1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 package org.apache.http.impl.client.integration;
28
29 import java.io.IOException;
30 import java.security.Principal;
31
32 import org.apache.http.HttpException;
33 import org.apache.http.HttpHost;
34 import org.apache.http.HttpRequest;
35 import org.apache.http.HttpResponse;
36 import org.apache.http.HttpStatus;
37 import org.apache.http.auth.AuthScheme;
38 import org.apache.http.auth.AuthSchemeProvider;
39 import org.apache.http.auth.AuthScope;
40 import org.apache.http.auth.Credentials;
41 import org.apache.http.client.CredentialsProvider;
42 import org.apache.http.client.config.AuthSchemes;
43 import org.apache.http.client.methods.HttpGet;
44 import org.apache.http.config.Registry;
45 import org.apache.http.config.RegistryBuilder;
46 import org.apache.http.entity.StringEntity;
47 import org.apache.http.impl.auth.SPNegoScheme;
48 import org.apache.http.impl.client.BasicCredentialsProvider;
49 import org.apache.http.impl.client.HttpClients;
50 import org.apache.http.localserver.LocalServerTestBase;
51 import org.apache.http.message.BasicHeader;
52 import org.apache.http.protocol.HttpContext;
53 import org.apache.http.protocol.HttpRequestHandler;
54 import org.apache.http.util.EntityUtils;
55 import org.ietf.jgss.GSSContext;
56 import org.ietf.jgss.GSSCredential;
57 import org.ietf.jgss.GSSManager;
58 import org.ietf.jgss.GSSName;
59 import org.ietf.jgss.Oid;
60 import org.junit.Assert;
61 import org.junit.Test;
62 import org.mockito.Matchers;
63 import org.mockito.Mockito;
64
65
66
67
68 public class TestSPNegoScheme extends LocalServerTestBase {
69
70
71
72
73 private static class PleaseNegotiateService implements HttpRequestHandler {
74
75 @Override
76 public void handle(
77 final HttpRequest request,
78 final HttpResponse response,
79 final HttpContext context) throws HttpException, IOException {
80 response.setStatusCode(HttpStatus.SC_UNAUTHORIZED);
81 response.addHeader(new BasicHeader("WWW-Authenticate", "Negotiate blablabla"));
82 response.addHeader(new BasicHeader("Connection", "Keep-Alive"));
83 response.setEntity(new StringEntity("auth required "));
84 }
85 }
86
87
88
89
90
91
92 private static class NegotiateSchemeWithMockGssManager extends SPNegoScheme {
93
94 GSSManager manager = Mockito.mock(GSSManager.class);
95 GSSName name = Mockito.mock(GSSName.class);
96 GSSContext context = Mockito.mock(GSSContext.class);
97
98 NegotiateSchemeWithMockGssManager() throws Exception {
99 super(true);
100 Mockito.when(context.initSecContext(
101 Matchers.any(byte[].class), Matchers.anyInt(), Matchers.anyInt()))
102 .thenReturn("12345678".getBytes());
103 Mockito.when(manager.createName(
104 Matchers.any(String.class), Matchers.any(Oid.class)))
105 .thenReturn(name);
106 Mockito.when(manager.createContext(
107 Matchers.any(GSSName.class), Matchers.any(Oid.class),
108 Matchers.any(GSSCredential.class), Matchers.anyInt()))
109 .thenReturn(context);
110 }
111
112 @Override
113 protected GSSManager getManager() {
114 return manager;
115 }
116
117 }
118
119 private static class UseJaasCredentials implements Credentials {
120
121 @Override
122 public String getPassword() {
123 return null;
124 }
125
126 @Override
127 public Principal getUserPrincipal() {
128 return null;
129 }
130
131 }
132
133 private static class NegotiateSchemeProviderWithMockGssManager implements AuthSchemeProvider {
134
135 NegotiateSchemeWithMockGssManager scheme;
136
137 NegotiateSchemeProviderWithMockGssManager() throws Exception {
138 scheme = new NegotiateSchemeWithMockGssManager();
139 }
140
141 @Override
142 public AuthScheme create(final HttpContext context) {
143 return scheme;
144 }
145
146 }
147
148
149
150
151
152 @Test
153 public void testDontTryToAuthenticateEndlessly() throws Exception {
154 this.serverBootstrap.registerHandler("*", new PleaseNegotiateService());
155 final HttpHost target = start();
156
157 final AuthSchemeProvider nsf = new NegotiateSchemeProviderWithMockGssManager();
158 final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
159 final Credentials use_jaas_creds = new UseJaasCredentials();
160 credentialsProvider.setCredentials(new AuthScope(null, -1, null), use_jaas_creds);
161
162 final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
163 .register(AuthSchemes.SPNEGO, nsf)
164 .build();
165 this.httpclient = HttpClients.custom()
166 .setDefaultAuthSchemeRegistry(authSchemeRegistry)
167 .setDefaultCredentialsProvider(credentialsProvider)
168 .build();
169
170 final String s = "/path";
171 final HttpGet httpget = new HttpGet(s);
172 final HttpResponse response = this.httpclient.execute(target, httpget);
173 EntityUtils.consume(response.getEntity());
174
175 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
176 }
177
178
179
180
181
182 @Test
183 public void testNoTokenGeneratedError() throws Exception {
184 this.serverBootstrap.registerHandler("*", new PleaseNegotiateService());
185 final HttpHost target = start();
186
187 final AuthSchemeProvider nsf = new NegotiateSchemeProviderWithMockGssManager();
188
189 final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
190 final Credentials use_jaas_creds = new UseJaasCredentials();
191 credentialsProvider.setCredentials(new AuthScope(null, -1, null), use_jaas_creds);
192
193 final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
194 .register(AuthSchemes.SPNEGO, nsf)
195 .build();
196 this.httpclient = HttpClients.custom()
197 .setDefaultAuthSchemeRegistry(authSchemeRegistry)
198 .setDefaultCredentialsProvider(credentialsProvider)
199 .build();
200
201 final String s = "/path";
202 final HttpGet httpget = new HttpGet(s);
203 final HttpResponse response = this.httpclient.execute(target, httpget);
204 EntityUtils.consume(response.getEntity());
205
206 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getStatusLine().getStatusCode());
207 }
208
209 }