package io.dropwizard.auth.basic;
import com.codahale.metrics.MetricRegistry;
import com.google.common.base.Optional;
import io.dropwizard.auth.Auth;
import io.dropwizard.auth.AuthFactory;
import io.dropwizard.auth.AuthResource;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.dropwizard.jersey.DropwizardResourceConfig;
import io.dropwizard.logging.LoggingFactory;
import org.glassfish.jersey.servlet.ServletProperties;
import org.glassfish.jersey.test.DeploymentContext;
import org.glassfish.jersey.test.JerseyTest;
import org.glassfish.jersey.test.ServletDeploymentContext;
import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
import org.glassfish.jersey.test.spi.TestContainerException;
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.junit.Test;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.failBecauseExceptionWasNotThrown;
public class BasicAuthProviderTest extends JerseyTest {
static {
LoggingFactory.bootstrap();
}
@Override
protected TestContainerFactory getTestContainerFactory()
throws TestContainerException {
return new GrizzlyWebTestContainerFactory();
}
@Override
protected DeploymentContext configureDeployment() {
return ServletDeploymentContext.builder(new BasicAuthTestResourceConfig())
.initParam(ServletProperties.JAXRS_APPLICATION_CLASS, BasicAuthTestResourceConfig.class.getName())
.build();
}
@Test
public void respondsToMissingCredentialsWith401() throws Exception {
try {
target("/test").request().get(String.class);
failBecauseExceptionWasNotThrown(WebApplicationException.class);
} catch (WebApplicationException e) {
assertThat(e.getResponse().getStatus()).isEqualTo(401);
assertThat(e.getResponse().getHeaders().get(HttpHeaders.WWW_AUTHENTICATE))
.containsOnly("Basic realm=\"realm\"");
}
}
@Test
public void transformsCredentialsToPrincipals() throws Exception {
assertThat(target("/test").request()
.header(HttpHeaders.AUTHORIZATION, "Basic Z29vZC1ndXk6c2VjcmV0")
.get(String.class))
.isEqualTo("good-guy");
}
@Test
public void respondsToNonBasicCredentialsWith401() throws Exception {
try {
target("/test").request()
.header(HttpHeaders.AUTHORIZATION, "Derp Z29vZC1ndXk6c2VjcmV0")
.get(String.class);
failBecauseExceptionWasNotThrown(WebApplicationException.class);
} catch (WebApplicationException e) {
assertThat(e.getResponse().getStatus()).isEqualTo(401);
assertThat(e.getResponse().getHeaders().get(HttpHeaders.WWW_AUTHENTICATE))
.containsOnly("Basic realm=\"realm\"");
}
}
@Test
public void respondsToExceptionsWith500() throws Exception {
try {
target("/test").request()
.header(HttpHeaders.AUTHORIZATION, "Basic YmFkLWd1eTpzZWNyZXQ=")
.get(String.class);
failBecauseExceptionWasNotThrown(WebApplicationException.class);
} catch (WebApplicationException e) {
assertThat(e.getResponse().getStatus()).isEqualTo(500);
}
}
@Path("/test/")
@Produces(MediaType.TEXT_PLAIN)
public static class ExampleResource {
@GET
public String show(@Auth String principal) {
return principal;
}
}
public static class BasicAuthTestResourceConfig extends DropwizardResourceConfig {
public BasicAuthTestResourceConfig() {
super(true, new MetricRegistry());
final Authenticator<BasicCredentials, String> authenticator = new Authenticator<BasicCredentials, String>() {
@Override
public Optional<String> authenticate(BasicCredentials credentials) throws AuthenticationException {
if ("good-guy".equals(credentials.getUsername()) &&
"secret".equals(credentials.getPassword())) {
return Optional.of("good-guy");
}
if ("bad-guy".equals(credentials.getUsername())) {
throw new AuthenticationException("CRAP");
}
return Optional.absent();
}
};
register(AuthFactory.binder(new BasicAuthFactory<>(authenticator, "realm", String.class)));
register(AuthResource.class);
}
}
}