svn commit: r1508127 - /tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java

Mon, 29 Jul 2013 09:32:35 -0700 

Author: markt
Date: Mon Jul 29 16:30:54 2013
New Revision: 1508127

URL: http://svn.apache.org/r1508127
Log:
Remove duplicate tests.
Add comment to explain where credential decoding is tested.
Patch provided by Brian Burch.

Modified:
    
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java

Modified: 
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java?rev=1508127&r1=1508126&r2=1508127&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 (original)
+++ 
tomcat/trunk/test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java
 Mon Jul 29 16:30:54 2013
@@ -49,6 +49,15 @@ import org.apache.tomcat.util.descriptor
  * both have quite simple behaviour. By testing them together, we
  * can make sure they operate independently and confirm that no
  * SSO logic has been accidentally triggered.
+ *
+ * <p>
+ * r1495169 refactored BasicAuthenticator by creating an inner class
+ * called BasicCredentials. All edge cases associated with strangely
+ * encoded Base64 credentials are tested thoroughly by TestBasicAuthParser.
+ * Therefore, TestNonLoginAndBasicAuthenticator only needs to examine
+ * a sufficient set of test cases to verify the interface between
+ * BasicAuthenticator and BasicCredentials, which it does by running
+ * each test under a separate tomcat instance.
  */
 public class TestNonLoginAndBasicAuthenticator extends TomcatBaseTest {
 
@@ -90,12 +99,6 @@ public class TestNonLoginAndBasicAuthent
                 new BasicCredentials(NICE_METHOD, USER, "wrong");
     private static final BasicCredentials BAD_METHOD =
                 new BasicCredentials("BadMethod", USER, PWD);
-    private static final BasicCredentials SPACED_BASE64 =
-                new BasicCredentials(NICE_METHOD + " ", USER, PWD);
-    private static final BasicCredentials SPACED_USERNAME =
-                new BasicCredentials(NICE_METHOD, " " + USER + " ", PWD);
-    private static final BasicCredentials SPACED_PASSWORD =
-                new BasicCredentials(NICE_METHOD, USER, " " + PWD + " ");
 
     private Tomcat tomcat;
     private Context basicContext;
@@ -195,52 +198,6 @@ public class TestNonLoginAndBasicAuthent
     }
 
     /*
-     * This is the same as testAcceptProtectedBasic (above), except
-     * using excess white space after the authentication method.
-     *
-     * The access will be challenged with 401 SC_UNAUTHORIZED, and then be
-     * permitted once authenticated.
-     *
-     * RFC2617 does not define the separation syntax between the auth-scheme 
and
-     * basic-credentials tokens. Tomcat tolerates any amount of white space
-     * (within the limits of HTTP header sizes) and returns SC_OK.
-     */
-    @Test
-    public void testAuthMethodExtraSpace() throws Exception {
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
-                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_BASE64,
-                NO_COOKIES, HttpServletResponse.SC_OK);
-
-    }
-
-    /*
-     * This is the same as testAcceptProtectedBasic (above), except
-     * using white space around the username credential. The request
-     * is accepted.
-     */
-    @Test
-    public void testUserExtraSpace() throws Exception {
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
-                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_USERNAME,
-                NO_COOKIES, HttpServletResponse.SC_OK);
-    }
-
-    /*
-     * This is the same as testAcceptProtectedBasic (above), except
-     * using white space around the password credential. The request
-     * is accepted.
-     */
-    @Test
-    public void testPasswordExtraSpace() throws Exception {
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, NO_CREDENTIALS,
-                NO_COOKIES, HttpServletResponse.SC_UNAUTHORIZED);
-        doTestBasic(CONTEXT_PATH_LOGIN + URI_PROTECTED, SPACED_PASSWORD,
-                NO_COOKIES, HttpServletResponse.SC_OK);
-    }
-
-    /*
      * The default behaviour of BASIC authentication does NOT create
      * a session on the server. Verify that the client is required to
      * send a valid authenticate header with every request to access



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to