use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class SpnegoAuthenticationTestCase method testSpnegoSuccess.
@Test
public void testSpnegoSuccess() throws Exception {
final TestHttpClient client = new TestHttpClient();
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
String header = getAuthHeader(NEGOTIATE, values);
assertEquals(NEGOTIATE.toString(), header);
HttpClientUtils.readResponse(result);
Subject clientSubject = login("jduke", "theduke".toCharArray());
Subject.doAs(clientSubject, new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
GSSManager gssManager = GSSManager.getInstance();
GSSName serverName = gssManager.createName("HTTP/" + DefaultServer.getDefaultServerAddress().getHostString(), null);
GSSContext context = gssManager.createContext(serverName, SPNEGO, null, GSSContext.DEFAULT_LIFETIME);
byte[] token = new byte[0];
boolean gotOur200 = false;
while (!context.isEstablished()) {
token = context.initSecContext(token, 0, token.length);
if (token != null && token.length > 0) {
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
get.addHeader(AUTHORIZATION.toString(), NEGOTIATE + " " + FlexBase64.encodeString(token, false));
HttpResponse result = client.execute(get);
Header[] headers = result.getHeaders(WWW_AUTHENTICATE.toString());
if (headers.length > 0) {
String header = getAuthHeader(NEGOTIATE, headers);
byte[] headerBytes = header.getBytes(StandardCharsets.US_ASCII);
// FlexBase64.decode() returns byte buffer, which can contain backend array of greater size.
// when on such ByteBuffer is called array(), it returns the underlying byte array including the 0 bytes
// at the end, which makes the token invalid. => using Base64 mime decoder, which returnes directly properly sized byte[].
token = Base64.getMimeDecoder().decode(ArrayUtils.subarray(headerBytes, NEGOTIATE.toString().length() + 1, headerBytes.length));
}
if (result.getStatusLine().getStatusCode() == StatusCodes.OK) {
Header[] values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
HttpClientUtils.readResponse(result);
assertSingleNotificationType(EventType.AUTHENTICATED);
gotOur200 = true;
} else if (result.getStatusLine().getStatusCode() == StatusCodes.UNAUTHORIZED) {
assertTrue("We did get a header.", headers.length > 0);
HttpClientUtils.readResponse(result);
} else {
fail(String.format("Unexpected status code %d", result.getStatusLine().getStatusCode()));
}
}
}
assertTrue(gotOur200);
assertTrue(context.isEstablished());
return null;
}
});
}
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class SsoTestCase method testSsoSuccess.
@Test
public void testSsoSuccess() throws IOException {
TestHttpClient client = new TestHttpClient();
client.setCookieStore(new BasicCookieStore());
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1");
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
String header = getAuthHeader(BASIC, values);
assertEquals(BASIC + " realm=\"Test Realm\"", header);
HttpClientUtils.readResponse(result);
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1");
get.addHeader(AUTHORIZATION.toString(), BASIC + " " + FlexBase64.encodeString("userOne:passwordOne".getBytes(), false));
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
HttpClientUtils.readResponse(result);
assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test2");
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
HttpClientUtils.readResponse(result);
assertSingleNotificationType(SecurityNotification.EventType.AUTHENTICATED);
//now test that logout will invalidate the SSO session
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test1?logout=true");
get.addHeader(AUTHORIZATION.toString(), BASIC + " " + FlexBase64.encodeString("userOne:passwordOne".getBytes(), false));
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
HttpClientUtils.readResponse(result);
assertNotifiactions(SecurityNotification.EventType.AUTHENTICATED, SecurityNotification.EventType.LOGGED_OUT);
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/test2");
result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
}
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class ComplexSSLTestCase method complexSSLTestCase.
@Test
public void complexSSLTestCase() throws IOException, GeneralSecurityException, URISyntaxException, InterruptedException {
final PathHandler pathHandler = new PathHandler();
Path rootPath = Paths.get(FileHandlerTestCase.class.getResource("page.html").toURI()).getParent();
final NameVirtualHostHandler virtualHostHandler = new NameVirtualHostHandler();
HttpHandler root = virtualHostHandler;
root = new SimpleErrorPageHandler(root);
root = new CanonicalPathHandler(root);
virtualHostHandler.addHost("default-host", pathHandler);
virtualHostHandler.setDefaultHandler(pathHandler);
pathHandler.addPrefixPath("/", new ResourceHandler(new PathResourceManager(rootPath, 10485760)).setDirectoryListingEnabled(true));
DefaultServer.setRootHandler(root);
DefaultServer.startSSLServer();
TestHttpClient client = new TestHttpClient();
client.setSSLContext(DefaultServer.getClientSSLContext());
try {
//get file list, this works
HttpGet getFileList = new HttpGet(DefaultServer.getDefaultServerSSLAddress());
HttpResponse resultList = client.execute(getFileList);
Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
String responseList = HttpClientUtils.readResponse(resultList);
Assert.assertTrue(responseList, responseList.contains("page.html"));
Header[] headersList = resultList.getHeaders("Content-Type");
Assert.assertEquals("text/html; charset=UTF-8", headersList[0].getValue());
//get file itself, breaks
HttpGet getFile = new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/page.html");
HttpResponse result = client.execute(getFile);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
String response = HttpClientUtils.readResponse(result);
Header[] headers = result.getHeaders("Content-Type");
Assert.assertEquals("text/html", headers[0].getValue());
Assert.assertTrue(response, response.contains("A web page"));
} finally {
client.getConnectionManager().shutdown();
DefaultServer.stopSSLServer();
}
}
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class ComplexSSLTestCase method testSslLotsOfData.
@Test
public void testSslLotsOfData() throws IOException, GeneralSecurityException, URISyntaxException {
DefaultServer.setRootHandler(new HttpHandler() {
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if (exchange.isInIoThread()) {
exchange.dispatch(this);
return;
}
exchange.startBlocking();
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] buf = new byte[100];
int res = 0;
while ((res = exchange.getInputStream().read(buf)) > 0) {
out.write(buf, 0, res);
}
System.out.println("WRITE " + out.size());
exchange.getOutputStream().write(out.toByteArray());
System.out.println("DONE " + out.size());
}
});
DefaultServer.startSSLServer();
TestHttpClient client = new TestHttpClient();
client.setSSLContext(DefaultServer.getClientSSLContext());
try {
generateMessage(1000000);
HttpPost post = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
post.setEntity(new StringEntity(message));
HttpResponse resultList = client.execute(post);
Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
String response = HttpClientUtils.readResponse(resultList);
Assert.assertEquals(message.length(), response.length());
Assert.assertEquals(message, response);
generateMessage(100000);
post = new HttpPost(DefaultServer.getDefaultServerSSLAddress());
post.setEntity(new StringEntity(message));
resultList = client.execute(post);
Assert.assertEquals(StatusCodes.OK, resultList.getStatusLine().getStatusCode());
response = HttpClientUtils.readResponse(resultList);
Assert.assertEquals(message.length(), response.length());
Assert.assertEquals(message, response);
} finally {
client.getConnectionManager().shutdown();
DefaultServer.stopSSLServer();
}
}
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class SimpleSSLTestCase method testNonPersistentConnections.
@Test
public void testNonPersistentConnections() throws IOException, GeneralSecurityException {
DefaultServer.setRootHandler(new HttpHandler() {
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
exchange.getResponseHeaders().put(HttpString.tryFromString("scheme"), exchange.getRequestScheme());
exchange.getResponseHeaders().put(Headers.CONNECTION, "close");
exchange.endExchange();
}
});
DefaultServer.startSSLServer();
TestHttpClient client = new TestHttpClient();
client.setSSLContext(DefaultServer.getClientSSLContext());
try {
for (int i = 0; i < 5; ++i) {
HttpGet get = new HttpGet(DefaultServer.getDefaultServerSSLAddress());
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
Header[] header = result.getHeaders("scheme");
Assert.assertEquals("https", header[0].getValue());
HttpClientUtils.readResponse(result);
}
} finally {
client.getConnectionManager().shutdown();
DefaultServer.stopSSLServer();
}
}
Aggregations