View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet;
25  
26  import static org.assertj.core.api.Assertions.assertThat;
27  
28  import java.io.IOException;
29  import java.nio.charset.StandardCharsets;
30  import java.util.Base64;
31  
32  import javax.security.auth.Subject;
33  import javax.servlet.FilterChain;
34  import javax.servlet.ServletException;
35  
36  import org.junit.jupiter.api.AfterEach;
37  import org.junit.jupiter.api.Assertions;
38  import org.junit.jupiter.api.BeforeEach;
39  import org.junit.jupiter.api.Test;
40  
41  import waffle.mock.MockWindowsAuthProvider;
42  import waffle.mock.http.SimpleFilterChain;
43  import waffle.mock.http.SimpleHttpRequest;
44  import waffle.mock.http.SimpleHttpResponse;
45  import waffle.windows.auth.impl.WindowsAccountImpl;
46  
47  /**
48   * Waffle Tomcat Security Filter Test.
49   */
50  class BasicSecurityFilterTest {
51  
52      /** The filter. */
53      private NegotiateSecurityFilter filter;
54  
55      /**
56       * Sets the up.
57       *
58       * @throws ServletException
59       *             the servlet exception
60       */
61      @BeforeEach
62      void setUp() throws ServletException {
63          this.filter = new NegotiateSecurityFilter();
64          this.filter.setAuth(new MockWindowsAuthProvider());
65          this.filter.init(null);
66      }
67  
68      /**
69       * Tear down.
70       */
71      @AfterEach
72      void tearDown() {
73          this.filter.destroy();
74      }
75  
76      /**
77       * Test basic auth.
78       *
79       * @throws IOException
80       *             Signals that an I/O exception has occurred.
81       * @throws ServletException
82       *             the servlet exception
83       */
84      @Test
85      void testBasicAuth() throws IOException, ServletException {
86          final SimpleHttpRequest request = new SimpleHttpRequest();
87          request.setMethod("GET");
88  
89          final String userHeaderValue = WindowsAccountImpl.getCurrentUsername() + ":password";
90          final String basicAuthHeader = "Basic "
91                  + Base64.getEncoder().encodeToString(userHeaderValue.getBytes(StandardCharsets.UTF_8));
92          request.addHeader("Authorization", basicAuthHeader);
93  
94          final SimpleHttpResponse response = new SimpleHttpResponse();
95          final FilterChain filterChain = new SimpleFilterChain();
96          this.filter.doFilter(request, response, filterChain);
97          final Subject subject = (Subject) request.getSession(false).getAttribute("javax.security.auth.subject");
98          Assertions.assertNotNull(subject);
99          assertThat(subject.getPrincipals().size()).isPositive();
100     }
101 }