jena-fuseki2/jena-fuseki-webapp/src/test/java/org/apache/jena/fuseki/TestAuth.java - jena - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.jena.fuseki;

 import static org.apache.http.auth.AuthScope.ANY;

 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;

 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.HttpClient;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.jena.atlas.logging.LogCtl;
 import org.apache.jena.atlas.web.HttpException;
 import org.apache.jena.fuseki.system.FusekiNetLib;
 import org.apache.jena.query.DatasetAccessor;
 import org.apache.jena.query.DatasetAccessorFactory;
 import org.apache.jena.query.QueryExecutionFactory;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.sparql.engine.http.QueryEngineHTTP;
 import org.apache.jena.sparql.engine.http.QueryExceptionHTTP;
 import org.apache.jena.sparql.engine.http.Service;
 import org.apache.jena.sparql.modify.UpdateProcessRemoteBase;
 import org.apache.jena.sparql.util.Context;
 import org.apache.jena.update.UpdateExecutionFactory;
 import org.apache.jena.update.UpdateFactory;
 import org.apache.jena.update.UpdateRequest;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;

 /**
  * Tests Fuseki operation with authentication enabled.
  * This is as much a test of the Jena client libraries handling authentication.
  * These tests use Jetty-supplied authentication, not Apache Shiro.
  */
 @SuppressWarnings("deprecation")
 public class TestAuth {

     // Use different port etc because sometimes the previous testing servers
     // don't release ports fast enough (OS issue / Linux)
     public static final int authPort             = FusekiNetLib.choosePort();
     public static final String authUrlRoot       = "http://localhost:"+authPort+"/";
     public static final String authDatasetPath   = "/dataset";
     public static final String authServiceUpdate = "http://localhost:"+authPort+authDatasetPath+"/update";
     public static final String authServiceQuery  = "http://localhost:"+authPort+authDatasetPath+"/query";
     public static final String authServiceREST   = "http://localhost:"+authPort+authDatasetPath+"/data";
     private static File realmFile;

     /**
      * Sets up the authentication for tests
      * @throws IOException
      */
     @BeforeClass
     public static void setup() throws IOException {
         realmFile = File.createTempFile("realm", ".properties");

         try ( FileWriter writer = new FileWriter(realmFile); ) {
             writer.write("allowed: password, fuseki\n");
             writer.write("forbidden: password, other");
         }

         LogCtl.setLevel(Fuseki.serverLogName, "warn");
         LogCtl.setLevel(Fuseki.actionLogName, "warn");
         LogCtl.setLevel("org.eclipse.jetty",  "warn");

         ServerCtl.setupServer(authPort, realmFile.getAbsolutePath(), authDatasetPath, true);
     }

     /**
      * Tears down authentication test setup
      */
     @AfterClass
     public static void teardown() {
         ServerCtl.teardownServer();
         realmFile.delete();
     }

     @Test(expected = QueryExceptionHTTP.class)
     public void query_with_auth_01() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         // No auth credentials should result in an error
         qe.execAsk();
     }

     private static HttpClient withBasicAuth(AuthScope scope, String user, String passwd) {
         BasicCredentialsProvider provider = new BasicCredentialsProvider();
         UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(user, passwd);
         provider.setCredentials(scope, credentials);
         return HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();
     }

     @Test(expected = QueryExceptionHTTP.class)
     public void query_with_auth_02() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         // Auth credentials for valid user with bad password
         qe.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
         qe.execAsk();
     }

     @Test
     public void query_with_auth_03() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         // Auth credentials for valid user with correct password
         qe.setClient(withBasicAuth(ANY, "allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test(expected = QueryExceptionHTTP.class)
     public void query_with_auth_04() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         // Auth credentials for valid user with correct password BUT not in
         // correct role
         qe.setClient(withBasicAuth(ANY, "forbidden", "password"));
         qe.execAsk();
     }

     @Test
     public void query_with_auth_05() {
         // Uses auth and enables compression
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         qe.setAllowCompression(true);

         // Auth credentials for valid user with correct password
         qe.setClient(withBasicAuth(ANY, "allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test(expected = QueryExceptionHTTP.class)
     public void query_with_auth_06() {
         // Uses auth and enables compression
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
         qe.setAllowCompression(true);

         // Auth credentials for valid user with bad password
         qe.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
         qe.execAsk();
     }

     @Test(expected = QueryExceptionHTTP.class)
     public void query_with_auth_07() throws URISyntaxException {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password but scoped to
         // wrong URI
         qe.setClient(withBasicAuth(new AuthScope("example", authPort), "allowed", "password"));
         qe.execAsk();
     }

     @Test
     public void query_with_auth_08() throws URISyntaxException {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password and scoped to
         // correct URI
         qe.setClient(withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test
     public void query_with_auth_09() throws URISyntaxException {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password
         qe.setClient(withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test
     public void query_with_auth_10() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password and scoped
         // to correct URI
         // Provided via Service Context and its associated authenticator
         Map<String, Context> serviceContext = new HashMap<>();
         Context authContext = new Context();

         HttpClient client = withBasicAuth(ANY, "allowed", "password");
         authContext.put(Service.queryClient, client);
         serviceContext.put(authServiceQuery, authContext);
         qe.getContext().put(Service.serviceContext, serviceContext);
         Assert.assertTrue(qe.execAsk());
     }

     @Test
     public void query_with_auth_11() {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password and scoped
         // to base URI of the actual service URL
         // Provided via Service Context and its associated authenticator
         Map<String, Context> serviceContext = new HashMap<>();
         Context authContext = new Context();

         HttpClient client = withBasicAuth(ANY, "allowed", "password");
         authContext.put(Service.queryClient, client);
         serviceContext.put(authServiceQuery, authContext);
         qe.getContext().put(Service.serviceContext, serviceContext);
         Assert.assertTrue(qe.execAsk());
     }

     @Test
     public void query_with_auth_13() throws URISyntaxException {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password and scoped to
         // base URI of the actual service URL
         qe.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test
     public void query_with_auth_14() throws URISyntaxException {
         QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

         // Auth credentials for valid user with correct password and scoped to
         // base URI of the actual service URL
         qe.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
         Assert.assertTrue(qe.execAsk());
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_01() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
         // No auth credentials should result in an error
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_02() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
         // Auth credentials for valid user with bad password
         ue.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
         ue.execute();
     }

     @Test
     public void update_with_auth_03() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
         // Auth credentials for valid user with correct password
         ue.setClient(withBasicAuth(ANY, "allowed", "password"));
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_04() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
         // Auth credentials for valid user with correct password BUT not in
         // correct role
         ue.setClient(withBasicAuth(ANY, "forbidden", "password"));
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_05() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
         // No auth credentials should result in an error
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_06() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
         // Auth credentials for valid user with bad password
         ue.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
         ue.execute();
     }

     @Test
     public void update_with_auth_07() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
         // Auth credentials for valid user with correct password
         ue.setClient(withBasicAuth(ANY, "allowed", "password"));
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_08() {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
         // Auth credentials for valid user with correct password BUT not in
         // correct role
         ue.setClient(withBasicAuth(ANY, "forbidden", "password"));
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void update_with_auth_09() throws URISyntaxException {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);

         // Auth credentials for valid user with correct password but scoped to
         // wrong URI
         ue.setClient(withBasicAuth(new AuthScope("example" , authPort),"allowed", "password"));
         ue.execute();
     }

     @Test
     public void update_with_auth_10() throws URISyntaxException {
         UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
         UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);

         // Auth credentials for valid user with correct password scoped to
         // correct URI
         ue.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
         ue.execute();
     }

     @Test(expected = HttpException.class)
     public void graphstore_with_auth_01() {
         // No auth credentials
         DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST);
         accessor.getModel();
     }

     @Test(expected = HttpException.class)
     public void graphstore_with_auth_02() {
         // Incorrect auth credentials
         DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
                 withBasicAuth(ANY, "allowed", "incorrect"));
         accessor.getModel();
     }

     @Test
     public void graphstore_with_auth_03() {
         // Correct auth credentials
         DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
                 withBasicAuth(ANY, "allowed", "password"));
         Model m = accessor.getModel();
         Assert.assertTrue(m.isEmpty());
     }

     @Test(expected = HttpException.class)
     public void graphstore_with_auth_04() throws URISyntaxException {
         // Correct auth credentials scoped to wrong URI
         DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
                 withBasicAuth(new AuthScope("example.org", authPort), "allowed", "password"));
         accessor.getModel();
     }

     @Test
     public void graphstore_with_auth_05() throws URISyntaxException {
         // Correct auth credentials scoped to correct URI
         DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
                 withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
         accessor.getModel();
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.jena.fuseki;

	import static org.apache.http.auth.AuthScope.ANY;

	import java.io.File;
	import java.io.FileWriter;
	import java.io.IOException;
	import java.net.URISyntaxException;
	import java.util.HashMap;
	import java.util.Map;

	import org.apache.http.auth.AuthScope;
	import org.apache.http.auth.UsernamePasswordCredentials;
	import org.apache.http.client.HttpClient;
	import org.apache.http.impl.client.BasicCredentialsProvider;
	import org.apache.http.impl.client.HttpClientBuilder;
	import org.apache.jena.atlas.logging.LogCtl;
	import org.apache.jena.atlas.web.HttpException;
	import org.apache.jena.fuseki.system.FusekiNetLib;
	import org.apache.jena.query.DatasetAccessor;
	import org.apache.jena.query.DatasetAccessorFactory;
	import org.apache.jena.query.QueryExecutionFactory;
	import org.apache.jena.rdf.model.Model;
	import org.apache.jena.sparql.engine.http.QueryEngineHTTP;
	import org.apache.jena.sparql.engine.http.QueryExceptionHTTP;
	import org.apache.jena.sparql.engine.http.Service;
	import org.apache.jena.sparql.modify.UpdateProcessRemoteBase;
	import org.apache.jena.sparql.util.Context;
	import org.apache.jena.update.UpdateExecutionFactory;
	import org.apache.jena.update.UpdateFactory;
	import org.apache.jena.update.UpdateRequest;
	import org.junit.AfterClass;
	import org.junit.Assert;
	import org.junit.BeforeClass;
	import org.junit.Test;

	/**
	* Tests Fuseki operation with authentication enabled.
	* This is as much a test of the Jena client libraries handling authentication.
	* These tests use Jetty-supplied authentication, not Apache Shiro.
	*/
	@SuppressWarnings("deprecation")
	public class TestAuth {

	// Use different port etc because sometimes the previous testing servers
	// don't release ports fast enough (OS issue / Linux)
	public static final int authPort = FusekiNetLib.choosePort();
	public static final String authUrlRoot = "http://localhost:"+authPort+"/";
	public static final String authDatasetPath = "/dataset";
	public static final String authServiceUpdate = "http://localhost:"+authPort+authDatasetPath+"/update";
	public static final String authServiceQuery = "http://localhost:"+authPort+authDatasetPath+"/query";
	public static final String authServiceREST = "http://localhost:"+authPort+authDatasetPath+"/data";
	private static File realmFile;

	/**
	* Sets up the authentication for tests
	* @throws IOException
	*/
	@BeforeClass
	public static void setup() throws IOException {
	realmFile = File.createTempFile("realm", ".properties");

	try ( FileWriter writer = new FileWriter(realmFile); ) {
	writer.write("allowed: password, fuseki\n");
	writer.write("forbidden: password, other");
	}

	LogCtl.setLevel(Fuseki.serverLogName, "warn");
	LogCtl.setLevel(Fuseki.actionLogName, "warn");
	LogCtl.setLevel("org.eclipse.jetty", "warn");

	ServerCtl.setupServer(authPort, realmFile.getAbsolutePath(), authDatasetPath, true);
	}

	/**
	* Tears down authentication test setup
	*/
	@AfterClass
	public static void teardown() {
	ServerCtl.teardownServer();
	realmFile.delete();
	}

	@Test(expected = QueryExceptionHTTP.class)
	public void query_with_auth_01() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	// No auth credentials should result in an error
	qe.execAsk();
	}

	private static HttpClient withBasicAuth(AuthScope scope, String user, String passwd) {
	BasicCredentialsProvider provider = new BasicCredentialsProvider();
	UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(user, passwd);
	provider.setCredentials(scope, credentials);
	return HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();
	}

	@Test(expected = QueryExceptionHTTP.class)
	public void query_with_auth_02() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	// Auth credentials for valid user with bad password
	qe.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
	qe.execAsk();
	}

	@Test
	public void query_with_auth_03() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	// Auth credentials for valid user with correct password
	qe.setClient(withBasicAuth(ANY, "allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test(expected = QueryExceptionHTTP.class)
	public void query_with_auth_04() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	// Auth credentials for valid user with correct password BUT not in
	// correct role
	qe.setClient(withBasicAuth(ANY, "forbidden", "password"));
	qe.execAsk();
	}

	@Test
	public void query_with_auth_05() {
	// Uses auth and enables compression
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	qe.setAllowCompression(true);

	// Auth credentials for valid user with correct password
	qe.setClient(withBasicAuth(ANY, "allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test(expected = QueryExceptionHTTP.class)
	public void query_with_auth_06() {
	// Uses auth and enables compression
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");
	qe.setAllowCompression(true);

	// Auth credentials for valid user with bad password
	qe.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
	qe.execAsk();
	}

	@Test(expected = QueryExceptionHTTP.class)
	public void query_with_auth_07() throws URISyntaxException {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password but scoped to
	// wrong URI
	qe.setClient(withBasicAuth(new AuthScope("example", authPort), "allowed", "password"));
	qe.execAsk();
	}

	@Test
	public void query_with_auth_08() throws URISyntaxException {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password and scoped to
	// correct URI
	qe.setClient(withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test
	public void query_with_auth_09() throws URISyntaxException {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password
	qe.setClient(withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test
	public void query_with_auth_10() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password and scoped
	// to correct URI
	// Provided via Service Context and its associated authenticator
	Map<String, Context> serviceContext = new HashMap<>();
	Context authContext = new Context();

	HttpClient client = withBasicAuth(ANY, "allowed", "password");
	authContext.put(Service.queryClient, client);
	serviceContext.put(authServiceQuery, authContext);
	qe.getContext().put(Service.serviceContext, serviceContext);
	Assert.assertTrue(qe.execAsk());
	}

	@Test
	public void query_with_auth_11() {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password and scoped
	// to base URI of the actual service URL
	// Provided via Service Context and its associated authenticator
	Map<String, Context> serviceContext = new HashMap<>();
	Context authContext = new Context();

	HttpClient client = withBasicAuth(ANY, "allowed", "password");
	authContext.put(Service.queryClient, client);
	serviceContext.put(authServiceQuery, authContext);
	qe.getContext().put(Service.serviceContext, serviceContext);
	Assert.assertTrue(qe.execAsk());
	}

	@Test
	public void query_with_auth_13() throws URISyntaxException {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password and scoped to
	// base URI of the actual service URL
	qe.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test
	public void query_with_auth_14() throws URISyntaxException {
	QueryEngineHTTP qe = (QueryEngineHTTP) QueryExecutionFactory.sparqlService(authServiceQuery, "ASK { }");

	// Auth credentials for valid user with correct password and scoped to
	// base URI of the actual service URL
	qe.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
	Assert.assertTrue(qe.execAsk());
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_01() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
	// No auth credentials should result in an error
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_02() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
	// Auth credentials for valid user with bad password
	ue.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
	ue.execute();
	}

	@Test
	public void update_with_auth_03() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
	// Auth credentials for valid user with correct password
	ue.setClient(withBasicAuth(ANY, "allowed", "password"));
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_04() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);
	// Auth credentials for valid user with correct password BUT not in
	// correct role
	ue.setClient(withBasicAuth(ANY, "forbidden", "password"));
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_05() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
	// No auth credentials should result in an error
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_06() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
	// Auth credentials for valid user with bad password
	ue.setClient(withBasicAuth(ANY, "allowed", "incorrect"));
	ue.execute();
	}

	@Test
	public void update_with_auth_07() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
	// Auth credentials for valid user with correct password
	ue.setClient(withBasicAuth(ANY, "allowed", "password"));
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_08() {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemoteForm(updates, authServiceUpdate);
	// Auth credentials for valid user with correct password BUT not in
	// correct role
	ue.setClient(withBasicAuth(ANY, "forbidden", "password"));
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void update_with_auth_09() throws URISyntaxException {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);

	// Auth credentials for valid user with correct password but scoped to
	// wrong URI
	ue.setClient(withBasicAuth(new AuthScope("example" , authPort),"allowed", "password"));
	ue.execute();
	}

	@Test
	public void update_with_auth_10() throws URISyntaxException {
	UpdateRequest updates = UpdateFactory.create("CREATE SILENT GRAPH <http://graph>");
	UpdateProcessRemoteBase ue = (UpdateProcessRemoteBase) UpdateExecutionFactory.createRemote(updates, authServiceUpdate);

	// Auth credentials for valid user with correct password scoped to
	// correct URI
	ue.setClient(withBasicAuth(new AuthScope("localhost" , authPort),"allowed", "password"));
	ue.execute();
	}

	@Test(expected = HttpException.class)
	public void graphstore_with_auth_01() {
	// No auth credentials
	DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST);
	accessor.getModel();
	}

	@Test(expected = HttpException.class)
	public void graphstore_with_auth_02() {
	// Incorrect auth credentials
	DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
	withBasicAuth(ANY, "allowed", "incorrect"));
	accessor.getModel();
	}

	@Test
	public void graphstore_with_auth_03() {
	// Correct auth credentials
	DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
	withBasicAuth(ANY, "allowed", "password"));
	Model m = accessor.getModel();
	Assert.assertTrue(m.isEmpty());
	}

	@Test(expected = HttpException.class)
	public void graphstore_with_auth_04() throws URISyntaxException {
	// Correct auth credentials scoped to wrong URI
	DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
	withBasicAuth(new AuthScope("example.org", authPort), "allowed", "password"));
	accessor.getModel();
	}

	@Test
	public void graphstore_with_auth_05() throws URISyntaxException {
	// Correct auth credentials scoped to correct URI
	DatasetAccessor accessor = DatasetAccessorFactory.createHTTP(authServiceREST,
	withBasicAuth(new AuthScope("localhost", authPort), "allowed", "password"));
	accessor.getModel();
	}

	}