    48. 

  48. import org.restlet.data.Status;
    49. 

  49. import org.restlet.security.ChallengeAuthenticator;
    50. 

  50. import org.restlet.security.MapVerifier;
    51. 

  51. import org.restlet.test.RestletTestCase;
    52. 

  52. 

  53. /**
    54. 

  54.  * Restlet unit tests for HTTP Basic authentication client/server. By default,
    55. 

  55.  * runs server on localhost on port {@value #DEFAULT_PORT}, which can be
    56. 

  56.  * overridden by setting system property {@value #RESTLET_TEST_PORT}
    57. 

  57.  * 
    58. 

  58.  * @author Stian Soiland
    59. 

  59.  * @author Jerome Louvel
    60. 

  60.  */
    61. 

  61. public class HttpBasicTestCase extends RestletTestCase {
    62. 

  62. 

  63.     public class AuthenticatedRestlet extends Restlet {
    64. 

  64.         @Override
    65. 

  65.         public void handle(Request request, Response response) {
    66. 

  66.             response.setEntity(AUTHENTICATED_MSG, MediaType.TEXT_PLAIN);
    67. 

  67.         }
    68. 

  68.     }
    69. 

  69. 

  70.     public class TestVerifier extends MapVerifier {
    71. 

  71.         public TestVerifier() {
    72. 

  72.             getLocalSecrets().put(SHORT_USERNAME, SHORT_PASSWORD.toCharArray());
    73. 

  73.             getLocalSecrets().put(LONG_USERNAME, LONG_PASSWORD.toCharArray());
    74. 

  74.         }
    75. 

  75. 

  76.         @Override
    77. 

  77.         public boolean verify(String identifier, char[] inputSecret) {
    78. 

  78.             // NOTE: Allocating Strings are not really secure treatment of
    79. 

  79.             // passwords
    80. 

  80.             final String almostSecret = new String(inputSecret);
    81. 

  81.             System.out.println("Checking " + identifier + " " + almostSecret);
    82. 

  82.             try {
    83. 

  83.                 return super.verify(identifier, inputSecret);
    84. 

  84.             } finally {
    85. 

  85.                 // Clear secret from memory as soon as possible (This is better
    86. 

  86.                 // treatment, but of course useless due to our almostSecret
    87. 

  87.                 // copy)
    88. 

  88.                 Arrays.fill(inputSecret, '\000');
    89. 

  89.             }
    90. 

  90.         }
    91. 

  91.     }
    92. 

  92. 

  93.     public static final String WRONG_USERNAME = "wrongUser";
    94. 

  94. 

  95.     public static final String SHORT_USERNAME = "user13";
    96. 

  96. 

  97.     public static final String SHORT_PASSWORD = "pw15";
    98. 

  98. 

  99.     public static final String LONG_USERNAME = "aVeryLongUsernameIsIndeedRequiredForThisTest";
    100. 

  100. 

  101.     public static final String LONG_PASSWORD = "thisLongPasswordIsExtremelySecure";
    102. 

  102. 

  103.     public static final String AUTHENTICATED_MSG = "You are authenticated";
    104. 

  104. 

  105.     public static void main(String[] args) {
    106. 

  106.         new HttpBasicTestCase().testHTTPBasic();
    107. 

  107.     }
    108. 

  108. 

  109.     private Component component;
    110. 

  110. 

  111.     private String uri;
    112. 

  112. 

  113.     private ChallengeAuthenticator authenticator;
    114. 

  114. 

  115.     private MapVerifier verifier;
    116. 

  116. 

  117.     public void guardLong() {
    118. 

  118.         assertTrue("Didn't authenticate short user/pwd", this.verifier.verify(
    119. 

  119.                 LONG_USERNAME, LONG_PASSWORD.toCharArray()));
    120. 

  120.     }
    121. 

  121. 

  122.     public void guardLongWrong() {
    123. 

  123.         assertFalse("Authenticated long username with wrong password",
    124. 

  124.                 this.verifier.verify(LONG_USERNAME, SHORT_PASSWORD
    125. 

  125.                         .toCharArray()));
    126. 

  126.     }
    127. 

  127. 

  128.     // Test our guard.checkSecret() stand-alone
    129. 

  129.     public void guardShort() {
    130. 

  130.         assertTrue("Didn't authenticate short user/pwd", this.verifier.verify(
    131. 

  131.                 SHORT_USERNAME, SHORT_PASSWORD.toCharArray()));
    132. 

  132.     }
    133. 

  133. 

  134.     public void guardShortWrong() {
    135. 

  135.         assertFalse("Authenticated short username with wrong password",
    136. 

  136.                 this.verifier.verify(SHORT_USERNAME, LONG_PASSWORD
    137. 

  137.                         .toCharArray()));
    138. 

  138.     }
    139. 

  139. 

  140.     public void guardWrongUser() {
    141. 

  141.         assertFalse("Authenticated wrong username", this.verifier.verify(
    142. 

  142.                 WRONG_USERNAME, SHORT_PASSWORD.toCharArray()));
    143. 

  143.     }
    144. 

  144. 

  145.     public void HTTPBasicLong() throws Exception {
    146. 

  146.         final Request request = new Request(Method.GET, this.uri);
    147. 

  147.         final Client client = new Client(Protocol.HTTP);
    148. 

  148. 

  149.         final ChallengeResponse authentication = new ChallengeResponse(
    150. 

  150.                 ChallengeScheme.HTTP_BASIC, LONG_USERNAME, LONG_PASSWORD);
    151. 

  151.         request.setChallengeResponse(authentication);
    152. 

  152. 

  153.         final Response response = client.handle(request);
    154. 

  154.         assertEquals("Long username did not return 200 OK", Status.SUCCESS_OK,
    155. 

  155.                 response.getStatus());
    156. 

  156.         assertEquals(AUTHENTICATED_MSG, response.getEntity().getText());
    157. 

  157.         
    158. 

  158.         client.stop();
    159. 

  159.     }
    160. 

  160. 

  161.     public void HTTPBasicLongWrong() throws Exception {
    162. 

  162.         final Request request = new Request(Method.GET, this.uri);
    163. 

  163.         final Client client = new Client(Protocol.HTTP);
    164. 

  164. 

  165.         final ChallengeResponse authentication = new ChallengeResponse(
    166. 

  166.                 ChallengeScheme.HTTP_BASIC, LONG_USERNAME, SHORT_PASSWORD);
    167. 

  167.         request.setChallengeResponse(authentication);
    168. 

  168. 

  169.         final Response response = client.handle(request);
    170. 

  170. 

  171.         assertEquals("Long username w/wrong pw did not throw 403",
    172. 

  172.                 Status.CLIENT_ERROR_UNAUTHORIZED, response.getStatus());
    173. 

  173.         
    174. 

  174.         client.stop();
    175. 

  175.     }
    176. 

  176. 

  177.     // Test various HTTP Basic auth connections
    178. 

  178.     public void HTTPBasicNone() throws Exception {
    179. 

  179.         final Request request = new Request(Method.GET, this.uri);
    180. 

  180.         final Client client = new Client(Protocol.HTTP);
    181. 

  181.         final Response response = client.handle(request);
    182. 

  182.         assertEquals("No user did not throw 401",
    183. 

  183.                 Status.CLIENT_ERROR_UNAUTHORIZED, response.getStatus());
    184. 

  184.         client.stop();
    185. 

  185.     }
    186. 

  186. 

  187.     public void HTTPBasicShort() throws Exception {
    188. 

  188.         final Request request = new Request(Method.GET, this.uri);
    189. 

  189.         final Client client = new Client(Protocol.HTTP);
    190. 

  190. 

  191.         final ChallengeResponse authentication = new ChallengeResponse(
    192. 

  192.                 ChallengeScheme.HTTP_BASIC, SHORT_USERNAME, SHORT_PASSWORD);
    193. 

  193.         request.setChallengeResponse(authentication);
    194. 

  194. 

  195.         final Response response = client.handle(request);
    196. 

  196.         assertEquals("Short username did not return 200 OK", Status.SUCCESS_OK,
    197. 

  197.                 response.getStatus());
    198. 

  198.         assertEquals(AUTHENTICATED_MSG, response.getEntity().getText());
    199. 

  199.         
    200. 

  200.         client.stop();
    201. 

  201.     }
    202. 

  202. 

  203.     public void HTTPBasicShortWrong() throws Exception {
    204. 

  204.         final Request request = new Request(Method.GET, this.uri);
    205. 

  205.         final Client client = new Client(Protocol.HTTP);
    206. 

  206. 

  207.         final ChallengeResponse authentication = new ChallengeResponse(
    208. 

  208.                 ChallengeScheme.HTTP_BASIC, SHORT_USERNAME, LONG_PASSWORD);
    209. 

  209.         request.setChallengeResponse(authentication);
    210. 

  210. 

  211.         final Response response = client.handle(request);
    212. 

  212. 

  213.         assertEquals("Short username did not throw 401",
    214. 

  214.                 Status.CLIENT_ERROR_UNAUTHORIZED, response.getStatus());
    215. 

  215.         
    216. 

  216.         client.stop();
    217. 

  217.     }
    218. 

  218. 

  219.     public void HTTPBasicWrongUser() throws Exception {
    220. 

  220.         final Request request = new Request(Method.GET, this.uri);
    221. 

  221.         final Client client = new Client(Protocol.HTTP);
    222. 

  222. 

  223.         final ChallengeResponse authentication = new ChallengeResponse(
    224. 

  224.                 ChallengeScheme.HTTP_BASIC, WRONG_USERNAME, SHORT_PASSWORD);
    225. 

  225.         request.setChallengeResponse(authentication);
    226. 

  226. 

  227.         final Response response = client.handle(request);
    228. 

  228. 

  229.         assertEquals("Wrong username did not throw 401",
    230. 

  230.                 Status.CLIENT_ERROR_UNAUTHORIZED, response.getStatus());
    231. 

  231.         
    232. 

  232.         client.stop();
    233. 

  233.     }
    234. 

  234. 

  235.     @Before
    236. 

  236.     public void makeServer() throws Exception {
    237. 

  237.         int port = TEST_PORT;
    238. 

  238.         this.component = new Component();
    239. 

  239.         this.component.getServers().add(Protocol.HTTP, port);
    240. 

  240.         this.uri = "http://localhost:" + port + "/";
    241. 

  241. 

  242.         final Application application = new Application() {
    243. 

  243.             @Override
    244. 

  244.             public Restlet createInboundRoot() {
    245. 

  245.                 HttpBasicTestCase.this.verifier = new TestVerifier();
    246. 

  246.                 HttpBasicTestCase.this.authenticator = new ChallengeAuthenticator(
    247. 

  247.                         getContext(), ChallengeScheme.HTTP_BASIC,
    248. 

  248.                         HttpBasicTestCase.class.getSimpleName());
    249. 

  249.                 HttpBasicTestCase.this.authenticator
    250. 

  250.                         .setVerifier(HttpBasicTestCase.this.verifier);
    251. 

  251.                 HttpBasicTestCase.this.authenticator
    252. 

  252.                         .setNext(new AuthenticatedRestlet());
    253. 

  253.                 return HttpBasicTestCase.this.authenticator;
    254. 

  254.             }
    255. 

  255.         };
    256. 

  256. 

  257.         this.component.getDefaultHost().attach(application);
    258. 

  258.         this.component.start();
    259. 

  259.     }
    260. 

  260. 

  261.     @After
    262. 

  262.     public void stopServer() throws Exception {
    263. 

  263.         if ((this.component != null) && this.component.isStarted()) {
    264. 

  264.             this.component.stop();
    265. 

  265.         }
    266. 

  266.         this.component = null;
    267. 

  267.     }
    268. 

  268. 

  269.     public void testHTTPBasic() {
    270. 

  270.         try {
    271. 

  271.             makeServer();
    272. 

  272.             HTTPBasicWrongUser();
    273. 

  273.             HTTPBasicShort();
    274. 

  274.             HTTPBasicShortWrong();
    275. 

  275.             HTTPBasicNone();
    276. 

  276.             HTTPBasicLong();
    277. 

  277.             HTTPBasicLongWrong();
    278. 

  278.             stopServer();
    279. 

  279.         } catch (Exception e) {
    280. 

  280.             e.printStackTrace();
    281. 

  281.         }
    282. 

  282.     }
    283. 

  283. }
    284. 

  284.