1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 package org.apache.http.impl.auth;
28
29 import java.util.HashMap;
30 import java.util.LinkedList;
31 import java.util.Queue;
32
33 import org.apache.http.Header;
34 import org.apache.http.HttpHost;
35 import org.apache.http.HttpRequest;
36 import org.apache.http.HttpResponse;
37 import org.apache.http.HttpStatus;
38 import org.apache.http.HttpVersion;
39 import org.apache.http.auth.AUTH;
40 import org.apache.http.auth.AuthOption;
41 import org.apache.http.auth.AuthProtocolState;
42 import org.apache.http.auth.AuthSchemeProvider;
43 import org.apache.http.auth.AuthScope;
44 import org.apache.http.auth.AuthState;
45 import org.apache.http.auth.AuthenticationException;
46 import org.apache.http.auth.ContextAwareAuthScheme;
47 import org.apache.http.auth.Credentials;
48 import org.apache.http.auth.MalformedChallengeException;
49 import org.apache.http.client.AuthCache;
50 import org.apache.http.client.AuthenticationStrategy;
51 import org.apache.http.client.protocol.HttpClientContext;
52 import org.apache.http.config.Lookup;
53 import org.apache.http.config.RegistryBuilder;
54 import org.apache.http.impl.client.BasicCredentialsProvider;
55 import org.apache.http.impl.client.TargetAuthenticationStrategy;
56 import org.apache.http.message.BasicHeader;
57 import org.apache.http.message.BasicHttpRequest;
58 import org.apache.http.message.BasicHttpResponse;
59 import org.apache.http.protocol.BasicHttpContext;
60 import org.apache.http.protocol.HttpContext;
61 import org.apache.http.protocol.HttpCoreContext;
62 import org.junit.Assert;
63 import org.junit.Before;
64 import org.junit.Test;
65 import org.mockito.Mockito;
66
67 @SuppressWarnings({"boxing","static-access"})
68 public class TestHttpAuthenticator {
69
70 private AuthenticationStrategy defltAuthStrategy;
71 private AuthState authState;
72 private ContextAwareAuthScheme authScheme;
73 private HttpContext context;
74 private HttpHost defaultHost;
75 private Credentials credentials;
76 private BasicCredentialsProvider credentialsProvider;
77 private Lookup<AuthSchemeProvider> authSchemeRegistry;
78 private AuthCache authCache;
79 private HttpAuthenticator httpAuthenticator;
80
81 @Before
82 public void setUp() throws Exception {
83 this.defltAuthStrategy = Mockito.mock(AuthenticationStrategy.class);
84 this.authState = new AuthState();
85 this.authScheme = Mockito.mock(ContextAwareAuthScheme.class);
86 Mockito.when(this.authScheme.getSchemeName()).thenReturn("Basic");
87 Mockito.when(this.authScheme.isComplete()).thenReturn(Boolean.TRUE);
88 this.context = new BasicHttpContext();
89 this.defaultHost = new HttpHost("localhost", 80);
90 this.context.setAttribute(HttpCoreContext.HTTP_TARGET_HOST, this.defaultHost);
91 this.credentials = Mockito.mock(Credentials.class);
92 this.credentialsProvider = new BasicCredentialsProvider();
93 this.credentialsProvider.setCredentials(AuthScope.ANY, this.credentials);
94 this.context.setAttribute(HttpClientContext.CREDS_PROVIDER, this.credentialsProvider);
95 this.authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
96 .register("basic", new BasicSchemeFactory())
97 .register("digest", new DigestSchemeFactory())
98 .register("ntlm", new NTLMSchemeFactory()).build();
99 this.context.setAttribute(HttpClientContext.AUTHSCHEME_REGISTRY, this.authSchemeRegistry);
100 this.authCache = Mockito.mock(AuthCache.class);
101 this.context.setAttribute(HttpClientContext.AUTH_CACHE, this.authCache);
102 this.httpAuthenticator = new HttpAuthenticator();
103 }
104
105 @Test
106 public void testAuthenticationRequested() throws Exception {
107 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
108 Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
109 Mockito.any(HttpHost.class),
110 Mockito.any(HttpResponse.class),
111 Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);
112
113 Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
114 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
115
116 Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
117 }
118
119 @Test
120 public void testAuthenticationRequestedAfterSuccess() throws Exception {
121 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
122 Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
123 Mockito.any(HttpHost.class),
124 Mockito.any(HttpResponse.class),
125 Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);
126
127 this.authState.update(this.authScheme, this.credentials);
128 this.authState.setState(AuthProtocolState.SUCCESS);
129
130 Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
131 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
132
133 Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
134 Mockito.verify(this.defltAuthStrategy).authFailed(this.defaultHost, this.authScheme, this.context);
135 }
136
137 @Test
138 public void testAuthenticationNotRequestedUnchallenged() throws Exception {
139 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
140 Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
141 Mockito.any(HttpHost.class),
142 Mockito.any(HttpResponse.class),
143 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
144
145 Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
146 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
147 Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
148
149 Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
150 }
151
152 @Test
153 public void testAuthenticationNotRequestedSuccess1() throws Exception {
154 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
155 Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
156 Mockito.any(HttpHost.class),
157 Mockito.any(HttpResponse.class),
158 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
159 this.authState.update(this.authScheme, this.credentials);
160 this.authState.setState(AuthProtocolState.CHALLENGED);
161
162 Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
163 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
164 Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());
165
166 Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
167 Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
168 }
169
170 @Test
171 public void testAuthenticationNotRequestedSuccess2() throws Exception {
172 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
173 Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
174 Mockito.any(HttpHost.class),
175 Mockito.any(HttpResponse.class),
176 Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
177 this.authState.update(this.authScheme, this.credentials);
178 this.authState.setState(AuthProtocolState.HANDSHAKE);
179
180 Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
181 this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
182 Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());
183
184 Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
185 Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
186 }
187
188 @Test
189 public void testAuthentication() throws Exception {
190 final HttpHost host = new HttpHost("somehost", 80);
191 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
192 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
193 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
194 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
195
196 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
197
198 Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
199 response, authStrategy, this.authState, this.context));
200 Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
201
202 final Queue<AuthOption> options = this.authState.getAuthOptions();
203 Assert.assertNotNull(options);
204 final AuthOption option1 = options.poll();
205 Assert.assertNotNull(option1);
206 Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
207 final AuthOption option2 = options.poll();
208 Assert.assertNotNull(option2);
209 Assert.assertEquals("basic", option2.getAuthScheme().getSchemeName());
210 Assert.assertNull(options.poll());
211 }
212
213 @Test
214 public void testAuthenticationNoChallenges() throws Exception {
215 final HttpHost host = new HttpHost("somehost", 80);
216 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
217
218 Mockito.when(this.defltAuthStrategy.getChallenges(
219 Mockito.any(HttpHost.class),
220 Mockito.any(HttpResponse.class),
221 Mockito.any(HttpContext.class))).thenReturn(new HashMap<String, Header>());
222
223 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
224 response, this.defltAuthStrategy, this.authState, this.context));
225 }
226
227 @Test
228 public void testAuthenticationNoSupportedChallenges() throws Exception {
229 final HttpHost host = new HttpHost("somehost", 80);
230 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
231 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "This realm=\"test\""));
232 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "That realm=\"realm1\", nonce=\"1234\""));
233
234 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
235
236 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
237 response, authStrategy, this.authState, this.context));
238 }
239
240 @Test
241 public void testAuthenticationNoCredentials() throws Exception {
242 final HttpHost host = new HttpHost("somehost", 80);
243 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
244 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
245 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
246
247 this.credentialsProvider.clear();
248
249 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
250
251 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
252 response, authStrategy, this.authState, this.context));
253 }
254
255 @Test
256 public void testAuthenticationFailed() throws Exception {
257 final HttpHost host = new HttpHost("somehost", 80);
258 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
259 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
260 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
261
262 this.authState.setState(AuthProtocolState.CHALLENGED);
263 this.authState.update(this.authScheme, this.credentials);
264
265 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
266
267 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
268 response, authStrategy, this.authState, this.context));
269
270 Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
271
272 Mockito.verify(this.authCache).remove(host);
273 }
274
275 @Test
276 public void testAuthenticationFailedPreviously() throws Exception {
277 final HttpHost host = new HttpHost("somehost", 80);
278 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
279 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
280 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
281
282 this.authState.setState(AuthProtocolState.FAILURE);
283
284 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
285
286 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
287 response, authStrategy, this.authState, this.context));
288
289 Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
290 }
291
292 @Test
293 public void testAuthenticationFailure() throws Exception {
294 final HttpHost host = new HttpHost("somehost", 80);
295 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
296 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
297 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
298 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
299
300 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
301
302 this.authState.setState(AuthProtocolState.CHALLENGED);
303 this.authState.update(new BasicScheme(), this.credentials);
304
305 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
306 response, authStrategy, this.authState, this.context));
307 Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
308 Assert.assertNull(this.authState.getCredentials());
309 }
310
311 @Test
312 public void testAuthenticationHandshaking() throws Exception {
313 final HttpHost host = new HttpHost("somehost", 80);
314 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
315 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
316 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", stale=true, nonce=\"1234\""));
317 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
318
319 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
320
321 this.authState.setState(AuthProtocolState.CHALLENGED);
322 this.authState.update(new DigestScheme(), this.credentials);
323
324 Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
325 response, authStrategy, this.authState, this.context));
326
327 Assert.assertEquals(AuthProtocolState.HANDSHAKE, this.authState.getState());
328 }
329
330 @Test
331 public void testAuthenticationNoMatchingChallenge() throws Exception {
332 final HttpHost host = new HttpHost("somehost", 80);
333 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
334 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
335 response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));
336
337 final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();
338
339 this.authState.setState(AuthProtocolState.CHALLENGED);
340 this.authState.update(new BasicScheme(), this.credentials);
341
342 Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
343 response, authStrategy, this.authState, this.context));
344 Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());
345
346 final Queue<AuthOption> options = this.authState.getAuthOptions();
347 Assert.assertNotNull(options);
348 final AuthOption option1 = options.poll();
349 Assert.assertNotNull(option1);
350 Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
351 Assert.assertNull(options.poll());
352 }
353
354 @Test
355 public void testAuthenticationException() throws Exception {
356 final HttpHost host = new HttpHost("somehost", 80);
357 final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
358
359 this.authState.setState(AuthProtocolState.CHALLENGED);
360
361 Mockito.doThrow(new MalformedChallengeException()).when(this.defltAuthStrategy).getChallenges(
362 Mockito.any(HttpHost.class),
363 Mockito.any(HttpResponse.class),
364 Mockito.any(HttpContext.class));
365
366 Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
367 response, this.defltAuthStrategy, this.authState, this.context));
368
369 Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
370 Assert.assertNull(this.authState.getAuthScheme());
371 Assert.assertNull(this.authState.getCredentials());
372 }
373
374 @Test
375 public void testAuthFailureState() throws Exception {
376 final HttpRequest request = new BasicHttpRequest("GET", "/");
377 this.authState.setState(AuthProtocolState.FAILURE);
378 this.authState.update(this.authScheme, this.credentials);
379
380 this.httpAuthenticator.generateAuthResponse(request, authState, context);
381
382 Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
383
384 Mockito.verify(this.authScheme, Mockito.never()).authenticate(
385 Mockito.any(Credentials.class),
386 Mockito.any(HttpRequest.class),
387 Mockito.any(HttpContext.class));
388 }
389
390 @Test
391 public void testAuthChallengeStateNoOption() throws Exception {
392 final HttpRequest request = new BasicHttpRequest("GET", "/");
393 this.authState.setState(AuthProtocolState.CHALLENGED);
394 this.authState.update(this.authScheme, this.credentials);
395
396 Mockito.when(this.authScheme.authenticate(
397 Mockito.any(Credentials.class),
398 Mockito.any(HttpRequest.class),
399 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
400
401 this.httpAuthenticator.generateAuthResponse(request, authState, context);
402
403 Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
404
405 Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
406 }
407
408 @Test
409 public void testAuthChallengeStateOneOptions() throws Exception {
410 final HttpRequest request = new BasicHttpRequest("GET", "/");
411 this.authState.setState(AuthProtocolState.CHALLENGED);
412 final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
413 authOptions.add(new AuthOption(this.authScheme, this.credentials));
414 this.authState.update(authOptions);
415
416 Mockito.when(this.authScheme.authenticate(
417 Mockito.any(Credentials.class),
418 Mockito.any(HttpRequest.class),
419 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
420
421 this.httpAuthenticator.generateAuthResponse(request, authState, context);
422
423 Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
424 Assert.assertSame(this.credentials, this.authState.getCredentials());
425 Assert.assertNull(this.authState.getAuthOptions());
426
427 Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
428
429 Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
430 }
431
432 @Test
433 public void testAuthChallengeStateMultipleOption() throws Exception {
434 final HttpRequest request = new BasicHttpRequest("GET", "/");
435 this.authState.setState(AuthProtocolState.CHALLENGED);
436
437 final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
438 final ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class);
439 Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate(
440 Mockito.any(Credentials.class),
441 Mockito.any(HttpRequest.class),
442 Mockito.any(HttpContext.class));
443 final ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class);
444 Mockito.when(authScheme2.authenticate(
445 Mockito.any(Credentials.class),
446 Mockito.any(HttpRequest.class),
447 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
448 authOptions.add(new AuthOption(authScheme1, this.credentials));
449 authOptions.add(new AuthOption(authScheme2, this.credentials));
450 this.authState.update(authOptions);
451
452 this.httpAuthenticator.generateAuthResponse(request, authState, context);
453
454 Assert.assertSame(authScheme2, this.authState.getAuthScheme());
455 Assert.assertSame(this.credentials, this.authState.getCredentials());
456 Assert.assertNull(this.authState.getAuthOptions());
457
458 Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
459
460 Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context);
461 Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context);
462 }
463
464 @Test
465 public void testAuthSuccess() throws Exception {
466 final HttpRequest request = new BasicHttpRequest("GET", "/");
467 this.authState.setState(AuthProtocolState.SUCCESS);
468 this.authState.update(this.authScheme, this.credentials);
469
470 Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE);
471 Mockito.when(this.authScheme.authenticate(
472 Mockito.any(Credentials.class),
473 Mockito.any(HttpRequest.class),
474 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
475
476 this.httpAuthenticator.generateAuthResponse(request, authState, context);
477
478 Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
479 Assert.assertSame(this.credentials, this.authState.getCredentials());
480 Assert.assertNull(this.authState.getAuthOptions());
481
482 Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));
483
484 Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
485 }
486
487 @Test
488 public void testAuthSuccessConnectionBased() throws Exception {
489 final HttpRequest request = new BasicHttpRequest("GET", "/");
490 this.authState.setState(AuthProtocolState.SUCCESS);
491 this.authState.update(this.authScheme, this.credentials);
492
493 Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE);
494 Mockito.when(this.authScheme.authenticate(
495 Mockito.any(Credentials.class),
496 Mockito.any(HttpRequest.class),
497 Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
498
499 this.httpAuthenticator.generateAuthResponse(request, authState, context);
500
501 Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));
502
503 Mockito.verify(this.authScheme, Mockito.never()).authenticate(
504 Mockito.any(Credentials.class),
505 Mockito.any(HttpRequest.class),
506 Mockito.any(HttpContext.class));
507 }
508
509 }