You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jg...@apache.org on 2013/07/26 01:02:08 UTC
svn commit: r1507149 - in /cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src:
main/java/org/apache/cxf/jaxrs/security/
test/java/org/apache/cxf/jaxrs/security/
Author: jgenender
Date: Thu Jul 25 23:02:08 2013
New Revision: 1507149
URL: http://svn.apache.org/r1507149
Log:
CXF-5157 - Made the JAAS realm string rfc2617 compliant
Added:
cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/
cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilterTest.java
Modified:
cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
Modified: cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java?rev=1507149&r1=1507148&r2=1507149&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java (original)
+++ cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.java Thu Jul 25 23:02:08 2013
@@ -135,7 +135,7 @@ public class JAASAuthenticationFilter im
sb.append("Basic");
}
if (realmName != null) {
- sb.append(' ').append(realmName);
+ sb.append(" realm=\"").append(realmName).append('"');
}
builder.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
Added: cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilterTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilterTest.java?rev=1507149&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilterTest.java (added)
+++ cxf/branches/2.7.x-fixes/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/security/JAASAuthenticationFilterTest.java Thu Jul 25 23:02:08 2013
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.jaxrs.security;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JAASAuthenticationFilterTest extends Assert {
+
+ @Test
+ public void testRFC2617() throws Exception {
+
+ JAASAuthenticationFilter filter = new JAASAuthenticationFilter();
+ filter.setRealmName("foo");
+
+ Message m = new MessageImpl();
+ Response r = filter.handleAuthenticationException(new SecurityException("Bad Auth"), m);
+ assertNotNull(r);
+
+ String result = r.getHeaderString(HttpHeaders.WWW_AUTHENTICATE);
+ assertNotNull(result);
+
+ //Test that the header conforms to RFC2617
+ assertEquals("Basic realm=\"foo\"", result);
+ }
+}