diff --git a/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java b/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java index 2cf32ee152a..e149f25ba07 100644 --- a/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java +++ b/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java @@ -15,6 +15,7 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine; import org.jboss.resteasy.setup.AbstractUsersRolesSecurityDomainSetup; +import org.jboss.resteasy.test.security.resource.BasicAuthRequestFilter; import org.jboss.resteasy.test.security.resource.BasicAuthBaseProxy; import org.jboss.resteasy.test.security.resource.BasicAuthBaseResource; import org.jboss.resteasy.test.security.resource.BasicAuthBaseResourceAnybody; @@ -57,36 +58,57 @@ public class BasicAuthTest { private static ResteasyClient unauthorizedClient; private static ResteasyClient noAutorizationClient; - @BeforeClass - public static void init() { - // authorizedClient - { + // Following clients are used in tests for ClientRequestFilter + private static ResteasyClient authorizedClientUsingRequestFilter; + private static ResteasyClient unauthorizedClientUsingRequestFilter; + private static ResteasyClient unauthorizedClientUsingRequestFilterWithWrongPassword; + + @BeforeClass + public static void init() { + // authorizedClient + { UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("bill", "password1"); CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY), credentials); CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(credentialsProvider).build(); - ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client); + ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client); authorizedClient = new ResteasyClientBuilder().httpEngine(engine).build(); - } - // unauthorizedClient - { + } + // unauthorizedClient + { UsernamePasswordCredentials credentials_other = new UsernamePasswordCredentials("ordinaryUser", "password2"); CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(AuthScope.ANY), credentials_other); CloseableHttpClient client = HttpClients.custom().setDefaultCredentialsProvider(credentialsProvider).build(); - ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client); + ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(client); unauthorizedClient = new ResteasyClientBuilder().httpEngine(engine).build(); - } - // noAutorizationClient - noAutorizationClient = new ResteasyClientBuilder().build(); - } + } + // noAuthorizationClient + noAutorizationClient = new ResteasyClientBuilder().build(); - @AfterClass - public static void after() throws Exception { - authorizedClient.close(); - unauthorizedClient.close(); - noAutorizationClient.close(); - } + // authorizedClient with ClientRequestFilter + { + authorizedClientUsingRequestFilter = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("bill", "password1")).build(); + } + // unauthorizedClient with ClientRequestFilter - unauthorized user + { + unauthorizedClientUsingRequestFilter = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("ordinaryUser", "password2")).build(); + } + // unauthorizedClient with ClientRequestFilter - wrong password + { + unauthorizedClientUsingRequestFilterWithWrongPassword = new ResteasyClientBuilder().register(new BasicAuthRequestFilter("bill", "password2")).build(); + } + } + + @AfterClass + public static void after() throws Exception { + authorizedClient.close(); + unauthorizedClient.close(); + noAutorizationClient.close(); + authorizedClientUsingRequestFilter.close(); + unauthorizedClientUsingRequestFilter.close(); + unauthorizedClientUsingRequestFilterWithWrongPassword.close(); + } @Deployment public static Archive deployLocatingResource() { @@ -255,7 +277,39 @@ public void testContentTypeWithUnauthorizedMessage() { Assert.assertEquals("Incorrect Content-type header", "text/html;charset=UTF-8", response.getHeaderString("Content-type")); } - static class SecurityDomainSetup extends AbstractUsersRolesSecurityDomainSetup { + /** + * @tpTestDetails Test secured resource with correct credentials. Authentication is done using BasicAuthRequestFilter. + * @tpSince RESTEasy 3.7.0 + */ + @Test + public void testWithClientRequestFilterAuthorizedUser() { + Response response = authorizedClientUsingRequestFilter.target(generateURL("/secured/authorized")).request().get(); + Assert.assertEquals(HttpResponseCodes.SC_OK, response.getStatus()); + Assert.assertEquals(WRONG_RESPONSE, "authorized", response.readEntity(String.class)); + } + + /** + * @tpTestDetails Test secured resource with incorrect credentials. Authentication is done using BasicAuthRequestFilter. + * @tpSince RESTEasy 3.7.0 + */ + @Test + public void testWithClientRequestFilterWrongPassword(){ + Response response = unauthorizedClientUsingRequestFilterWithWrongPassword.target(generateURL("/secured/authorized")).request().get(); + Assert.assertEquals(HttpResponseCodes.SC_UNAUTHORIZED, response.getStatus()); + } + + /** + * @tpTestDetails Test secured resource with correct credentials of user that is not authorized to the resource. Authentication is done using BasicAuthRequestFilter. + * @tpSince RESTEasy 3.7.0 + */ + @Test + public void testWithClientRequestFilterUnauthorizedUser() { + Response response = unauthorizedClientUsingRequestFilter.target(generateURL("/secured/authorized")).request().get(); + Assert.assertEquals(HttpResponseCodes.SC_FORBIDDEN, response.getStatus()); + Assert.assertEquals(WRONG_RESPONSE, ACCESS_FORBIDDEN_MESSAGE, response.readEntity(String.class)); + } + + static class SecurityDomainSetup extends AbstractUsersRolesSecurityDomainSetup { @Override public void setConfigurationPath() throws URISyntaxException { diff --git a/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthRequestFilter.java b/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthRequestFilter.java new file mode 100644 index 00000000000..90526680af9 --- /dev/null +++ b/testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/security/resource/BasicAuthRequestFilter.java @@ -0,0 +1,23 @@ +package org.jboss.resteasy.test.security.resource; + + +import javax.ws.rs.client.ClientRequestContext; +import javax.ws.rs.client.ClientRequestFilter; +import javax.xml.bind.DatatypeConverter; +import java.io.IOException; + +/** + * This class implements ClientRequestFilter interface. It encodes username and password and adds it to the headers. + */ +public class BasicAuthRequestFilter implements ClientRequestFilter { + + private final String token; + + public BasicAuthRequestFilter(final String user, final String password) { + this.token = user + ":" + password; + } + + public void filter(ClientRequestContext requestContext) throws IOException { + requestContext.getHeaders().add("Authorization", "Basic " + DatatypeConverter.printBase64Binary(token.getBytes("UTF-8"))); + } +}