Example 21 with AuthenticationResponse
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method digestTestNonceNotEncrypted.
@Test
public void digestTestNonceNotEncrypted() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildDigest(HttpDigest.Qop.AUTH, "jack", "jackIsGreat", Base64.getEncoder().encodeToString("4444444444444444444444444444444444444444444444".getBytes()), "mic"));
AuthenticationResponse response = context.atnClientBuilder().explicitProvider("digest").buildAndGet();
assertThat(response.description().orElse(""), is("Invalid nonce value"));
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
Also used :
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Test(org.junit.jupiter.api.Test)
Example 22 with AuthenticationResponse
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method basicTestInvalidUser.
@Test
public void basicTestInvalidUser() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildBasic("wrong", "user"));
AuthenticationResponse response = context.authenticate();
assertThat(response.description().orElse(""), is("Invalid username or password"));
assertThat(response.status().isSuccess(), is(false));
assertThat(response.statusCode().orElse(200), is(401));
String authHeader = response.responseHeaders().get(HttpBasicAuthProvider.HEADER_AUTHENTICATION_REQUIRED).get(0);
assertThat(authHeader, notNullValue());
assertThat(authHeader.toLowerCase(), is("basic realm=\"mic\""));
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildBasic("jack", "invalid_passworrd"));
response = context.authenticate();
assertThat(response.description().orElse(""), is("Invalid username or password"));
assertThat(response.status().isSuccess(), is(false));
assertThat(response.statusCode().orElse(200), is(401));
}
Also used :
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Test(org.junit.jupiter.api.Test)
Example 23 with AuthenticationResponse
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method sendInvalidTypeTest.
@Test
public void sendInvalidTypeTest() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, "bearer token=\"adfasfaf\"");
AuthenticationResponse response = context.authenticate();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
Also used :
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Test(org.junit.jupiter.api.Test)
Example 24 with AuthenticationResponse
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method basicTestJill.
@Test
public void basicTestJill() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, buildBasic("jill", "password"));
AuthenticationResponse response = context.authenticate();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.SUCCESS));
assertThat(response.statusCode().orElse(200), is(200));
assertThat(getUsername(context), is("jill"));
assertThat(context.isUserInRole("admin"), is(false));
assertThat(context.isUserInRole("user"), is(true));
}
Also used :
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Test(org.junit.jupiter.api.Test)
Example 25 with AuthenticationResponse
use of io.helidon.security.AuthenticationResponse in project helidon by oracle.
the class HttpAuthProviderBuilderTest method sendInvalidBasicTest.
@Test
public void sendInvalidBasicTest() {
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, "basic wrong_header_value");
AuthenticationResponse response = context.authenticate();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
// not base64 encoded and invalid
setHeader(context, HttpBasicAuthProvider.HEADER_AUTHENTICATION, "basic " + Base64.getEncoder().encodeToString("Hello".getBytes()));
response = context.authenticate();
assertThat(response.status(), is(SecurityResponse.SecurityStatus.FAILURE));
assertThat(response.statusCode().orElse(200), is(401));
}
Also used :
AuthenticationResponse(io.helidon.security.AuthenticationResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
AuthenticationResponse (io.helidon.security.AuthenticationResponse)60
Test (org.junit.jupiter.api.Test)52
ProviderRequest (io.helidon.security.ProviderRequest)28
SecurityEnvironment (io.helidon.security.SecurityEnvironment)22
SecurityContext (io.helidon.security.SecurityContext)19
EndpointConfig (io.helidon.security.EndpointConfig)15
Subject (io.helidon.security.Subject)15
Principal (io.helidon.security.Principal)12
OutboundSecurityResponse (io.helidon.security.OutboundSecurityResponse)10
SignedJwt (io.helidon.security.jwt.SignedJwt)8
Instant (java.time.Instant)8
Jwt (io.helidon.security.jwt.Jwt)6
Locale (java.util.Locale)6
SecurityResponse (io.helidon.security.SecurityResponse)5
List (java.util.List)5
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)5
Config (io.helidon.config.Config)4
GoogleIdTokenVerifier (com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier)3
Role (io.helidon.security.Role)3
Security (io.helidon.security.Security)3
