OPENDJ-830 (CR-1522) Implement authentication and authorization for HTTP co...

Jean-Noel Rouvignac

10.49.2013 7d0a463c658fe30fef8bfa93856a15e1ac08659b

OPENDJ-830 (CR-1522) Implement authentication and authorization for HTTP connection handler

Output an error JSON document in case of authentication failure.

CollectClientConnectionsFilter.java:
In sendUnauthorizedResponseWithHTTPBasicAuthChallenge(), send a JSON document to the caller to bring the HTTP Connection Handler at par with the gateway.

CollectClientConnectionsFilterTest.java:
Updated tests.

 opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java

@@ -32,6 +32,7 @@
import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.server.util.StaticUtils.*;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.ParseException;
@@ -41,6 +42,7 @@
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
@@ -289,6 +291,27 @@
      resp.setHeader("WWW-Authenticate",
          "Basic realm=\"org.forgerock.opendj\"");
    }

    try
    {
      // Send error JSON document out
      resp.setHeader("Content-Type", "application/json");

      ServletOutputStream out = resp.getOutputStream();
      out.println("{");
      out.println("    \"code\": 401,");
      out.println("    \"message\": \"Invalid Credentials\",");
      out.println("    \"reason\": \"Unauthorized\"");
      out.println("}");
    }
    catch (IOException ignore)
    {
      // nothing else we can do in this case
      if (debugEnabled())
      {
        TRACER.debugCaught(DebugLogLevel.ERROR, ignore);
      }
    }
  }

  /**

 opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java

@@ -29,6 +29,9 @@
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;

import java.io.IOException;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@@ -81,26 +84,45 @@

  @Test
  public void sendUnauthorizedResponseWithHttpBasicAuthWillChallengeUserAgent()
      throws Exception
  {
    authConfig.setBasicAuthenticationSupported(true);

    ServletOutputStream oStream = mock(ServletOutputStream.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    when(response.getOutputStream()).thenReturn(oStream);
    filter.sendUnauthorizedResponseWithHTTPBasicAuthChallenge(response);

    verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    verify(response).setHeader("WWW-Authenticate",
        "Basic realm=\"org.forgerock.opendj\"");
    verifyUnauthorizedOutputMessage(response, oStream);
  }

  @Test
  public void sendUnauthorizedResponseWithoutHttpBasicAuthWillNotChallengeUserAgent()
      throws Exception
  {
    authConfig.setBasicAuthenticationSupported(true);

    HttpServletResponse response = mock(HttpServletResponse.class);
    ServletOutputStream oStream = mock(ServletOutputStream.class);
    when(response.getOutputStream()).thenReturn(oStream);
    filter.sendUnauthorizedResponseWithHTTPBasicAuthChallenge(response);

    verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    verifyUnauthorizedOutputMessage(response, oStream);
  }

  private void verifyUnauthorizedOutputMessage(HttpServletResponse response,
      ServletOutputStream oStream) throws IOException
  {
    verify(response).getOutputStream();
    verify(oStream).println("{");
    verify(oStream).println("    \"code\": 401,");
    verify(oStream).println("    \"message\": \"Invalid Credentials\",");
    verify(oStream).println("    \"reason\": \"Unauthorized\"");
    verify(oStream).println("}");
  }

  @Test