From c401a60bd7ae6b9363f86488ef8b31a1a245014c Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 10 Apr 2013 07:49:30 +0000
Subject: [PATCH] OPENDJ-830 (CR-1522) Implement authentication and authorization for HTTP connection handler
---
opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java | 23 +++++++++++++++++++++++
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java | 22 ++++++++++++++++++++++
2 files changed, 45 insertions(+), 0 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java b/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
index ed7ed89..e024b22 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
@@ -32,6 +32,7 @@
import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.server.util.StaticUtils.*;
+import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.ParseException;
@@ -41,6 +42,7 @@
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
@@ -289,6 +291,27 @@
resp.setHeader("WWW-Authenticate",
"Basic realm=\"org.forgerock.opendj\"");
}
+
+ try
+ {
+ // Send error JSON document out
+ resp.setHeader("Content-Type", "application/json");
+
+ ServletOutputStream out = resp.getOutputStream();
+ out.println("{");
+ out.println(" \"code\": 401,");
+ out.println(" \"message\": \"Invalid Credentials\",");
+ out.println(" \"reason\": \"Unauthorized\"");
+ out.println("}");
+ }
+ catch (IOException ignore)
+ {
+ // nothing else we can do in this case
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, ignore);
+ }
+ }
}
/**
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java
index 010b0aa..a716594 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilterTest.java
@@ -29,6 +29,9 @@
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
+import java.io.IOException;
+
+import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -81,26 +84,45 @@
@Test
public void sendUnauthorizedResponseWithHttpBasicAuthWillChallengeUserAgent()
+ throws Exception
{
authConfig.setBasicAuthenticationSupported(true);
+ ServletOutputStream oStream = mock(ServletOutputStream.class);
HttpServletResponse response = mock(HttpServletResponse.class);
+ when(response.getOutputStream()).thenReturn(oStream);
filter.sendUnauthorizedResponseWithHTTPBasicAuthChallenge(response);
verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
verify(response).setHeader("WWW-Authenticate",
"Basic realm=\"org.forgerock.opendj\"");
+ verifyUnauthorizedOutputMessage(response, oStream);
}
@Test
public void sendUnauthorizedResponseWithoutHttpBasicAuthWillNotChallengeUserAgent()
+ throws Exception
{
authConfig.setBasicAuthenticationSupported(true);
HttpServletResponse response = mock(HttpServletResponse.class);
+ ServletOutputStream oStream = mock(ServletOutputStream.class);
+ when(response.getOutputStream()).thenReturn(oStream);
filter.sendUnauthorizedResponseWithHTTPBasicAuthChallenge(response);
verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ verifyUnauthorizedOutputMessage(response, oStream);
+ }
+
+ private void verifyUnauthorizedOutputMessage(HttpServletResponse response,
+ ServletOutputStream oStream) throws IOException
+ {
+ verify(response).getOutputStream();
+ verify(oStream).println("{");
+ verify(oStream).println(" \"code\": 401,");
+ verify(oStream).println(" \"message\": \"Invalid Credentials\",");
+ verify(oStream).println(" \"reason\": \"Unauthorized\"");
+ verify(oStream).println("}");
}
@Test
--
Gitblit v1.10.0