You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:01 UTC

[tomee] 13/48: TOMEE-2365 - Basic Auth test.

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit a6b99d9775d6788c7bc4c49efe1b20311fb077d5
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Mon Dec 24 18:18:04 2018 +0000

    TOMEE-2365 - Basic Auth test.
---
 .../tomee/security/client/BasicAuthFilter.java     | 35 ++++++++++++++++++++++
 .../tomee/security/servlet/SimpleServletTest.java  | 19 +++++++++---
 2 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
new file mode 100644
index 0000000..16d6322
--- /dev/null
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/client/BasicAuthFilter.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomee.security.client;
+
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientRequestFilter;
+import java.io.IOException;
+import java.util.Base64;
+
+import static javax.ws.rs.core.HttpHeaders.AUTHORIZATION;
+
+public class BasicAuthFilter implements ClientRequestFilter {
+    @Override
+    public void filter(final ClientRequestContext requestContext) throws IOException {
+        requestContext.getHeaders().add(AUTHORIZATION, basicAuth("tomcat", "tomcat"));
+    }
+
+    private String basicAuth(final String username, final String password) {
+        return "Basic " + new String(Base64.getEncoder().encode((username + ":" + password).getBytes()));
+    }
+}
diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
index e645971..2a70385 100644
--- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
+++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/servlet/SimpleServletTest.java
@@ -16,20 +16,25 @@
  */
 package org.apache.tomee.security.servlet;
 
-import org.apache.openejb.loader.IO;
 import org.apache.openejb.loader.JarLocation;
 import org.apache.openejb.util.NetworkUtil;
 import org.apache.tomee.embedded.Configuration;
 import org.apache.tomee.embedded.Container;
+import org.apache.tomee.security.client.BasicAuthFilter;
 import org.junit.Test;
 
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
 import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.core.Response;
 import java.io.IOException;
-import java.net.URL;
 
 import static org.junit.Assert.assertEquals;
 
@@ -45,12 +50,18 @@ public class SimpleServletTest {
                         JarLocation.jarLocation(SimpleServletTest.class),
                         JarLocation.jarLocation(TomEESecurityServletContainerInitializer.class))) {
 
-            assertEquals("ok!", IO.slurp(
-                    new URL("http://localhost:" + container.getConfiguration().getHttpPort() + "/servlet")));
+            final Client client = ClientBuilder.newBuilder().register(new BasicAuthFilter()).build();
+            final Response response =
+                    client.target("http://localhost:" + container.getConfiguration().getHttpPort() + "/servlet")
+                          .request()
+                          .get();
+            assertEquals(200, response.getStatus());
         }
     }
 
     @WebServlet(urlPatterns = "/servlet")
+    @ServletSecurity(@HttpConstraint(rolesAllowed = "role"))
+    @BasicAuthenticationMechanismDefinition
     public static class TestServlet extends HttpServlet {
         @Override
         protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)