blob: ae64f34a83bc565fa81d595c29c40eaf0a01ec1d [file]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.authenticator;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
import org.apache.catalina.Context;
import org.apache.catalina.authenticator.DigestAuthenticator.AuthDigest;
import org.apache.catalina.startup.TesterMapRealm;
import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@RunWith(Parameterized.class)
public class TestDigestAuthenticatorB extends TomcatBaseTest {
private static final String targetURI = "/test";
private static final String validUser = "user";
private static final String validPassword = "password";
private static final String validRole = "role";
private static final String realmName = "realm";
private static final String clientNonce = "cnonce";
@Parameterized.Parameters(name = "{index}")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
parameterSets.add(new Object[] { validRole, validUser, validPassword, Boolean.TRUE });
parameterSets.add(new Object[] { "**", validUser, validPassword, Boolean.TRUE });
parameterSets.add(new Object[] { "**", validUser, "null", Boolean.FALSE });
parameterSets.add(new Object[] { "**", "invalid", "null", Boolean.FALSE });
return parameterSets;
}
@Parameter(0)
public String serverPermittedRole;
@Parameter(1)
public String clientUserName;
@Parameter(2)
public String clientPassword;
@Parameter(3)
public boolean validCredentials;
@Test
public void testDigestAuthentication() throws Exception {
// Configure a context with digest authentication and a single protected resource
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctxt = getProgrammaticRootContext();
// Add protected servlet
Tomcat.addServlet(ctxt, "TesterServlet", new TesterServlet());
ctxt.addServletMappingDecoded(targetURI, "TesterServlet");
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded(targetURI);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(serverPermittedRole);
sc.addCollection(collection);
ctxt.addConstraint(sc);
// Configure the Realm
TesterMapRealm realm = new TesterMapRealm();
realm.addUser(validUser, validPassword);
realm.addUserRole(validUser, validRole);
ctxt.setRealm(realm);
// Configure the authenticator
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("DIGEST");
lc.setRealmName(realmName);
ctxt.setLoginConfig(lc);
DigestAuthenticator digestAuthenticator = new DigestAuthenticator();
ctxt.getPipeline().addValve(digestAuthenticator);
tomcat.start();
// The first request will always fail - but we need the challenge
Map<String,List<String>> respHeaders = new HashMap<>();
ByteChunk bc = new ByteChunk();
int rc = getUrl("http://localhost:" + getPort() + targetURI, bc, respHeaders);
Assert.assertEquals(401, rc);
Assert.assertTrue(bc.getLength() > 0);
bc.recycle();
// Second request should
List<String> auth = new ArrayList<>();
auth.add(TestDigestAuthenticatorAlgorithms.buildDigestResponse(clientUserName, clientPassword, targetURI,
realmName, AuthDigest.SHA_256, respHeaders.get(AuthenticatorBase.AUTH_HEADER_NAME), "00000001",
clientNonce, DigestAuthenticator.QOP));
Map<String,List<String>> reqHeaders = new HashMap<>();
reqHeaders.put("authorization", auth);
rc = getUrl("http://localhost:" + getPort() + targetURI, bc, reqHeaders, null);
if (validCredentials) {
Assert.assertEquals(200, rc);
Assert.assertEquals("OK", bc.toString());
} else {
Assert.assertEquals(401, rc);
}
}
}