[RESTEASY-1563] Check correct Content-type when Forbidden is returned…

… to the client
resteasy · Feb 3, 2017 · 6e331b2 · 6e331b2
1 parent 4e14690
commit 6e331b2
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java b/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java
@@ -10,6 +10,8 @@
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.as.arquillian.api.ServerSetup;
+import org.jboss.resteasy.category.ExpectedFailing;
+import org.jboss.resteasy.category.NotForForwardCompatibility;
 import org.jboss.resteasy.client.jaxrs.ResteasyClient;
 import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
@@ -27,6 +29,7 @@
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 
 import javax.ws.rs.NotAuthorizedException;
@@ -226,4 +229,28 @@ public void testAccesForbiddenMessage() throws Exception {
         Assert.assertEquals(ACCESS_FORBIDDEN_MESSAGE, response.readEntity(String.class));
         authorizedClient.close();
     }
+
+    /**
+     * @tpTestDetails Test Content-type when forbidden exception is raised, RESTEASY-1563
+     * @tpSince RESTEasy 3.1.1
+     */
+    @Test
+    @Category({ExpectedFailing.class, NotForForwardCompatibility.class})
+    public void testContentTypeWithForbiddenMessage() {
+        Response response = unauthorizedClient.target(generateURL("/secured/denyWithContentType")).request().get();
+        Assert.assertEquals(HttpResponseCodes.SC_FORBIDDEN, response.getStatus());
+        Assert.assertEquals("Incorrect Content-type header", "text/html;charset=UTF-8", response.getHeaderString("Content-type"));
+        Assert.assertEquals("Missing forbidden message in the response", ACCESS_FORBIDDEN_MESSAGE, response.readEntity(String.class));
+    }
+
+    /**
+     * @tpTestDetails Test Content-type when unauthorized exception is raised
+     * @tpSince RESTEasy 3.1.1
+     */
+    @Test
+    public void testContentTypeWithUnauthorizedMessage() {
+        Response response = noAutorizationClient.target(generateURL("/secured/denyWithContentType")).request().get();
+        Assert.assertEquals(HttpResponseCodes.SC_UNAUTHORIZED, response.getStatus());
+        Assert.assertEquals("Incorrect Content-type header", "text/html;charset=UTF-8", response.getHeaderString("Content-type"));
+    }
 }
diff --git a/...-tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthBaseResource.java b/...-tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthBaseResource.java
@@ -6,6 +6,7 @@
 import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.SecurityContext;
@@ -45,4 +46,12 @@ public String getAuthorized() {
     public String deny() {
         return "SHOULD NOT BE REACHED";
     }
+
+    @GET
+    @Path("/denyWithContentType")
+    @Produces("application/xml")
+    @RolesAllowed("admin")
+    public String getWithContentType() {
+        return "string";
+    }
 }