public FakeHttpServletRequest setDateHeader(String name, long value) { SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT, Locale.US); format.setTimeZone(TimeZone.getTimeZone("GMT")); setHeader(name, format.format(new Date(value))); return this; }
public FakeHttpServletRequest setDateHeader(String name, long value) { SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT, Locale.US); format.setTimeZone(TimeZone.getTimeZone("GMT")); setHeader(name, format.format(new Date(value))); return this; }
public FakeHttpServletRequest setDateHeader(String name, long value) { SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT, Locale.US); format.setTimeZone(TimeZone.getTimeZone("GMT")); setHeader(name, format.format(new Date(value))); return this; }
public FakeHttpServletRequest setDateHeader(String name, long value) { SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT, Locale.US); format.setTimeZone(TimeZone.getTimeZone("GMT")); setHeader(name, format.format(new Date(value))); return this; }
public FakeHttpServletRequest setDateHeader(String name, long value) { SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT, Locale.US); format.setTimeZone(TimeZone.getTimeZone("GMT")); setHeader(name, format.format(new Date(value))); return this; }
/** * This method serves as the central constructor of this class. The reason it * is not an actual constructor is that Java doesn't allow calling another * constructor at the end of a constructor. e.g. * * <pre> * public FakeHttpServletRequest(String foo) { * // Do something here * this(foo, bar); // calling another constructor here is not allowed * } * </pre> */ protected void constructor(String host, int port, String contextPath, String servletPath, String queryString) { setHeader(HOST_HEADER, host); this.port = port; this.contextPath = contextPath; this.servletPath = servletPath; this.queryString = queryString; if (queryString != null) { decodeQueryString(queryString, parameters); } }
/** * This method serves as the central constructor of this class. The reason it * is not an actual constructor is that Java doesn't allow calling another * constructor at the end of a constructor. e.g. * * <pre> * public FakeHttpServletRequest(String foo) { * // Do something here * this(foo, bar); // calling another constructor here is not allowed * } * </pre> */ protected void constructor(String host, int port, String contextPath, String servletPath, String queryString) { setHeader(HOST_HEADER, host); this.port = port; this.contextPath = contextPath; this.servletPath = servletPath; this.queryString = queryString; if (queryString != null) { decodeQueryString(queryString, parameters); } }
@Test public void testOAuth2Header() throws Exception { req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", " OAuth2 1234 "); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234 x=1,y=\"2 2 2\""); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("http://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testOAuth2Header() throws Exception { req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", " OAuth2 1234 "); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234 x=1,y=\"2 2 2\""); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("http://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testValidAccessTokenViaHeader() throws InvalidAuthenticationException { replay(); FakeHttpServletRequest req = new FakeHttpServletRequest( "http://localhost:8080/oauth2", "/some_protected_uri", ""); req.setHeader("Authorization", "Bearer " + ACCESS_TOKEN); handler.getSecurityTokenFromRequest(req); // Should not throw exception }
@Test public void testOAuth1() throws Exception { // An OAuth 1.0 request, we should not process this. req = new FakeHttpServletRequest() .setHeader("Authorization", "OAuth oauth_signature_method=\"RSA-SHA1\""); SecurityToken token = authHandler.getSecurityTokenFromRequest(req); Assert.assertNull(token); }
@Test public void testValidAccessTokenViaHeader() throws InvalidAuthenticationException { replay(); FakeHttpServletRequest req = new FakeHttpServletRequest( "http://localhost:8080/oauth2", "/some_protected_uri", ""); req.setHeader("Authorization", "Bearer " + ACCESS_TOKEN); handler.getSecurityTokenFromRequest(req); // Should not throw exception }
@Test public void testOAuth2Header() throws Exception { req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", " OAuth2 1234 "); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("https://www.example.org/") .setHeader("Authorization", "OAuth2 1234 x=1,y=\"2 2 2\""); Assert.assertEquals(expectedToken, authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest("http://www.example.org/") .setHeader("Authorization", "OAuth2 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testOAuth1() throws Exception { // An OAuth 1.0 request, we should not process this. req = new FakeHttpServletRequest() .setHeader("Authorization", "OAuth oauth_signature_method=\"RSA-SHA1\""); SecurityToken token = authHandler.getSecurityTokenFromRequest(req); Assert.assertNull(token); }
@Test public void testOAuth1() throws Exception { // An OAuth 1.0 request, we should not process this. req = new FakeHttpServletRequest() .setHeader("Authorization", "OAuth oauth_signature_method=\"RSA-SHA1\""); SecurityToken token = authHandler.getSecurityTokenFromRequest(req); Assert.assertNull(token); }
@Test public void testInvalidRequests() throws Exception { // Empty request req = new FakeHttpServletRequest(); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); // Old behavior, no longer supported req = new FakeHttpServletRequest().setHeader("Authorization", "Token token=\"1234\""); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testInvalidRequests() throws Exception { // Empty request req = new FakeHttpServletRequest(); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); // Old behavior, no longer supported req = new FakeHttpServletRequest().setHeader("Authorization", "Token token=\"1234\""); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testInvalidRequests() throws Exception { // Empty request req = new FakeHttpServletRequest(); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); // Old behavior, no longer supported req = new FakeHttpServletRequest().setHeader("Authorization", "Token token=\"1234\""); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth 1234"); Assert.assertNull(authHandler.getSecurityTokenFromRequest(req)); }
@Test public void testInvalidAccessTokenViaHeader() { replay(); FakeHttpServletRequest req = new FakeHttpServletRequest( "http://localhost:8080/oauth2", "/some_protected_uri", ""); req.setHeader("Authorization", "Bearer BADVALUEK"); try { handler.getSecurityTokenFromRequest(req); } catch (InvalidAuthenticationException ex) { return; } fail("Handler allowed invalid token without throwing exception"); // Should not throw exception }
@Test public void testInvalidAccessTokenViaHeader() { replay(); FakeHttpServletRequest req = new FakeHttpServletRequest( "http://localhost:8080/oauth2", "/some_protected_uri", ""); req.setHeader("Authorization", "Bearer BADVALUEK"); try { handler.getSecurityTokenFromRequest(req); } catch (InvalidAuthenticationException ex) { return; } fail("Handler allowed invalid token without throwing exception"); // Should not throw exception }