Search in sources :

Example 21 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class SpnegoAuthenticationTestCase method testSpnegoSuccess.

@Test
public void testSpnegoSuccess() throws Exception {
    final TestHttpClient client = new TestHttpClient();
    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
    HttpResponse result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
    String header = getAuthHeader(NEGOTIATE, values);
    assertEquals(NEGOTIATE.toString(), header);
    HttpClientUtils.readResponse(result);
    Subject clientSubject = login("jduke", "theduke".toCharArray());
    Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            GSSManager gssManager = GSSManager.getInstance();
            GSSName serverName = gssManager.createName("HTTP/" + DefaultServer.getDefaultServerAddress().getHostString(), null);
            GSSContext context = gssManager.createContext(serverName, SPNEGO, null, GSSContext.DEFAULT_LIFETIME);
            byte[] token = new byte[0];
            boolean gotOur200 = false;
            while (!context.isEstablished()) {
                token = context.initSecContext(token, 0, token.length);
                if (token != null && token.length > 0) {
                    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
                    get.addHeader(AUTHORIZATION.toString(), NEGOTIATE + " " + FlexBase64.encodeString(token, false));
                    HttpResponse result = client.execute(get);
                    Header[] headers = result.getHeaders(WWW_AUTHENTICATE.toString());
                    if (headers.length > 0) {
                        String header = getAuthHeader(NEGOTIATE, headers);
                        byte[] headerBytes = header.getBytes(StandardCharsets.US_ASCII);
                        // FlexBase64.decode() returns byte buffer, which can contain backend array of greater size.
                        // when on such ByteBuffer is called array(), it returns the underlying byte array including the 0 bytes
                        // at the end, which makes the token invalid. => using Base64 mime decoder, which returnes directly properly sized byte[].
                        token = Base64.getMimeDecoder().decode(ArrayUtils.subarray(headerBytes, NEGOTIATE.toString().length() + 1, headerBytes.length));
                    }
                    if (result.getStatusLine().getStatusCode() == StatusCodes.OK) {
                        Header[] values = result.getHeaders("ProcessedBy");
                        assertEquals(1, values.length);
                        assertEquals("ResponseHandler", values[0].getValue());
                        HttpClientUtils.readResponse(result);
                        assertSingleNotificationType(EventType.AUTHENTICATED);
                        gotOur200 = true;
                    } else if (result.getStatusLine().getStatusCode() == StatusCodes.UNAUTHORIZED) {
                        assertTrue("We did get a header.", headers.length > 0);
                        HttpClientUtils.readResponse(result);
                    } else {
                        fail(String.format("Unexpected status code %d", result.getStatusLine().getStatusCode()));
                    }
                }
            }
            assertTrue(gotOur200);
            assertTrue(context.isEstablished());
            return null;
        }
    });
}
Also used : GSSName(org.ietf.jgss.GSSName) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) Subject(javax.security.auth.Subject) GeneralSecurityException(java.security.GeneralSecurityException) TestHttpClient(io.undertow.testutils.TestHttpClient) Header(org.apache.http.Header) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) Test(org.junit.Test)

Example 22 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class SsoTestCase method testSsoSuccess.

@Test
public void testSsoSuccess() throws IOException {
    TestHttpClient client = new TestHttpClient();
    client.setCookieStore(new BasicCookieStore());
    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1");
    HttpResponse result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
    String header = getAuthHeader(BASIC, values);
    assertEquals(BASIC + " realm=\"Test Realm\"", header);
    HttpClientUtils.readResponse(result);
    get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1");
    get.addHeader(AUTHORIZATION.toString(), BASIC + " " + FlexBase64.encodeString("userOne:passwordOne".getBytes(), false));
    result = client.execute(get);
    assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
    values = result.getHeaders("ProcessedBy");
    assertEquals(1, values.length);
    assertEquals("ResponseHandler", values[0].getValue());
    HttpClientUtils.readResponse(result);
    assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
    get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test2");
    result = client.execute(get);
    assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
    values = result.getHeaders("ProcessedBy");
    assertEquals(1, values.length);
    assertEquals("ResponseHandler", values[0].getValue());
    HttpClientUtils.readResponse(result);
    assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
    //now test that logout will invalidate the SSO session
    get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1?logout=true");
    get.addHeader(AUTHORIZATION.toString(), BASIC + " " + FlexBase64.encodeString("userOne:passwordOne".getBytes(), false));
    result = client.execute(get);
    assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
    values = result.getHeaders("ProcessedBy");
    assertEquals(1, values.length);
    assertEquals("ResponseHandler", values[0].getValue());
    HttpClientUtils.readResponse(result);
    assertNotifiactions(SecurityNotification.EventType.AUTHENTICATED, SecurityNotification.EventType.LOGGED_OUT);
    get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test2");
    result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
}
Also used : BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) Header(org.apache.http.Header) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Example 23 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class ComplexSSLTestCase method complexSSLTestCase.

@Test
public void complexSSLTestCase() throws IOException, GeneralSecurityException, URISyntaxException, InterruptedException {
    final PathHandler pathHandler = new PathHandler();
    Path rootPath = Paths.get(FileHandlerTestCase.class.getResource("page.html").toURI()).getParent();
    final NameVirtualHostHandler virtualHostHandler = new NameVirtualHostHandler();
    HttpHandler root = virtualHostHandler;
    root = new SimpleErrorPageHandler(root);
    root = new CanonicalPathHandler(root);
    virtualHostHandler.addHost("default-host", pathHandler);
    virtualHostHandler.setDefaultHandler(pathHandler);
    pathHandler.addPrefixPath("/", new ResourceHandler(new PathResourceManager(rootPath, 10485760)).setDirectoryListingEnabled(true));
    DefaultServer.setRootHandler(root);
    DefaultServer.startSSLServer();
    TestHttpClient client = new TestHttpClient();
    client.setSSLContext(DefaultServer.getClientSSLContext());
    try {
        //get file list, this works
        HttpGet getFileList = new HttpGet(DefaultServer.getDefaultServerSSLAddress());
        HttpResponse resultList = client.execute(getFileList);
        Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
        String responseList = HttpClientUtils.readResponse(resultList);
        Assert.assertTrue(responseList, responseList.contains("page.html"));
        Header[] headersList = resultList.getHeaders("Content-Type");
        Assert.assertEquals("text/html; charset=UTF-8", headersList[0].getValue());
        //get file itself, breaks
        HttpGet getFile = new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/page.html");
        HttpResponse result = client.execute(getFile);
        Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
        String response = HttpClientUtils.readResponse(result);
        Header[] headers = result.getHeaders("Content-Type");
        Assert.assertEquals("text/html", headers[0].getValue());
        Assert.assertTrue(response, response.contains("A web page"));
    } finally {
        client.getConnectionManager().shutdown();
        DefaultServer.stopSSLServer();
    }
}
Also used : Path(java.nio.file.Path) HttpHandler(io.undertow.server.HttpHandler) CanonicalPathHandler(io.undertow.server.handlers.CanonicalPathHandler) HttpGet(org.apache.http.client.methods.HttpGet) CanonicalPathHandler(io.undertow.server.handlers.CanonicalPathHandler) PathHandler(io.undertow.server.handlers.PathHandler) FileHandlerTestCase(io.undertow.server.handlers.file.FileHandlerTestCase) HttpResponse(org.apache.http.HttpResponse) ResourceHandler(io.undertow.server.handlers.resource.ResourceHandler) NameVirtualHostHandler(io.undertow.server.handlers.NameVirtualHostHandler) PathResourceManager(io.undertow.server.handlers.resource.PathResourceManager) TestHttpClient(io.undertow.testutils.TestHttpClient) Header(org.apache.http.Header) SimpleErrorPageHandler(io.undertow.server.handlers.error.SimpleErrorPageHandler) Test(org.junit.Test)

Example 24 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class ComplexSSLTestCase method testSslLotsOfData.

@Test
public void testSslLotsOfData() throws IOException, GeneralSecurityException, URISyntaxException {
    DefaultServer.setRootHandler(new HttpHandler() {

        @Override
        public void handleRequest(HttpServerExchange exchange) throws Exception {
            if (exchange.isInIoThread()) {
                exchange.dispatch(this);
                return;
            }
            exchange.startBlocking();
            ByteArrayOutputStream out = new ByteArrayOutputStream();
            byte[] buf = new byte[100];
            int res = 0;
            while ((res = exchange.getInputStream().read(buf)) > 0) {
                out.write(buf, 0, res);
            }
            System.out.println("WRITE " + out.size());
            exchange.getOutputStream().write(out.toByteArray());
            System.out.println("DONE " + out.size());
        }
    });
    DefaultServer.startSSLServer();
    TestHttpClient client = new TestHttpClient();
    client.setSSLContext(DefaultServer.getClientSSLContext());
    try {
        generateMessage(1000000);
        HttpPost post = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
        post.setEntity(new StringEntity(message));
        HttpResponse resultList = client.execute(post);
        Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
        String response = HttpClientUtils.readResponse(resultList);
        Assert.assertEquals(message.length(), response.length());
        Assert.assertEquals(message, response);
        generateMessage(100000);
        post = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
        post.setEntity(new StringEntity(message));
        resultList = client.execute(post);
        Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
        response = HttpClientUtils.readResponse(resultList);
        Assert.assertEquals(message.length(), response.length());
        Assert.assertEquals(message, response);
    } finally {
        client.getConnectionManager().shutdown();
        DefaultServer.stopSSLServer();
    }
}
Also used : HttpServerExchange(io.undertow.server.HttpServerExchange) HttpHandler(io.undertow.server.HttpHandler) HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) HttpResponse(org.apache.http.HttpResponse) ByteArrayOutputStream(java.io.ByteArrayOutputStream) URISyntaxException(java.net.URISyntaxException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Example 25 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class SimpleSSLTestCase method testNonPersistentConnections.

@Test
public void testNonPersistentConnections() throws IOException, GeneralSecurityException {
    DefaultServer.setRootHandler(new HttpHandler() {

        @Override
        public void handleRequest(final HttpServerExchange exchange) throws Exception {
            exchange.getResponseHeaders().put(HttpString.tryFromString("scheme"), exchange.getRequestScheme());
            exchange.getResponseHeaders().put(Headers.CONNECTION, "close");
            exchange.endExchange();
        }
    });
    DefaultServer.startSSLServer();
    TestHttpClient client = new TestHttpClient();
    client.setSSLContext(DefaultServer.getClientSSLContext());
    try {
        for (int i = 0; i < 5; ++i) {
            HttpGet get = new HttpGet(DefaultServer.getDefaultServerSSLAddress());
            HttpResponse result = client.execute(get);
            Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
            Header[] header = result.getHeaders("scheme");
            Assert.assertEquals("https", header[0].getValue());
            HttpClientUtils.readResponse(result);
        }
    } finally {
        client.getConnectionManager().shutdown();
        DefaultServer.stopSSLServer();
    }
}
Also used : HttpServerExchange(io.undertow.server.HttpServerExchange) HttpHandler(io.undertow.server.HttpHandler) Header(org.apache.http.Header) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) IOException(java.io.IOException) GeneralSecurityException(java.security.GeneralSecurityException) TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Aggregations

TestHttpClient (io.undertow.testutils.TestHttpClient)302 HttpResponse (org.apache.http.HttpResponse)290 Test (org.junit.Test)269 HttpGet (org.apache.http.client.methods.HttpGet)239 Header (org.apache.http.Header)66 HttpPost (org.apache.http.client.methods.HttpPost)54 IOException (java.io.IOException)38 StringEntity (org.apache.http.entity.StringEntity)30 Path (java.nio.file.Path)29 PathHandler (io.undertow.server.handlers.PathHandler)28 HttpHandler (io.undertow.server.HttpHandler)20 CanonicalPathHandler (io.undertow.server.handlers.CanonicalPathHandler)20 PathResourceManager (io.undertow.server.handlers.resource.PathResourceManager)20 ResourceHandler (io.undertow.server.handlers.resource.ResourceHandler)20 ArrayList (java.util.ArrayList)20 HttpServerExchange (io.undertow.server.HttpServerExchange)19 BasicNameValuePair (org.apache.http.message.BasicNameValuePair)16 UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)14 NameValuePair (org.apache.http.NameValuePair)13 DigestWWWAuthenticateToken (io.undertow.security.impl.DigestWWWAuthenticateToken)11