Uploaded image for project: 'Arquillian'
  1. Arquillian
  2. ARQ-1474

When security auths are enabled, always receive a 401 unauthorized

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • None
    • Hide

      Created a simple security auth in my web.xml

          <security-constraint>
        <web-resource-collection>
            <web-resource-name>REST API</web-resource-name>
            <url-pattern>/rest/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>webservice</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>wsidp</realm-name>
    </login-config>
	<security-role>
		<role-name>webservice</role-name>
	</security-role>

      Develop a simple REST API that uses this:

      @Path("/echo")
public interface SimpleAPI {
    @GET
    @Produces("text/plain")
    public String echo(@HeaderParam("Authorization") final String auth);
}

      where the REST API is bound to /rest

      Add an Arquillian test:

          private <T> T getClientProxy(Class<T> className) {
        RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
        final String contextUrl = "http://localhost:8082/webservices/rest";
        //return JAXRSClientFactory.create(contextUrl,className);
        return (T) ProxyFactory.create(className, contextUrl);
    }

    @Deployment(name="ee-webservices.war")
    public static org.jboss.shrinkwrap.api.spec.WebArchive createDeployment() {
        return DeploymentUtils.createWebserviceForTest().addClass(WebServiceInfoAPI.class);
    }

    @Test
    @OperateOnDeployment("ee-webservices.war")
    public void createWebServiceUser() throws InterruptedException {
        String username = "bob";
        String password = "abc123";
        byte[] data = String.format("%s:%s",username,password).getBytes();
        BASE64Encoder encoder = new BASE64Encoder();
        String auth = "Basic "+ encoder.encode(data);
        System.out.println("basic auth "+auth);
        //Thread.sleep(4*60*1000);
        SimpleAPI api = this.getClientProxy(SimpleAPI.class);
        String result = api.echo(auth);
        Assert.assertEquals("Hello", result);
    }

      And receive back a 401 unauthorized. When I comment out the thread call, and invoke the REST API manually, I also see that the server is prompting for authentication but never accepting it. I can see in the logs that my login module is never called. I can confirm that when this same WAR file is deployed to the server directly, authentication works.

      I did see that the Servlet protocol does not support authentication. This shouldn't be an issue here, since my auth is only against /webservices/rest, and not against /webservices/ArquillianServletRunner.

      This is using Arquillian 1.0.4 Final on JBoss EAP 6.1, with upgraded picketlink 2.1.7.

      Show
      Created a simple security auth in my web.xml <security-constraint> <web-resource-collection> <web-resource-name>REST API</web-resource-name> <url-pattern>/rest/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>webservice</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>wsidp</realm-name> </login-config> <security-role> <role-name>webservice</role-name> </security-role> Develop a simple REST API that uses this: @Path("/echo") public interface SimpleAPI { @GET @Produces("text/plain") public String echo(@HeaderParam("Authorization") final String auth); } where the REST API is bound to /rest Add an Arquillian test: private <T> T getClientProxy(Class<T> className) { RegisterBuiltin.register(ResteasyProviderFactory.getInstance()); final String contextUrl = "http://localhost:8082/webservices/rest"; //return JAXRSClientFactory.create(contextUrl,className); return (T) ProxyFactory.create(className, contextUrl); } @Deployment(name="ee-webservices.war") public static org.jboss.shrinkwrap.api.spec.WebArchive createDeployment() { return DeploymentUtils.createWebserviceForTest().addClass(WebServiceInfoAPI.class); } @Test @OperateOnDeployment("ee-webservices.war") public void createWebServiceUser() throws InterruptedException { String username = "bob"; String password = "abc123"; byte[] data = String.format("%s:%s",username,password).getBytes(); BASE64Encoder encoder = new BASE64Encoder(); String auth = "Basic "+ encoder.encode(data); System.out.println("basic auth "+auth); //Thread.sleep(4*60*1000); SimpleAPI api = this.getClientProxy(SimpleAPI.class); String result = api.echo(auth); Assert.assertEquals("Hello", result); } And receive back a 401 unauthorized. When I comment out the thread call, and invoke the REST API manually, I also see that the server is prompting for authentication but never accepting it. I can see in the logs that my login module is never called. I can confirm that when this same WAR file is deployed to the server directly, authentication works. I did see that the Servlet protocol does not support authentication. This shouldn't be an issue here, since my auth is only against /webservices/rest, and not against /webservices/ArquillianServletRunner. This is using Arquillian 1.0.4 Final on JBoss EAP 6.1, with upgraded picketlink 2.1.7.

    Description

      Arquillian won't accept authentication headers, no matter how hard I try.

      Attachments

        Activity

          People

            Unassigned Unassigned
            meetoblivion_jira John Ament (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: