cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1338879 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src: main/java/org/apache/cxf/rs/security/oauth2/utils/ test/java/org/apache/cxf/rs/security/oauth2/utils/
Date Tue, 15 May 2012 20:33:32 GMT
Author: sergeyb
Date: Tue May 15 20:33:32 2012
New Revision: 1338879

URL: http://svn.apache.org/viewvc?rev=1338879&view=rev
Log:
[CXF-4318] Reporting 401 only when no information about the challenges is available

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java?rev=1338879&r1=1338878&r2=1338879&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
Tue May 15 20:33:32 2012
@@ -24,7 +24,9 @@ import java.util.List;
 import java.util.Set;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
 
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -75,7 +77,11 @@ public final class AuthorizationUtils {
             }
             sb.append(challenge);
         }
-        Response r = Response.status(401).header("WWW-Authenticate", sb.toString()).build();
+        ResponseBuilder rb = Response.status(401);
+        if (sb.length() > 0) {
+            rb.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
+        }
+        Response r = rb.build();
         throw new WebApplicationException(r);
     }
 

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java?rev=1338879&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
Tue May 15 20:33:32 2012
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils;
+
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AuthorizationUtilsTest extends Assert {
+    
+    @Test
+    public void testThrowAuthorizationFailureSingleChallenge() {
+        try {
+            AuthorizationUtils.throwAuthorizationFailure(Collections.singleton("Basic"));
+            fail("WebApplicationException expected");
+        } catch (WebApplicationException ex) {
+            Response r = ex.getResponse();
+            assertEquals(401, r.getStatus());
+            Object value = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+            assertNotNull(value);
+            assertEquals("Basic", value.toString());
+        }
+    }
+    
+    @Test
+    public void testThrowAuthorizationFailureManyChallenges() {
+        Set<String> challenges = new LinkedHashSet<String>();
+        challenges.add("Basic");
+        challenges.add("Bearer");
+        try {
+            AuthorizationUtils.throwAuthorizationFailure(challenges);
+            fail("WebApplicationException expected");
+        } catch (WebApplicationException ex) {
+            Response r = ex.getResponse();
+            assertEquals(401, r.getStatus());
+            Object value = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+            assertNotNull(value);
+            assertEquals("Basic,Bearer", value.toString());
+        }
+    }
+
+    @Test
+    public void testThrowAuthorizationFailureNoChallenge() {
+        try {
+            AuthorizationUtils.throwAuthorizationFailure(Collections.<String>emptySet());
+            fail("WebApplicationException expected");
+        } catch (WebApplicationException ex) {
+            Response r = ex.getResponse();
+            assertEquals(401, r.getStatus());
+            Object value = r.getMetadata().getFirst(HttpHeaders.WWW_AUTHENTICATE);
+            assertNull(value);
+        }
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtilsTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message