Java tutorial
/* * Copyright 2014 Harald Wellmann. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or * implied. * * See the License for the specific language governing permissions and * limitations under the License. */ package org.ops4j.pax.web.itest; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; import static org.ops4j.pax.exam.CoreOptions.junitBundles; import static org.ops4j.pax.exam.CoreOptions.linkBundle; import static org.ops4j.pax.exam.CoreOptions.options; import static org.ops4j.pax.web.itest.util.TestConfiguration.httpClientBundles; import static org.ops4j.pax.web.itest.util.TestConfiguration.logbackBundles; import static org.ops4j.pax.web.itest.util.TestConfiguration.paxUndertowBundles; import static org.ops4j.pax.web.itest.util.TestConfiguration.undertowBundles; import static org.ops4j.pax.web.itest.util.WebAssertions.getHttpPort; import javax.inject.Inject; import javax.servlet.ServletContext; import org.apache.http.HttpResponse; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.protocol.HttpClientContext; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; import org.junit.Test; import org.junit.runner.RunWith; import org.ops4j.pax.exam.Configuration; import org.ops4j.pax.exam.Option; import org.ops4j.pax.exam.junit.PaxExam; import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy; import org.ops4j.pax.exam.spi.reactors.PerClass; @RunWith(PaxExam.class) @ExamReactorStrategy(PerClass.class) public class DigestAuthenticationTest { @Inject private ServletContext servletContext; @Configuration public Option[] config() { return options(linkBundle("pax-web-sample-auth-digest"), httpClientBundles(), linkBundle("pax-web-sample-login"), undertowBundles(), paxUndertowBundles(), logbackBundles(), junitBundles()); } @Test public void shouldPermitAccess() throws Exception { assertThat(servletContext.getContextPath(), is("/digest")); String path = String.format("http://localhost:%d/digest/hello", getHttpPort()); HttpClientContext context = HttpClientContext.create(); BasicCredentialsProvider cp = new BasicCredentialsProvider(); cp.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("mustermann", "mustermann")); CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(cp).build(); HttpGet httpGet = new HttpGet(path); HttpResponse response = client.execute(httpGet, context); int statusCode = response.getStatusLine().getStatusCode(); assertThat(statusCode, is(200)); String text = EntityUtils.toString(response.getEntity()); assertThat(text, containsString("Hello from Pax Web!")); } @Test public void shouldDenyAccessOnWrongPassword() throws Exception { assertThat(servletContext.getContextPath(), is("/digest")); String path = String.format("http://localhost:%d/digest/hello", getHttpPort()); HttpClientContext context = HttpClientContext.create(); BasicCredentialsProvider cp = new BasicCredentialsProvider(); cp.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("mustermann", "wrong")); CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(cp).build(); HttpGet httpGet = new HttpGet(path); HttpResponse response = client.execute(httpGet, context); int statusCode = response.getStatusLine().getStatusCode(); assertThat(statusCode, is(401)); } @Test public void shouldPermitAccessToUnprotectedResource() throws Exception { assertThat(servletContext.getContextPath(), is("/digest")); String path = String.format("http://localhost:%d/digest/plain.txt", getHttpPort()); HttpClientContext context = HttpClientContext.create(); BasicCredentialsProvider cp = new BasicCredentialsProvider(); cp.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("mustermann", "wrong")); CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(cp).build(); HttpGet httpGet = new HttpGet(path); HttpResponse response = client.execute(httpGet, context); int statusCode = response.getStatusLine().getStatusCode(); assertThat(statusCode, is(200)); String text = EntityUtils.toString(response.getEntity()); assertThat(text, containsString("plain text")); } @Test public void shouldPermitUnauthenticatedAccessToUnprotectedResource() throws Exception { String path = String.format("http://localhost:%d/digest/plain.txt", getHttpPort()); HttpClientContext context = HttpClientContext.create(); CloseableHttpClient client = HttpClients.custom().build(); HttpGet httpGet = new HttpGet(path); HttpResponse response = client.execute(httpGet, context); int statusCode = response.getStatusLine().getStatusCode(); assertThat(statusCode, is(200)); String text = EntityUtils.toString(response.getEntity()); assertThat(text, containsString("plain text")); } }