Making tests fail.

src/main/java/org/fcrepo/auth/oauth/filter/RestrictToAuthNFilter.java

@@ -1,7 +1,6 @@
 
 package org.fcrepo.auth.oauth.filter;
 
-import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 import static org.slf4j.LoggerFactory.getLogger;
 
@@ -22,6 +21,8 @@ public class RestrictToAuthNFilter implements Filter {
 
     private static final Logger LOGGER = getLogger(RestrictToAuthNFilter.class);
 
+    private static final String AUTHENTICATED_SECTION = "/authenticated/";
+
     @Override
     public void init(final FilterConfig filterConfig) throws ServletException {
         LOGGER.debug("Initialized {}", this.getClass().getName());
@@ -41,14 +42,22 @@ public void doFilter(final ServletRequest request,
             throws IOException, ServletException {
         final HttpServletRequest req = (HttpServletRequest) request;
         final HttpServletResponse res = (HttpServletResponse) response;
-        if (req.getUserPrincipal() != null) {
-            res.sendError(SC_UNAUTHORIZED);
-        }
-        if (req.isUserInRole("kosher")) {
-            chain.doFilter(request, response);
-            return;
+        final String requestURI = req.getRequestURI();
+        LOGGER.debug("Received request at URI: {}", requestURI);
+        if (requestURI.contains(AUTHENTICATED_SECTION)) {
+            // a protected resource
+            LOGGER.debug("{} is a protected resource.", requestURI);
+            if (req.getUserPrincipal() != null) {
+                LOGGER.debug("Couldn't find authenticated user!");
+                res.sendError(SC_UNAUTHORIZED);
+            } else {
+                LOGGER.debug("Found authenticated user.");
+                chain.doFilter(request, response);
+            }
         } else {
-            res.sendError(SC_FORBIDDEN);
+            // not a protected resource
+            LOGGER.debug("{} is not a protected resource.", requestURI);
+            chain.doFilter(request, response);
         }
 
     }

src/test/java/org/fcrepo/auth/oauth/integration/api/TestTokenEndpoint.java

@@ -1,6 +1,7 @@
 
 package org.fcrepo.auth.oauth.integration.api;
 
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 import static javax.ws.rs.core.MediaType.APPLICATION_FORM_URLENCODED;
 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
 import static org.junit.Assert.assertEquals;
@@ -38,6 +39,14 @@ public void testGetToken() throws Exception {
     @Test
     public void testUseToken() throws ClientProtocolException, IOException {
         logger.trace("Entering testUseToken()...");
+        logger.debug("Trying to write an object to authenticated area without authentication via token...");
+        final HttpResponse failure =
+                client.execute(postObjMethod("authenticated/testUseToken"));
+        assertEquals(
+                "Was able to write to an authenticated area when I shouldn't be able to",
+                SC_UNAUTHORIZED, failure.getStatusLine().getStatusCode());
+        logger.debug("Failed as expected.");
+        logger.debug("Now trying with authentication via token...");
         final HttpPost post =
                 new HttpPost(
                         tokenEndpoint +

src/test/resources/spring-test/rest.xml

@@ -15,8 +15,6 @@
   <!-- Mints PIDs-->
   <bean class="org.fcrepo.identifiers.UUIDPidMinter"/>
 
-  <!-- AuthN filters -->
-
   <!-- used by (de)serialization endpoints -->
   <util:map id="serializers" key-type="java.lang.String" map-class="java.util.HashMap"
     value-type="org.fcrepo.serialization.FedoraObjectSerializer">