org.apache.hadoop.security.authentication.util.SignerSecretProvider Java Examples

@Override
public void initializeSecretProvider(FilterConfig filterConfig) throws ServletException {
    LOG.info("==> AtlasAuthenticationFilter.initializeSecretProvider");

    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);

    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);

        configPrefix = (configPrefix != null) ? configPrefix + "." : "";

        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(filterConfig.getServletContext(), super.getConfiguration(configPrefix, filterConfig), false);

            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }

    signer = new Signer(secretProvider);

    LOG.info("<== AtlasAuthenticationFilter.initializeSecretProvider(filterConfig={})", filterConfig);
}
 

@Override
public void initializeSecretProvider(FilterConfig filterConfig)
        throws ServletException {
    LOG.debug("AtlasAuthenticationFilter :: initializeSecretProvider {}", filterConfig);
    secretProvider = (SignerSecretProvider) filterConfig.getServletContext().
            getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE);
    if (secretProvider == null) {
        // As tomcat cannot specify the provider object in the configuration.
        // It'll go into this path
        String configPrefix = filterConfig.getInitParameter(CONFIG_PREFIX);
        configPrefix = (configPrefix != null) ? configPrefix + "." : "";
        try {
            secretProvider = AuthenticationFilter.constructSecretProvider(
                    filterConfig.getServletContext(),
                    super.getConfiguration(configPrefix, filterConfig), false);
            this.isInitializedByTomcat = true;
        } catch (Exception ex) {
            throw new ServletException(ex);
        }
    }
    signer = new Signer(secretProvider);
}
 

private static SignerSecretProvider getMockedServletContextWithStringSigner(
    FilterConfig config) throws Exception {
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET,
                                  "secret");
  SignerSecretProvider secretProvider =
      StringSignerSecretProviderCreator.newStringSignerSecretProvider();
  secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);

  ServletContext context = Mockito.mock(ServletContext.class);
  Mockito.when(context.getAttribute(
          AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE))
          .thenReturn(secretProvider);
  Mockito.when(config.getServletContext()).thenReturn(context);
  return secretProvider;
}
 

private static SignerSecretProvider getMockedServletContextWithStringSigner(
    FilterConfig config) throws Exception {
  Properties secretProviderProps = new Properties();
  secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET,
                                  "secret");
  SignerSecretProvider secretProvider =
      StringSignerSecretProviderCreator.newStringSignerSecretProvider();
  secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);

  ServletContext context = Mockito.mock(ServletContext.class);
  Mockito.when(context.getAttribute(
          AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE))
          .thenReturn(secretProvider);
  Mockito.when(config.getServletContext()).thenReturn(context);
  return secretProvider;
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final ConfigurationSource conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
                                                            ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
      b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

@Test
public void testGetToken() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();

  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    SignerSecretProvider secretProvider =
        getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);

    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    AuthenticationToken newToken = filter.getToken(request);

    Assert.assertEquals(token.toString(), newToken.toString());
  } finally {
    filter.destroy();
  }
}
 

private static SignerSecretProvider constructSecretProvider(final Builder b,
    ServletContext ctx)
    throws Exception {
  final Configuration conf = b.conf;
  Properties config = getFilterProperties(conf,
                                          b.authFilterConfigurationPrefix);
  return AuthenticationFilter.constructSecretProvider(
      ctx, config, b.disallowFallbackToRandomSignerSecretProvider);
}
 

@Test
public void testManagementOperation() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("false");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).
      thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).
      thenReturn(new StringBuffer("http://foo:8080/bar"));

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    FilterChain chain = Mockito.mock(FilterChain.class);

    filter.doFilter(request, response, chain);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

    Mockito.reset(request);
    Mockito.reset(response);

    AuthenticationToken token = new AuthenticationToken("u", "p", "t");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());
    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    filter.doFilter(request, response, chain);

    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

  } finally {
    filter.destroy();
  }
}
 

@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testGetTokenExpired() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token =
        new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not expired", failed);
    }
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testGetTokenInvalidType() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not invalid type", failed);
    }
  } finally {
    filter.destroy();
  }
}
 

private void _testDoFilterAuthentication(boolean withDomainPath,
                                         boolean invalidToken,
                                         boolean expired) throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  FilterConfig config = Mockito.mock(FilterConfig.class);
  Mockito.when(config.getInitParameter("management.operation.return")).
          thenReturn("true");
  Mockito.when(config.getInitParameter("expired.token")).
          thenReturn(Boolean.toString(expired));
  Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE))
          .thenReturn(DummyAuthenticationHandler.class.getName());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .SIGNATURE_SECRET)).thenReturn("secret");
  Mockito.when(config.getInitParameterNames()).thenReturn(new
          Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
          AuthenticationFilter.AUTH_TOKEN_VALIDITY,
          AuthenticationFilter.SIGNATURE_SECRET, "management.operation" +
          ".return", "expired.token")).elements());
  getMockedServletContextWithStringSigner(config);

  if (withDomainPath) {
    Mockito.when(config.getInitParameter(AuthenticationFilter
            .COOKIE_DOMAIN)).thenReturn(".foo.com");
    Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH))
            .thenReturn("/bar");
    Mockito.when(config.getInitParameterNames()).thenReturn(new
            Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
            AuthenticationFilter.AUTH_TOKEN_VALIDITY,
            AuthenticationFilter.SIGNATURE_SECRET,
            AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter
            .COOKIE_PATH, "management.operation.return")).elements());
  }

  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  Mockito.when(request.getParameter("authenticated")).thenReturn("true");
  Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer
          ("http://foo:8080/bar"));
  Mockito.when(request.getQueryString()).thenReturn("authenticated=true");

  if (invalidToken) {
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{new Cookie
            (AuthenticatedURL.AUTH_COOKIE, "foo")});
  }

  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  FilterChain chain = Mockito.mock(FilterChain.class);

  final HashMap<String, String> cookieMap = new HashMap<String, String>();
  Mockito.doAnswer(new Answer<Object>() {
    @Override
    public Object answer(InvocationOnMock invocation) throws Throwable {
      String cookieHeader = (String)invocation.getArguments()[1];
      parseCookieMap(cookieHeader, cookieMap);
      return null;
    }
  }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());

  try {
    filter.init(config);
    filter.doFilter(request, response, chain);

    if (expired) {
      Mockito.verify(response, Mockito.never()).
        addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    } else {
      String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
      Assert.assertNotNull("cookie missing", v);
      Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains
              ("t=") && v.contains("e=") && v.contains("s="));
      Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class),
              Mockito.any(ServletResponse.class));

      SignerSecretProvider secretProvider =
          StringSignerSecretProviderCreator.newStringSignerSecretProvider();
      Properties secretProviderProps = new Properties();
      secretProviderProps.setProperty(
              AuthenticationFilter.SIGNATURE_SECRET, "secret");
      secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
      Signer signer = new Signer(secretProvider);
      String value = signer.verifyAndExtract(v);
      AuthenticationToken token = AuthenticationToken.parse(value);
      assertThat(token.getExpires(), not(0L));

      if (withDomainPath) {
        Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
        Assert.assertEquals("/bar", cookieMap.get("Path"));
      } else {
        Assert.assertFalse(cookieMap.containsKey("Domain"));
        Assert.assertFalse(cookieMap.containsKey("Path"));
      }
    }
  } finally {
    filter.destroy();
  }
}
 

private void _testDoFilterAuthentication(boolean withDomainPath,
                                         boolean invalidToken,
                                         boolean expired) throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  FilterConfig config = Mockito.mock(FilterConfig.class);
  Mockito.when(config.getInitParameter("management.operation.return")).
          thenReturn("true");
  Mockito.when(config.getInitParameter("expired.token")).
          thenReturn(Boolean.toString(expired));
  Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE))
          .thenReturn(DummyAuthenticationHandler.class.getName());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
  Mockito.when(config.getInitParameter(AuthenticationFilter
          .SIGNATURE_SECRET)).thenReturn("secret");
  Mockito.when(config.getInitParameterNames()).thenReturn(new
          Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
          AuthenticationFilter.AUTH_TOKEN_VALIDITY,
          AuthenticationFilter.SIGNATURE_SECRET, "management.operation" +
          ".return", "expired.token")).elements());
  getMockedServletContextWithStringSigner(config);

  if (withDomainPath) {
    Mockito.when(config.getInitParameter(AuthenticationFilter
            .COOKIE_DOMAIN)).thenReturn(".foo.com");
    Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH))
            .thenReturn("/bar");
    Mockito.when(config.getInitParameterNames()).thenReturn(new
            Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE,
            AuthenticationFilter.AUTH_TOKEN_VALIDITY,
            AuthenticationFilter.SIGNATURE_SECRET,
            AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter
            .COOKIE_PATH, "management.operation.return")).elements());
  }

  HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
  Mockito.when(request.getParameter("authenticated")).thenReturn("true");
  Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer
          ("http://foo:8080/bar"));
  Mockito.when(request.getQueryString()).thenReturn("authenticated=true");

  if (invalidToken) {
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{new Cookie
            (AuthenticatedURL.AUTH_COOKIE, "foo")});
  }

  HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
  FilterChain chain = Mockito.mock(FilterChain.class);

  final HashMap<String, String> cookieMap = new HashMap<String, String>();
  Mockito.doAnswer(new Answer<Object>() {
    @Override
    public Object answer(InvocationOnMock invocation) throws Throwable {
      String cookieHeader = (String)invocation.getArguments()[1];
      parseCookieMap(cookieHeader, cookieMap);
      return null;
    }
  }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());

  try {
    filter.init(config);
    filter.doFilter(request, response, chain);

    if (expired) {
      Mockito.verify(response, Mockito.never()).
        addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    } else {
      String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
      Assert.assertNotNull("cookie missing", v);
      Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains
              ("t=") && v.contains("e=") && v.contains("s="));
      Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class),
              Mockito.any(ServletResponse.class));

      SignerSecretProvider secretProvider =
          StringSignerSecretProviderCreator.newStringSignerSecretProvider();
      Properties secretProviderProps = new Properties();
      secretProviderProps.setProperty(
              AuthenticationFilter.SIGNATURE_SECRET, "secret");
      secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
      Signer signer = new Signer(secretProvider);
      String value = signer.verifyAndExtract(v);
      AuthenticationToken token = AuthenticationToken.parse(value);
      assertThat(token.getExpires(), not(0L));

      if (withDomainPath) {
        Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
        Assert.assertEquals("/bar", cookieMap.get("Path"));
      } else {
        Assert.assertFalse(cookieMap.containsKey("Domain"));
        Assert.assertFalse(cookieMap.containsKey("Path"));
      }
    }
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testDoFilterAuthenticatedExpired() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
  String secret = "secret";
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
      secret);
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, secret);
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Mockito.when(response.containsHeader("WWW-Authenticate")).thenReturn(true);
    FilterChain chain = Mockito.mock(FilterChain.class);

    verifyUnauthorized(filter, request, response, chain);
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testManagementOperation() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("false");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).
      thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getRequestURL()).
      thenReturn(new StringBuffer("http://foo:8080/bar"));

    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);

    FilterChain chain = Mockito.mock(FilterChain.class);

    filter.doFilter(request, response, chain);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

    Mockito.reset(request);
    Mockito.reset(response);

    AuthenticationToken token = new AuthenticationToken("u", "p", "t");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());
    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    filter.doFilter(request, response, chain);

    Mockito.verify(response).setStatus(HttpServletResponse.SC_ACCEPTED);
    Mockito.verifyNoMoreInteractions(response);

  } finally {
    filter.destroy();
  }
}
 

@Test
public void testGetTokenInvalidType() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).
      thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype");
    token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not invalid type", failed);
    }
  } finally {
    filter.destroy();
  }
}
 

@Test
public void testGetTokenExpired() throws Exception {
  AuthenticationFilter filter = new AuthenticationFilter();
  try {
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
      DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(
      new Vector<String>(
        Arrays.asList(AuthenticationFilter.AUTH_TYPE,
                      AuthenticationFilter.SIGNATURE_SECRET,
                      "management.operation.return")).elements());
    getMockedServletContextWithStringSigner(config);
    filter.init(config);

    AuthenticationToken token =
        new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
    token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
    SignerSecretProvider secretProvider =
        StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(
            AuthenticationFilter.SIGNATURE_SECRET, "secret");
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    Signer signer = new Signer(secretProvider);
    String tokenSigned = signer.sign(token.toString());

    Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});

    boolean failed = false;
    try {
      filter.getToken(request);
    } catch (AuthenticationException ex) {
      Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
      failed = true;
    } finally {
      Assert.assertTrue("token not expired", failed);
    }
  } finally {
    filter.destroy();
  }
}