Consolidated akka-security, akka-rest, akka-comet and akka-servlet into akka-http

2010-04-29 11:03:25 +02:00 · 2010-04-29 11:03:25 +02:00 · d09427cfb2
commit d09427cfb2
parent d889b66f00
15 changed files with 14 additions and 31 deletions
--- a/akka-http/src/test/scala/SecuritySpec.scala
+++ b/akka-http/src/test/scala/SecuritySpec.scala
@ -0,0 +1,74 @@
+/**
+ * Copyright (C) 2009-2010 Scalable Solutions AB <http://scalablesolutions.se>
+ */
+
+package se.scalablesolutions.akka.security
+
+import se.scalablesolutions.akka.config.ScalaConfig._
+
+import org.scalatest.Suite
+import org.scalatest.junit.JUnitSuite
+import org.scalatest.matchers.MustMatchers
+import org.scalatest.mock.MockitoSugar
+import org.mockito.Mockito._
+import org.mockito.Matchers._
+import org.junit.{Before, After, Test}
+
+import javax.ws.rs.core.{SecurityContext, Context, Response}
+import com.sun.jersey.spi.container.{ResourceFilterFactory, ContainerRequest, ContainerRequestFilter, ContainerResponse, ContainerResponseFilter, ResourceFilter}
+import com.sun.jersey.core.util.Base64
+
+class BasicAuthenticatorSpec extends junit.framework.TestCase
+    with Suite with MockitoSugar with MustMatchers {
+  val authenticator = new BasicAuthenticator
+  authenticator.start
+
+  @Test def testChallenge = {
+    val req = mock[ContainerRequest]
+
+    val result: Response = (authenticator !! (Authenticate(req, List("foo")), 10000)).get
+
+    // the actor replies with a challenge for the browser
+    result.getStatus must equal(Response.Status.UNAUTHORIZED.getStatusCode)
+    result.getMetadata.get("WWW-Authenticate").get(0).toString must startWith("Basic")
+  }
+
+  @Test def testAuthenticationSuccess = {
+    val req = mock[ContainerRequest]
+    // fake a basic auth header -> this will authenticate the user
+    when(req.getHeaderValue("Authorization")).thenReturn("Basic " + new String(Base64.encode("foo:bar")))
+
+    // fake a request authorization -> this will authorize the user
+    when(req.isUserInRole("chef")).thenReturn(true)
+
+    val result: AnyRef = (authenticator !! (Authenticate(req, List("chef")), 10000)).get
+
+    result must be(OK)
+    // the authenticator must have set a security context 
+    verify(req).setSecurityContext(any[SecurityContext])
+  }
+
+  @Test def testUnauthorized = {
+    val req = mock[ContainerRequest]
+    
+    // fake a basic auth header -> this will authenticate the user
+    when(req.getHeaderValue("Authorization")).thenReturn("Basic " + new String(Base64.encode("foo:bar")))
+    when(req.isUserInRole("chef")).thenReturn(false) // this will deny access
+
+    val result: Response = (authenticator !! (Authenticate(req, List("chef")), 10000)).get
+
+    result.getStatus must equal(Response.Status.FORBIDDEN.getStatusCode)
+
+    // the authenticator must have set a security context
+    verify(req).setSecurityContext(any[SecurityContext])
+  }
+
+  class BasicAuthenticator extends BasicAuthenticationActor {
+    def verify(odc: Option[BasicCredentials]): Option[UserInfo] = odc match {
+      case Some(dc) => Some(UserInfo("foo", "bar", "ninja" :: "chef" :: Nil))
+      case _ => None
+    }
+    override def realm = "test"
+  }
+}
+