View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet;
25  
26  import static org.assertj.core.api.Assertions.assertThat;
27  
28  import jakarta.servlet.FilterChain;
29  import jakarta.servlet.ServletException;
30  
31  import java.io.IOException;
32  import java.nio.charset.StandardCharsets;
33  import java.util.Base64;
34  
35  import javax.security.auth.Subject;
36  
37  import org.junit.jupiter.api.AfterEach;
38  import org.junit.jupiter.api.Assertions;
39  import org.junit.jupiter.api.BeforeEach;
40  import org.junit.jupiter.api.Test;
41  
42  import waffle.mock.MockWindowsAuthProvider;
43  import waffle.mock.http.SimpleFilterChain;
44  import waffle.mock.http.SimpleHttpRequest;
45  import waffle.mock.http.SimpleHttpResponse;
46  import waffle.windows.auth.impl.WindowsAccountImpl;
47  
48  /**
49   * Waffle Tomcat Security Filter Test.
50   */
51  class BasicSecurityFilterTest {
52  
53      /** The filter. */
54      private NegotiateSecurityFilter filter;
55  
56      /**
57       * Sets the up.
58       *
59       * @throws ServletException
60       *             the servlet exception
61       */
62      @BeforeEach
63      void setUp() throws ServletException {
64          this.filter = new NegotiateSecurityFilter();
65          this.filter.setAuth(new MockWindowsAuthProvider());
66          this.filter.init(null);
67      }
68  
69      /**
70       * Tear down.
71       */
72      @AfterEach
73      void tearDown() {
74          this.filter.destroy();
75      }
76  
77      /**
78       * Test basic auth.
79       *
80       * @throws IOException
81       *             Signals that an I/O exception has occurred.
82       * @throws ServletException
83       *             the servlet exception
84       */
85      @Test
86      void testBasicAuth() throws IOException, ServletException {
87          final SimpleHttpRequest request = new SimpleHttpRequest();
88          request.setMethod("GET");
89  
90          final String userHeaderValue = WindowsAccountImpl.getCurrentUsername() + ":password";
91          final String basicAuthHeader = "Basic "
92                  + Base64.getEncoder().encodeToString(userHeaderValue.getBytes(StandardCharsets.UTF_8));
93          request.addHeader("Authorization", basicAuthHeader);
94  
95          final SimpleHttpResponse response = new SimpleHttpResponse();
96          final FilterChain filterChain = new SimpleFilterChain();
97          this.filter.doFilter(request, response, filterChain);
98          final Subject subject = (Subject) request.getSession(false).getAttribute("javax.security.auth.subject");
99          Assertions.assertNotNull(subject);
100         assertThat(subject.getPrincipals().size()).isPositive();
101     }
102 }