Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 591AB972E for ; Sun, 3 Jun 2012 16:47:49 +0000 (UTC) Received: (qmail 77903 invoked by uid 500); 3 Jun 2012 16:47:48 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 77821 invoked by uid 500); 3 Jun 2012 16:47:48 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 77812 invoked by uid 99); 3 Jun 2012 16:47:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jun 2012 16:47:48 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jun 2012 16:47:38 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id E1A4A238890B for ; Sun, 3 Jun 2012 16:47:16 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1345708 - in /tomcat/tc7.0.x/trunk: ./ test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java webapps/docs/changelog.xml Date: Sun, 03 Jun 2012 16:47:16 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120603164716.E1A4A238890B@eris.apache.org> Author: markt Date: Sun Jun 3 16:47:16 2012 New Revision: 1345708 URL: http://svn.apache.org/viewvc?rev=1345708&view=rev Log: Extend test cases for BASIC auth and RFC2617 compliance. Patch provided by Brian Burch. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1345704 Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java?rev=1345708&r1=1345707&r2=1345708&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java (original) +++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java Sun Jun 3 16:47:16 2012 @@ -93,7 +93,7 @@ public class TestNonLoginAndBasicAuthent @Test public void testAcceptPublicBasic() throws Exception { doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PUBLIC, - false, 200, false, 200); + false, false, 200, false, 200); } /* @@ -104,7 +104,19 @@ public class TestNonLoginAndBasicAuthent @Test public void testAcceptProtectedBasic() throws Exception { doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED, - true, 401, false, 200); + false, true, 401, false, 200); + } + + /* + * Try to access a protected resource in a webapp that + * has a BASIC login method defined. Verify the server is + * prepared to accept non-standard case for the auth scheme. + * The access should be challenged, authenticated and then permitted. + */ + @Test + public void testAuthMethodCaseBasic() throws Exception { + doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED, + true, true, 401, false, 200); } /* @@ -117,11 +129,11 @@ public class TestNonLoginAndBasicAuthent @Test public void testBasicLoginSessionTimeout() throws Exception { doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED, - true, 401, false, 200); + false, true, 401, false, 200); // wait long enough for the session above to expire Thread.sleep(LONG_TIMEOUT_DELAY_MSECS); doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED, - true, 401, false, 200); + false, true, 401, false, 200); } /* @@ -134,7 +146,7 @@ public class TestNonLoginAndBasicAuthent @Test public void testBasicLoginRejectProtected() throws Exception { doTestBasic(USER, PWD, CONTEXT_PATH_LOGIN + URI_PROTECTED, - true, 401, false, 200); + false, true, 401, false, 200); doTestNonLogin(CONTEXT_PATH_NOLOGIN + URI_PROTECTED, true, 403); } @@ -163,6 +175,7 @@ public class TestNonLoginAndBasicAuthent } private void doTestBasic(String user, String pwd, String uri, + boolean verifyAuthSchemeCase, boolean expectedReject1, int expectedRC1, boolean expectedReject2, int expectedRC2) throws Exception { @@ -190,7 +203,8 @@ public class TestNonLoginAndBasicAuthent String credentials = user + ":" + pwd; byte[] credentialsBytes = ByteChunk.convertToBytes(credentials); String base64auth = Base64.encode(credentialsBytes); - String authLine = "Basic " + base64auth; + String authScheme = verifyAuthSchemeCase ? "bAsIc " : "Basic "; + String authLine = authScheme + base64auth; List auth = new ArrayList(); auth.add(authLine); Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1345708&r1=1345707&r2=1345708&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jun 3 16:47:16 2012 @@ -60,6 +60,10 @@ 52055: An additional fix to ensure that the ChunkedInputFilter is correctly recycled. (markt) + + 53008: Additional test cases for BASIC authentication and + RFC2617 compliance. Patch provided by Brian Burch. (markt) + 53021: Correct WebSocket protocol version detection. (pero) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org