use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestOldTestJack.
@Test
public void digestOldTestJack() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.NONE, "jack", "jackIsGreat"));
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest_old").buildAndGet();
assertThat(response.description().orElse("No description"), response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
assertThat(response.statusCode().orElse(200), is(200));
assertThat(getUsername(context), is("jack"));
assertThat(context.isUserInRole("admin"), is(true));
assertThat(context.isUserInRole("user"), is(true));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestOldTest401.
@Test
public void digestOldTest401() {
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest_old").buildAndGet();
assertThat(response.status().isSuccess(), is(false));
assertThat(response.statusCode().orElse(200), is(401));
String authHeader = response.responseHeaders().get(HttpBasicAuthProvider.HEADER_AUTHENTICATION_REQUIRED).get(0);
assertThat(authHeader, notNullValue());
assertThat(authHeader.toLowerCase(), startsWith("digest realm=\"mic\""));
assertThat(authHeader.toLowerCase(), not(containsString("qop=")));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestTestNonceNotB64.
@Test
public void digestTestNonceNotB64() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat", "Not a base64 encoded $tring", "mic"));
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
assertThat(response.description().orElse(""), is("Nonce must be base64 encoded"));
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestTestNonceTooShort.
@Test
public void digestTestNonceTooShort() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat", // must be base64 encoded string of less than 17 bytes
"wrongNonce", "mic"));
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
assertThat(response.description().orElse(""), is("Invalid nonce length"));
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestOldTestJill.
@Test
public void digestOldTestJill() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.NONE, "jill", "password"));
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest_old").buildAndGet();
assertThat(response.description().orElse("No description"), response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
assertThat(response.statusCode().orElse(200), is(200));
assertThat(getUsername(context), is("jill"));
assertThat(context.isUserInRole("admin"), is(false));
assertThat(context.isUserInRole("user"), is(true));
}
Aggregations