[RESTEASY-2216] Tests for testing basic authentication with ClientReq…

…uestFilter
resteasy · Apr 29, 2019 · 05c3e53 · 05c3e53
1 parent b50cb35
commit 05c3e53
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 20 deletions.
diff --git a/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java b/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java
@@ -15,6 +15,7 @@
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
 import org.jboss.resteasy.setup.AbstractUsersRolesSecurityDomainSetup;
+import org.jboss.resteasy.test.security.resource.BasicAuthRequestFilter;
 import org.jboss.resteasy.test.security.resource.BasicAuthBaseProxy;
 import org.jboss.resteasy.test.security.resource.BasicAuthBaseResource;
 import org.jboss.resteasy.test.security.resource.BasicAuthBaseResourceAnybody;
@@ -57,36 +58,57 @@ public class BasicAuthTest {
    private static ResteasyClient unauthorizedClient;
    private static ResteasyClient noAutorizationClient;
 
-   @BeforeClass
-   public static void init() {
-      // authorizedClient
-      {
+    // Following clients are used in tests for ClientRequestFilter
+    private static ResteasyClient authorizedClientUsingRequestFilter;
+    private static ResteasyClient unauthorizedClientUsingRequestFilter;
+    private static ResteasyClient unauthorizedClientUsingRequestFilterWithWrongPassword;
+
+    @BeforeClass
+    public static void init() {
+        // authorizedClient
+        {
             UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("bill", "password1");
             CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
             credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY), credentials);
             CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(credentialsProvider).build();
-            ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client);
+           ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client);
             authorizedClient = new ResteasyClientBuilder().httpEngine(engine).build();
-      }
-      // unauthorizedClient
-      {
+        }
+        // unauthorizedClient
+        {
             UsernamePasswordCredentials credentials_other = new UsernamePasswordCredentials("ordinaryUser", "password2");
             CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
             credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY), credentials_other);
             CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(credentialsProvider).build();
-            ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client);
+           ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client);
             unauthorizedClient = new ResteasyClientBuilder().httpEngine(engine).build();
-      }
-      // noAutorizationClient
-      noAutorizationClient = new ResteasyClientBuilder().build();
-   }
+        }
+        // noAuthorizationClient
+        noAutorizationClient = new ResteasyClientBuilder().build();
 
-   @AfterClass
-   public static void after() throws Exception {
-      authorizedClient.close();
-      unauthorizedClient.close();
-      noAutorizationClient.close();
-   }
+        // authorizedClient with ClientRequestFilter
+        {
+            authorizedClientUsingRequestFilter = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("bill", "password1")).build();
+        }
+        // unauthorizedClient with ClientRequestFilter - unauthorized user
+        {
+            unauthorizedClientUsingRequestFilter = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("ordinaryUser", "password2")).build();
+        }
+        // unauthorizedClient with ClientRequestFilter - wrong password
+        {
+            unauthorizedClientUsingRequestFilterWithWrongPassword = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("bill", "password2")).build();
+        }
+    }
+
+    @AfterClass
+    public static void after() throws Exception {
+        authorizedClient.close();
+        unauthorizedClient.close();
+        noAutorizationClient.close();
+        authorizedClientUsingRequestFilter.close();
+        unauthorizedClientUsingRequestFilter.close();
+        unauthorizedClientUsingRequestFilterWithWrongPassword.close();
+    }
 
    @Deployment
    public static Archive<?> deployLocatingResource() {
@@ -255,7 +277,39 @@ public void testContentTypeWithUnauthorizedMessage() {
       Assert.assertEquals("Incorrect Content-type header", "text/html;charset=UTF-8", response.getHeaderString("Content-type"));
    }
 
-   static class SecurityDomainSetup extends AbstractUsersRolesSecurityDomainSetup {
+    /**
+     * @tpTestDetails Test secured resource with correct credentials. Authentication is done using BasicAuthRequestFilter.
+     * @tpSince RESTEasy 3.7.0
+     */
+    @Test
+    public void testWithClientRequestFilterAuthorizedUser() {
+        Response response = authorizedClientUsingRequestFilter.target(generateURL("/secured/authorized")).request().get();
+        Assert.assertEquals(HttpResponseCodes.SC_OK, response.getStatus());
+        Assert.assertEquals(WRONG_RESPONSE, "authorized", response.readEntity(String.class));
+    }
+
+    /**
+     * @tpTestDetails Test secured resource with incorrect credentials. Authentication is done using BasicAuthRequestFilter.
+     * @tpSince RESTEasy 3.7.0
+     */
+    @Test
+    public void testWithClientRequestFilterWrongPassword(){
+        Response response = unauthorizedClientUsingRequestFilterWithWrongPassword.target(generateURL("/secured/authorized")).request().get();
+        Assert.assertEquals(HttpResponseCodes.SC_UNAUTHORIZED, response.getStatus());
+    }
+
+    /**
+     * @tpTestDetails Test secured resource with correct credentials of user that is not authorized to the resource. Authentication is done using BasicAuthRequestFilter.
+     * @tpSince RESTEasy 3.7.0
+     */
+    @Test
+    public void testWithClientRequestFilterUnauthorizedUser() {
+        Response response = unauthorizedClientUsingRequestFilter.target(generateURL("/secured/authorized")).request().get();
+        Assert.assertEquals(HttpResponseCodes.SC_FORBIDDEN, response.getStatus());
+        Assert.assertEquals(WRONG_RESPONSE, ACCESS_FORBIDDEN_MESSAGE, response.readEntity(String.class));
+    }
+
+    static class SecurityDomainSetup extends AbstractUsersRolesSecurityDomainSetup {
 
       @Override
       public void setConfigurationPath() throws URISyntaxException {

diff --git a/...tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthRequestFilter.java b/...tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthRequestFilter.java
@@ -0,0 +1,23 @@
+package org.jboss.resteasy.test.security.resource;
+
+
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientRequestFilter;
+import javax.xml.bind.DatatypeConverter;
+import java.io.IOException;
+
+/**
+ * This class implements ClientRequestFilter interface. It encodes username and password and adds it to the headers.
+ */
+public class BasicAuthRequestFilter implements ClientRequestFilter {
+
+    private final String token;
+
+    public BasicAuthRequestFilter(final String user, final String password) {
+        this.token = user + ":" + password;
+    }
+
+    public void filter(ClientRequestContext requestContext) throws IOException {
+        requestContext.getHeaders().add("Authorization", "Basic " + DatatypeConverter.printBase64Binary(token.getBytes("UTF-8")));
+    }
+}