Example 1 with BasicAuthException
use of org.nhindirect.common.rest.auth.exceptions.BasicAuthException in project nhin-d by DirectProject.
the class HashableBasicAuthValidator_authenticateTest method testAuthenticate_invalidAlg_assertAssertException.
@Test
public void testAuthenticate_invalidAlg_assertAssertException() throws Exception {
BasicAuthValidator validator = buildValidator();
HashableBasicAuthValidator.DIGEST_TYPE_MAP.put("Bogus", "Bogus");
((HashableBasicAuthValidator) validator).hashType = "Bogus";
boolean exceptionOccured = false;
try {
validator.authenticate("gm2552", "Password");
} catch (BasicAuthException e) {
exceptionOccured = true;
}
assertTrue(exceptionOccured);
HashableBasicAuthValidator.DIGEST_TYPE_MAP.remove("Bogus");
}
Also used :
BasicAuthValidator(org.nhindirect.common.rest.auth.BasicAuthValidator)
BasicAuthException(org.nhindirect.common.rest.auth.exceptions.BasicAuthException)
Test(org.junit.Test)
Example 2 with BasicAuthException
use of org.nhindirect.common.rest.auth.exceptions.BasicAuthException in project nhin-d by DirectProject.
the class BasicAuthFilter method doFilter.
/**
* {@inheritDoc}
*/
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
// make sure the connection is secure unless configured differently
if (forceSSL && !request.isSecure()) {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (isPrincipal(httpRequest)) {
// a previous authentication in the chain has occurred
// let the chain continue
chain.doFilter(request, response);
return;
}
// check to see if a sessions has already been established with this server (sessions may not be allowed depending on configuration)
if (allowSessions) {
final HttpSession session = httpRequest.getSession(true);
final Principal sessionPrin = (Principal) session.getAttribute(SESSION_PRINCIPAL_ATTRIBUTE);
if (sessionPrin != null) {
// move along with the request
final HttpServletRequest wrappedRequest = isPrincipal(httpRequest) ? httpRequest : new PrincipalOverrideRequestWrapper(httpRequest, sessionPrin);
chain.doFilter(wrappedRequest, response);
return;
}
}
// now time to do the auth
// get the auth header
final String authHeader = httpRequest.getHeader("Authorization");
if (authHeader != null && authHeader.toUpperCase(Locale.getDefault()).startsWith("BASIC")) {
Principal princ;
try {
princ = validator.authenticate(authHeader);
} catch (BasicAuthException e) {
// failure, invalid credential or unknown user
final String scheme = httpRequest.isSecure() ? "https://" : "http://";
final String realm = scheme + httpRequest.getLocalName();
httpResponse.setHeader("WWW-Authenticate", "BASIC " + realm);
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// create a new principle and add it the request if one does not already exist
if (allowSessions) {
final HttpSession session = httpRequest.getSession(true);
session.setAttribute(SESSION_PRINCIPAL_ATTRIBUTE, princ);
}
final HttpServletRequest wrappedRequest = isPrincipal(httpRequest) ? httpRequest : new PrincipalOverrideRequestWrapper(httpRequest, princ);
chain.doFilter(wrappedRequest, httpResponse);
return;
}
// else reject the request since it's a not a request we handle
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
BasicAuthException(org.nhindirect.common.rest.auth.exceptions.BasicAuthException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Principal(java.security.Principal)
Example 3 with BasicAuthException
use of org.nhindirect.common.rest.auth.exceptions.BasicAuthException in project nhin-d by DirectProject.
the class HashableBasicAuthValidator_authenticateRawTest method testAuthenticate_invalidCreds_assertAssertException.
@Test
public void testAuthenticate_invalidCreds_assertAssertException() throws Exception {
BasicAuthValidator validator = buildValidator();
boolean exceptionOccured = false;
try {
final String rawAuth = buildRawCredential("gm2552", "Password");
validator.authenticate(rawAuth);
} catch (BasicAuthException e) {
exceptionOccured = true;
}
assertTrue(exceptionOccured);
}
Also used :
BasicAuthValidator(org.nhindirect.common.rest.auth.BasicAuthValidator)
BasicAuthException(org.nhindirect.common.rest.auth.exceptions.BasicAuthException)
Test(org.junit.Test)
Example 4 with BasicAuthException
use of org.nhindirect.common.rest.auth.exceptions.BasicAuthException in project nhin-d by DirectProject.
the class HashableBasicAuthValidator_authenticateTest method testAuthenticate_invalidCreds_assertAssertException.
@Test
public void testAuthenticate_invalidCreds_assertAssertException() throws Exception {
BasicAuthValidator validator = buildValidator();
boolean exceptionOccured = false;
try {
validator.authenticate("gm2552", "Password");
} catch (BasicAuthException e) {
exceptionOccured = true;
}
assertTrue(exceptionOccured);
}
Also used :
BasicAuthValidator(org.nhindirect.common.rest.auth.BasicAuthValidator)
BasicAuthException(org.nhindirect.common.rest.auth.exceptions.BasicAuthException)
Test(org.junit.Test)
Aggregations
BasicAuthException (org.nhindirect.common.rest.auth.exceptions.BasicAuthException)4
Test (org.junit.Test)3
BasicAuthValidator (org.nhindirect.common.rest.auth.BasicAuthValidator)3
Principal (java.security.Principal)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
HttpSession (javax.servlet.http.HttpSession)1
