View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.http.impl.auth;
28  
29  import java.util.HashMap;
30  import java.util.LinkedList;
31  import java.util.Queue;
32  
33  import org.apache.http.Header;
34  import org.apache.http.HttpHost;
35  import org.apache.http.HttpRequest;
36  import org.apache.http.HttpResponse;
37  import org.apache.http.HttpStatus;
38  import org.apache.http.HttpVersion;
39  import org.apache.http.auth.AUTH;
40  import org.apache.http.auth.AuthOption;
41  import org.apache.http.auth.AuthProtocolState;
42  import org.apache.http.auth.AuthSchemeProvider;
43  import org.apache.http.auth.AuthScope;
44  import org.apache.http.auth.AuthState;
45  import org.apache.http.auth.AuthenticationException;
46  import org.apache.http.auth.ContextAwareAuthScheme;
47  import org.apache.http.auth.Credentials;
48  import org.apache.http.auth.MalformedChallengeException;
49  import org.apache.http.client.AuthCache;
50  import org.apache.http.client.AuthenticationStrategy;
51  import org.apache.http.client.protocol.HttpClientContext;
52  import org.apache.http.config.Lookup;
53  import org.apache.http.config.RegistryBuilder;
54  import org.apache.http.impl.client.BasicCredentialsProvider;
55  import org.apache.http.impl.client.TargetAuthenticationStrategy;
56  import org.apache.http.message.BasicHeader;
57  import org.apache.http.message.BasicHttpRequest;
58  import org.apache.http.message.BasicHttpResponse;
59  import org.apache.http.protocol.BasicHttpContext;
60  import org.apache.http.protocol.HttpContext;
61  import org.apache.http.protocol.HttpCoreContext;
62  import org.junit.Assert;
63  import org.junit.Before;
64  import org.junit.Test;
65  import org.mockito.Mockito;
66  
67  @SuppressWarnings({"boxing","static-access"})
68  public class TestHttpAuthenticator {
69  
70      private AuthenticationStrategy defltAuthStrategy;
71      private AuthState authState;
72      private ContextAwareAuthScheme authScheme;
73      private HttpContext context;
74      private HttpHost defaultHost;
75      private Credentials credentials;
76      private BasicCredentialsProvider credentialsProvider;
77      private Lookup<AuthSchemeProvider> authSchemeRegistry;
78      private AuthCache authCache;
79      private HttpAuthenticator httpAuthenticator;
80  
81      @Before
82      public void setUp() throws Exception {
83          this.defltAuthStrategy = Mockito.mock(AuthenticationStrategy.class);
84          this.authState = new AuthState();
85          this.authScheme = Mockito.mock(ContextAwareAuthScheme.class);
86          Mockito.when(this.authScheme.getSchemeName()).thenReturn("Basic");
87          Mockito.when(this.authScheme.isComplete()).thenReturn(Boolean.TRUE);
88          this.context = new BasicHttpContext();
89          this.defaultHost = new HttpHost("localhost", 80);
90          this.context.setAttribute(HttpCoreContext.HTTP_TARGET_HOST, this.defaultHost);
91          this.credentials = Mockito.mock(Credentials.class);
92          this.credentialsProvider = new BasicCredentialsProvider();
93          this.credentialsProvider.setCredentials(AuthScope.ANY, this.credentials);
94          this.context.setAttribute(HttpClientContext.CREDS_PROVIDER, this.credentialsProvider);
95          this.authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
96              .register("basic", new BasicSchemeFactory())
97              .register("digest", new DigestSchemeFactory())
98              .register("ntlm", new NTLMSchemeFactory()).build();
99          this.context.setAttribute(HttpClientContext.AUTHSCHEME_REGISTRY, this.authSchemeRegistry);
100         this.authCache = Mockito.mock(AuthCache.class);
101         this.context.setAttribute(HttpClientContext.AUTH_CACHE, this.authCache);
102         this.httpAuthenticator = new HttpAuthenticator();
103     }
104 
105     @Test
106     public void testAuthenticationRequested() throws Exception {
107         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
108         Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
109                 Mockito.any(HttpHost.class),
110                 Mockito.any(HttpResponse.class),
111                 Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);
112 
113         Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
114                 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
115 
116         Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
117     }
118 
119     @Test
120     public void testAuthenticationRequestedAfterSuccess() throws Exception {
121         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
122         Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
123                 Mockito.any(HttpHost.class),
124                 Mockito.any(HttpResponse.class),
125                 Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);
126 
127         this.authState.update(this.authScheme, this.credentials);
128         this.authState.setState(AuthProtocolState.SUCCESS);
129 
130         Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
131                 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
132 
133         Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
134         Mockito.verify(this.defltAuthStrategy).authFailed(this.defaultHost, this.authScheme, this.context);
135     }
136 
137     @Test
138     public void testAuthenticationNotRequestedUnchallenged() throws Exception {
139         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
140         Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
141                 Mockito.any(HttpHost.class),
142                 Mockito.any(HttpResponse.class),
143                 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
144 
145         Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
146                 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
147         Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
148 
149         Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
150     }
151 
152     @Test
153     public void testAuthenticationNotRequestedSuccess1() throws Exception {
154         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
155         Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
156                 Mockito.any(HttpHost.class),
157                 Mockito.any(HttpResponse.class),
158                 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
159         this.authState.update(this.authScheme, this.credentials);
160         this.authState.setState(AuthProtocolState.CHALLENGED);
161 
162         Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
163                 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
164         Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());
165 
166         Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
167         Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
168     }
169 
170     @Test
171     public void testAuthenticationNotRequestedSuccess2() throws Exception {
172         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
173         Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
174                 Mockito.any(HttpHost.class),
175                 Mockito.any(HttpResponse.class),
176                 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
177         this.authState.update(this.authScheme, this.credentials);
178         this.authState.setState(AuthProtocolState.HANDSHAKE);
179 
180         Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
181                 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
182         Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());
183 
184         Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
185         Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
186     }
187 
188     @Test
189     public void testAuthentication() throws Exception {
190         final HttpHost host = new HttpHost("somehost", 80);
191         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
192         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
193         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
194         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
195 
196         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
197 
198         Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
199                 response, authStrategy, this.authState, this.context));
200         Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
201 
202         final Queue<AuthOption> options = this.authState.getAuthOptions();
203         Assert.assertNotNull(options);
204         final AuthOption option1 = options.poll();
205         Assert.assertNotNull(option1);
206         Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
207         final AuthOption option2 = options.poll();
208         Assert.assertNotNull(option2);
209         Assert.assertEquals("basic", option2.getAuthScheme().getSchemeName());
210         Assert.assertNull(options.poll());
211     }
212 
213     @Test
214     public void testAuthenticationNoChallenges() throws Exception {
215         final HttpHost host = new HttpHost("somehost", 80);
216         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
217 
218         Mockito.when(this.defltAuthStrategy.getChallenges(
219                 Mockito.any(HttpHost.class),
220                 Mockito.any(HttpResponse.class),
221                 Mockito.any(HttpContext.class))).thenReturn(new HashMap<String, Header>());
222 
223         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
224                 response, this.defltAuthStrategy, this.authState, this.context));
225     }
226 
227     @Test
228     public void testAuthenticationNoSupportedChallenges() throws Exception {
229         final HttpHost host = new HttpHost("somehost", 80);
230         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
231         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "This realm=\"test\""));
232         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "That realm=\"realm1\", nonce=\"1234\""));
233 
234         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
235 
236         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
237                 response, authStrategy, this.authState, this.context));
238     }
239 
240     @Test
241     public void testAuthenticationNoCredentials() throws Exception {
242         final HttpHost host = new HttpHost("somehost", 80);
243         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
244         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
245         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
246 
247         this.credentialsProvider.clear();
248 
249         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
250 
251         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
252                 response, authStrategy, this.authState, this.context));
253     }
254 
255     @Test
256     public void testAuthenticationFailed() throws Exception {
257         final HttpHost host = new HttpHost("somehost", 80);
258         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
259         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
260         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
261 
262         this.authState.setState(AuthProtocolState.CHALLENGED);
263         this.authState.update(this.authScheme, this.credentials);
264 
265         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
266 
267         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
268                 response, authStrategy, this.authState, this.context));
269 
270         Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
271 
272         Mockito.verify(this.authCache).remove(host);
273     }
274 
275     @Test
276     public void testAuthenticationFailedPreviously() throws Exception {
277         final HttpHost host = new HttpHost("somehost", 80);
278         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
279         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
280         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
281 
282         this.authState.setState(AuthProtocolState.FAILURE);
283 
284         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
285 
286         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
287                 response, authStrategy, this.authState, this.context));
288 
289         Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
290     }
291 
292     @Test
293     public void testAuthenticationFailure() throws Exception {
294         final HttpHost host = new HttpHost("somehost", 80);
295         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
296         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
297         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
298         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
299 
300         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
301 
302         this.authState.setState(AuthProtocolState.CHALLENGED);
303         this.authState.update(new BasicScheme(), this.credentials);
304 
305         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
306                 response, authStrategy, this.authState, this.context));
307         Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
308         Assert.assertNull(this.authState.getCredentials());
309     }
310 
311     @Test
312     public void testAuthenticationHandshaking() throws Exception {
313         final HttpHost host = new HttpHost("somehost", 80);
314         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
315         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
316         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", stale=true, nonce=\"1234\""));
317         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
318 
319         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
320 
321         this.authState.setState(AuthProtocolState.CHALLENGED);
322         this.authState.update(new DigestScheme(), this.credentials);
323 
324         Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
325                 response, authStrategy, this.authState, this.context));
326 
327         Assert.assertEquals(AuthProtocolState.HANDSHAKE, this.authState.getState());
328     }
329 
330     @Test
331     public void testAuthenticationNoMatchingChallenge() throws Exception {
332         final HttpHost host = new HttpHost("somehost", 80);
333         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
334         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
335         response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
336 
337         final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
338 
339         this.authState.setState(AuthProtocolState.CHALLENGED);
340         this.authState.update(new BasicScheme(), this.credentials);
341 
342         Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
343                 response, authStrategy, this.authState, this.context));
344         Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
345 
346         final Queue<AuthOption> options = this.authState.getAuthOptions();
347         Assert.assertNotNull(options);
348         final AuthOption option1 = options.poll();
349         Assert.assertNotNull(option1);
350         Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
351         Assert.assertNull(options.poll());
352     }
353 
354     @Test
355     public void testAuthenticationException() throws Exception {
356         final HttpHost host = new HttpHost("somehost", 80);
357         final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
358 
359         this.authState.setState(AuthProtocolState.CHALLENGED);
360 
361         Mockito.doThrow(new MalformedChallengeException()).when(this.defltAuthStrategy).getChallenges(
362                 Mockito.any(HttpHost.class),
363                 Mockito.any(HttpResponse.class),
364                 Mockito.any(HttpContext.class));
365 
366         Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
367                 response, this.defltAuthStrategy, this.authState, this.context));
368 
369         Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
370         Assert.assertNull(this.authState.getAuthScheme());
371         Assert.assertNull(this.authState.getCredentials());
372     }
373 
374     @Test
375     public void testAuthFailureState() throws Exception {
376         final HttpRequest request = new BasicHttpRequest("GET", "/");
377         this.authState.setState(AuthProtocolState.FAILURE);
378         this.authState.update(this.authScheme, this.credentials);
379 
380         this.httpAuthenticator.generateAuthResponse(request, authState, context);
381 
382         Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
383 
384         Mockito.verify(this.authScheme, Mockito.never()).authenticate(
385                 Mockito.any(Credentials.class),
386                 Mockito.any(HttpRequest.class),
387                 Mockito.any(HttpContext.class));
388     }
389 
390     @Test
391     public void testAuthChallengeStateNoOption() throws Exception {
392         final HttpRequest request = new BasicHttpRequest("GET", "/");
393         this.authState.setState(AuthProtocolState.CHALLENGED);
394         this.authState.update(this.authScheme, this.credentials);
395 
396         Mockito.when(this.authScheme.authenticate(
397                 Mockito.any(Credentials.class),
398                 Mockito.any(HttpRequest.class),
399                 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
400 
401         this.httpAuthenticator.generateAuthResponse(request, authState, context);
402 
403         Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
404 
405         Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
406     }
407 
408     @Test
409     public void testAuthChallengeStateOneOptions() throws Exception {
410         final HttpRequest request = new BasicHttpRequest("GET", "/");
411         this.authState.setState(AuthProtocolState.CHALLENGED);
412         final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
413         authOptions.add(new AuthOption(this.authScheme, this.credentials));
414         this.authState.update(authOptions);
415 
416         Mockito.when(this.authScheme.authenticate(
417                 Mockito.any(Credentials.class),
418                 Mockito.any(HttpRequest.class),
419                 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
420 
421         this.httpAuthenticator.generateAuthResponse(request, authState, context);
422 
423         Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
424         Assert.assertSame(this.credentials, this.authState.getCredentials());
425         Assert.assertNull(this.authState.getAuthOptions());
426 
427         Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
428 
429         Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
430     }
431 
432     @Test
433     public void testAuthChallengeStateMultipleOption() throws Exception {
434         final HttpRequest request = new BasicHttpRequest("GET", "/");
435         this.authState.setState(AuthProtocolState.CHALLENGED);
436 
437         final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
438         final ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class);
439         Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate(
440                 Mockito.any(Credentials.class),
441                 Mockito.any(HttpRequest.class),
442                 Mockito.any(HttpContext.class));
443         final ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class);
444         Mockito.when(authScheme2.authenticate(
445                 Mockito.any(Credentials.class),
446                 Mockito.any(HttpRequest.class),
447                 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
448         authOptions.add(new AuthOption(authScheme1, this.credentials));
449         authOptions.add(new AuthOption(authScheme2, this.credentials));
450         this.authState.update(authOptions);
451 
452         this.httpAuthenticator.generateAuthResponse(request, authState, context);
453 
454         Assert.assertSame(authScheme2, this.authState.getAuthScheme());
455         Assert.assertSame(this.credentials, this.authState.getCredentials());
456         Assert.assertNull(this.authState.getAuthOptions());
457 
458         Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
459 
460         Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context);
461         Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context);
462     }
463 
464     @Test
465     public void testAuthSuccess() throws Exception {
466         final HttpRequest request = new BasicHttpRequest("GET", "/");
467         this.authState.setState(AuthProtocolState.SUCCESS);
468         this.authState.update(this.authScheme, this.credentials);
469 
470         Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE);
471         Mockito.when(this.authScheme.authenticate(
472                 Mockito.any(Credentials.class),
473                 Mockito.any(HttpRequest.class),
474                 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
475 
476         this.httpAuthenticator.generateAuthResponse(request, authState, context);
477 
478         Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
479         Assert.assertSame(this.credentials, this.authState.getCredentials());
480         Assert.assertNull(this.authState.getAuthOptions());
481 
482         Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
483 
484         Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
485     }
486 
487     @Test
488     public void testAuthSuccessConnectionBased() throws Exception {
489         final HttpRequest request = new BasicHttpRequest("GET", "/");
490         this.authState.setState(AuthProtocolState.SUCCESS);
491         this.authState.update(this.authScheme, this.credentials);
492 
493         Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE);
494         Mockito.when(this.authScheme.authenticate(
495                 Mockito.any(Credentials.class),
496                 Mockito.any(HttpRequest.class),
497                 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
498 
499         this.httpAuthenticator.generateAuthResponse(request, authState, context);
500 
501         Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
502 
503         Mockito.verify(this.authScheme, Mockito.never()).authenticate(
504                 Mockito.any(Credentials.class),
505                 Mockito.any(HttpRequest.class),
506                 Mockito.any(HttpContext.class));
507     }
508 
509 }