1 package org.apache.maven.archiva.webdav;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.io.File;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.util.List;
26
27 import javax.servlet.http.HttpServletResponse;
28
29 import net.sf.ehcache.CacheManager;
30
31 import org.apache.commons.io.FileUtils;
32 import org.apache.jackrabbit.webdav.DavSessionProvider;
33 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
34 import org.apache.maven.archiva.configuration.Configuration;
35 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
36 import org.apache.maven.archiva.database.ArchivaAuditLogsDao;
37 import org.apache.maven.archiva.database.constraints.MostRecentArchivaAuditLogsConstraint;
38 import org.apache.maven.archiva.model.ArchivaAuditLogs;
39 import org.apache.maven.archiva.repository.audit.AuditLog;
40 import org.apache.maven.archiva.security.ArchivaRoleConstants;
41 import org.apache.maven.archiva.security.ServletAuthenticator;
42 import org.codehaus.plexus.redback.authentication.AuthenticationException;
43 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
44 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
45 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
46 import org.codehaus.plexus.redback.system.SecuritySession;
47 import org.codehaus.plexus.redback.users.User;
48 import org.codehaus.plexus.redback.users.memory.SimpleUser;
49 import org.codehaus.plexus.spring.PlexusInSpringTestCase;
50 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
51 import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
52 import org.easymock.MockControl;
53 import org.easymock.classextension.MockClassControl;
54
55 import com.meterware.httpunit.GetMethodWebRequest;
56 import com.meterware.httpunit.HttpUnitOptions;
57 import com.meterware.httpunit.PutMethodWebRequest;
58 import com.meterware.httpunit.WebRequest;
59 import com.meterware.httpunit.WebResponse;
60 import com.meterware.servletunit.InvocationContext;
61 import com.meterware.servletunit.ServletRunner;
62 import com.meterware.servletunit.ServletUnitClient;
63
64
65
66
67
68
69
70 public class RepositoryServletSecurityTest
71 extends PlexusInSpringTestCase
72 {
73 protected static final String REPOID_INTERNAL = "internal";
74
75 protected ServletUnitClient sc;
76
77 protected File repoRootInternal;
78
79 private ServletRunner sr;
80
81 protected ArchivaConfiguration archivaConfiguration;
82
83 private DavSessionProvider davSessionProvider;
84
85 private MockControl servletAuthControl;
86
87 private ServletAuthenticator servletAuth;
88
89 private MockClassControl httpAuthControl;
90
91 private HttpAuthenticator httpAuth;
92
93 private RepositoryServlet servlet;
94
95 public void setUp()
96 throws Exception
97 {
98 super.setUp();
99
100 String appserverBase = getTestFile( "target/appserver-base" ).getAbsolutePath();
101 System.setProperty( "appserver.base", appserverBase );
102
103 File testConf = getTestFile( "src/test/resources/repository-archiva.xml" );
104 File testConfDest = new File( appserverBase, "conf/archiva.xml" );
105 FileUtils.copyFile( testConf, testConfDest );
106
107 archivaConfiguration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class );
108 repoRootInternal = new File( appserverBase, "data/repositories/internal" );
109 Configuration config = archivaConfiguration.getConfiguration();
110
111 config.addManagedRepository( createManagedRepository( REPOID_INTERNAL, "Internal Test Repo", repoRootInternal ) );
112 saveConfiguration( archivaConfiguration );
113
114 CacheManager.getInstance().removeCache( "url-failures-cache" );
115
116 HttpUnitOptions.setExceptionsThrownOnErrorStatus( false );
117
118 sr = new ServletRunner( getTestFile( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
119 sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
120 sc = sr.newClient();
121
122 servletAuthControl = MockControl.createControl( ServletAuthenticator.class );
123 servletAuthControl.setDefaultMatcher( MockControl.ALWAYS_MATCHER );
124 servletAuth = (ServletAuthenticator) servletAuthControl.getMock();
125
126 httpAuthControl =
127 MockClassControl.createControl( HttpBasicAuthentication.class, HttpBasicAuthentication.class.getMethods() );
128 httpAuthControl.setDefaultMatcher( MockControl.ALWAYS_MATCHER );
129 httpAuth = (HttpAuthenticator) httpAuthControl.getMock();
130
131 davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
132 }
133
134 protected ManagedRepositoryConfiguration createManagedRepository( String id, String name, File location )
135 {
136 ManagedRepositoryConfiguration repo = new ManagedRepositoryConfiguration();
137 repo.setId( id );
138 repo.setName( name );
139 repo.setLocation( location.getAbsolutePath() );
140 return repo;
141 }
142
143 protected void saveConfiguration()
144 throws Exception
145 {
146 saveConfiguration( archivaConfiguration );
147 }
148
149 protected void saveConfiguration( ArchivaConfiguration archivaConfiguration )
150 throws Exception
151 {
152 archivaConfiguration.save( archivaConfiguration.getConfiguration() );
153 }
154
155 protected void setupCleanRepo( File repoRootDir )
156 throws IOException
157 {
158 FileUtils.deleteDirectory( repoRootDir );
159 if ( !repoRootDir.exists() )
160 {
161 repoRootDir.mkdirs();
162 }
163 }
164
165 @Override
166 protected String getPlexusConfigLocation()
167 {
168 return "org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml";
169 }
170
171 @Override
172 protected void tearDown()
173 throws Exception
174 {
175 if ( sc != null )
176 {
177 sc.clearContents();
178 }
179
180 if ( sr != null )
181 {
182 sr.shutDown();
183 }
184
185 if ( repoRootInternal.exists() )
186 {
187 FileUtils.deleteDirectory( repoRootInternal );
188 }
189
190 servlet = null;
191
192 super.tearDown();
193 }
194
195
196
197 public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
198 throws Exception
199 {
200 setupCleanRepo( repoRootInternal );
201
202 String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
203 InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
204 assertNotNull( "artifact.jar inputstream", is );
205
206 WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
207 InvocationContext ic = sc.newInvocation( request );
208 servlet = (RepositoryServlet) ic.getServlet();
209 servlet.setDavSessionProvider( davSessionProvider );
210
211 AuthenticationResult result = new AuthenticationResult();
212 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
213 servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
214 new AuthenticationException( "Authentication error" ) );
215
216 servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
217 servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
218 servletAuthControl.setThrowable( new UnauthorizedException( "'guest' has no write access to repository" ) );
219
220 httpAuthControl.replay();
221 servletAuthControl.replay();
222
223 servlet.service( ic.getRequest(), ic.getResponse() );
224
225 httpAuthControl.verify();
226 servletAuthControl.verify();
227
228
229 }
230
231
232 public void testPutWithInvalidUserAndGuestHasWriteAccess()
233 throws Exception
234 {
235 setupCleanRepo( repoRootInternal );
236
237 String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
238 InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
239 assertNotNull( "artifact.jar inputstream", is );
240
241 WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
242
243 InvocationContext ic = sc.newInvocation( request );
244 servlet = (RepositoryServlet) ic.getServlet();
245 servlet.setDavSessionProvider( davSessionProvider );
246
247 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
248 archivaDavResourceFactory.setHttpAuth( httpAuth );
249 archivaDavResourceFactory.setServletAuth( servletAuth );
250
251 servlet.setResourceFactory( archivaDavResourceFactory );
252
253 AuthenticationResult result = new AuthenticationResult();
254 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
255 servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
256 new AuthenticationException( "Authentication error" ) );
257
258 servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
259 servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
260 servletAuthControl.setReturnValue( true );
261
262
263 SecuritySession session = new DefaultSecuritySession();
264 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
265 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
266 servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, result ),
267 new AuthenticationException( "Authentication error" ) );
268
269 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
270
271
272 servletAuth.isAuthorized( "guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
273 servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
274 servletAuthControl.setReturnValue( true );
275
276 httpAuthControl.replay();
277 servletAuthControl.replay();
278
279 servlet.service( ic.getRequest(), ic.getResponse() );
280
281 httpAuthControl.verify();
282 servletAuthControl.verify();
283
284
285 }
286
287
288 public void testPutWithValidUserWithNoWriteAccess()
289 throws Exception
290 {
291 setupCleanRepo( repoRootInternal );
292
293 String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
294 InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
295 assertNotNull( "artifact.jar inputstream", is );
296
297 WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
298
299 InvocationContext ic = sc.newInvocation( request );
300 servlet = (RepositoryServlet) ic.getServlet();
301 servlet.setDavSessionProvider( davSessionProvider );
302
303 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
304 archivaDavResourceFactory.setHttpAuth( httpAuth );
305 archivaDavResourceFactory.setServletAuth( servletAuth );
306 servlet.setResourceFactory( archivaDavResourceFactory );
307
308 AuthenticationResult result = new AuthenticationResult();
309 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
310 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
311
312
313 SecuritySession session = new DefaultSecuritySession();
314 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
315 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
316 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
317 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
318 servletAuthControl.expectAndThrow(
319 servletAuth.isAuthorized( null, session, "internal",
320 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ),
321 new UnauthorizedException( "User not authorized" ) );
322
323 httpAuthControl.replay();
324 servletAuthControl.replay();
325
326 servlet.service( ic.getRequest(), ic.getResponse() );
327
328 httpAuthControl.verify();
329 servletAuthControl.verify();
330
331
332 }
333
334
335 public void testPutWithValidUserWithWriteAccess()
336 throws Exception
337 {
338 setupCleanRepo( repoRootInternal );
339 assertTrue( repoRootInternal.exists() );
340
341 String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
342 InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
343 assertNotNull( "artifact.jar inputstream", is );
344
345 WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
346
347 InvocationContext ic = sc.newInvocation( request );
348 servlet = (RepositoryServlet) ic.getServlet();
349 servlet.setDavSessionProvider( davSessionProvider );
350
351 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
352 archivaDavResourceFactory.setHttpAuth( httpAuth );
353 archivaDavResourceFactory.setServletAuth( servletAuth );
354
355 servlet.setResourceFactory( archivaDavResourceFactory );
356
357 AuthenticationResult result = new AuthenticationResult();
358 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
359 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
360
361 User user = new SimpleUser();
362 user.setUsername( "admin" );
363
364
365 SecuritySession session = new DefaultSecuritySession();
366 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
367 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
368 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), user );
369 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
370 servletAuthControl.expectAndReturn(
371 servletAuth.isAuthorized( null, session, "internal",
372 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ),
373 true );
374
375 httpAuthControl.replay();
376 servletAuthControl.replay();
377
378 servlet.service( ic.getRequest(), ic.getResponse() );
379
380 httpAuthControl.verify();
381 servletAuthControl.verify();
382
383
384
385 ArchivaAuditLogsDao auditLogsDao = archivaDavResourceFactory.getAuditLogsDao();
386 List<ArchivaAuditLogs> auditLogs = auditLogsDao.queryAuditLogs( new MostRecentArchivaAuditLogsConstraint() );
387 assertEquals( "admin", auditLogs.get( 0 ).getUsername() );
388 }
389
390
391 public void testGetWithInvalidUserAndGuestHasReadAccess()
392 throws Exception
393 {
394 String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
395 String expectedArtifactContents = "dummy-commons-lang-artifact";
396
397 File artifactFile = new File( repoRootInternal, commonsLangJar );
398 artifactFile.getParentFile().mkdirs();
399
400 FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
401
402 WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
403 InvocationContext ic = sc.newInvocation( request );
404 servlet = (RepositoryServlet) ic.getServlet();
405 servlet.setDavSessionProvider( davSessionProvider );
406
407 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
408 archivaDavResourceFactory.setHttpAuth( httpAuth );
409 archivaDavResourceFactory.setServletAuth( servletAuth );
410
411 servlet.setResourceFactory( archivaDavResourceFactory );
412
413 AuthenticationResult result = new AuthenticationResult();
414 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
415 servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
416 new AuthenticationException( "Authentication error" ) );
417 servletAuthControl.expectAndReturn(
418 servletAuth.isAuthorized( "guest", "internal",
419 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ),
420 true );
421
422
423 SecuritySession session = new DefaultSecuritySession();
424 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
425 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
426 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
427 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
428 servletAuthControl.expectAndReturn(
429 servletAuth.isAuthorized( null, session, "internal",
430 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ),
431 true );
432
433 httpAuthControl.replay();
434 servletAuthControl.replay();
435
436 WebResponse response = sc.getResponse( request );
437
438 httpAuthControl.verify();
439 servletAuthControl.verify();
440
441 assertEquals( HttpServletResponse.SC_OK, response.getResponseCode() );
442 assertEquals( "Expected file contents", expectedArtifactContents, response.getText() );
443 }
444
445
446 public void testGetWithInvalidUserAndGuestHasNoReadAccess()
447 throws Exception
448 {
449 String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
450 String expectedArtifactContents = "dummy-commons-lang-artifact";
451
452 File artifactFile = new File( repoRootInternal, commonsLangJar );
453 artifactFile.getParentFile().mkdirs();
454
455 FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
456
457 WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
458 InvocationContext ic = sc.newInvocation( request );
459 servlet = (RepositoryServlet) ic.getServlet();
460 servlet.setDavSessionProvider( davSessionProvider );
461
462 AuthenticationResult result = new AuthenticationResult();
463 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
464 servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
465 new AuthenticationException( "Authentication error" ) );
466 servletAuthControl.expectAndReturn(
467 servletAuth.isAuthorized( "guest", "internal",
468 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ),
469 false );
470
471 httpAuthControl.replay();
472 servletAuthControl.replay();
473
474 WebResponse response = sc.getResponse( request );
475
476 httpAuthControl.verify();
477 servletAuthControl.verify();
478
479 assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
480 }
481
482
483 public void testGetWithAValidUserWithReadAccess()
484 throws Exception
485 {
486 String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
487 String expectedArtifactContents = "dummy-commons-lang-artifact";
488
489 File artifactFile = new File( repoRootInternal, commonsLangJar );
490 artifactFile.getParentFile().mkdirs();
491
492 FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
493
494 WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
495 InvocationContext ic = sc.newInvocation( request );
496 servlet = (RepositoryServlet) ic.getServlet();
497 servlet.setDavSessionProvider( davSessionProvider );
498
499 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
500 archivaDavResourceFactory.setHttpAuth( httpAuth );
501 archivaDavResourceFactory.setServletAuth( servletAuth );
502
503 servlet.setResourceFactory( archivaDavResourceFactory );
504
505 AuthenticationResult result = new AuthenticationResult();
506 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
507 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
508
509
510 SecuritySession session = new DefaultSecuritySession();
511 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
512 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
513 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
514 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
515 servletAuthControl.expectAndReturn(
516 servletAuth.isAuthorized( null, session, "internal",
517 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ),
518 true );
519
520 httpAuthControl.replay();
521 servletAuthControl.replay();
522
523 WebResponse response = sc.getResponse( request );
524
525 httpAuthControl.verify();
526 servletAuthControl.verify();
527
528 assertEquals( HttpServletResponse.SC_OK, response.getResponseCode() );
529 assertEquals( "Expected file contents", expectedArtifactContents, response.getText() );
530 }
531
532
533 public void testGetWithAValidUserWithNoReadAccess()
534 throws Exception
535 {
536 String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
537 String expectedArtifactContents = "dummy-commons-lang-artifact";
538
539 File artifactFile = new File( repoRootInternal, commonsLangJar );
540 artifactFile.getParentFile().mkdirs();
541
542 FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
543
544 WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
545 InvocationContext ic = sc.newInvocation( request );
546 servlet = (RepositoryServlet) ic.getServlet();
547 servlet.setDavSessionProvider( davSessionProvider );
548
549 ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
550 archivaDavResourceFactory.setHttpAuth( httpAuth );
551 archivaDavResourceFactory.setServletAuth( servletAuth );
552
553 servlet.setResourceFactory( archivaDavResourceFactory );
554
555 AuthenticationResult result = new AuthenticationResult();
556 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
557 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
558
559
560 SecuritySession session = new DefaultSecuritySession();
561 httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
562 httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
563 httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
564 servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
565 servletAuthControl.expectAndThrow(
566 servletAuth.isAuthorized( null, session, "internal",
567 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ),
568 new UnauthorizedException( "User not authorized to read repository." ) );
569
570 httpAuthControl.replay();
571 servletAuthControl.replay();
572
573 WebResponse response = sc.getResponse( request );
574
575 httpAuthControl.verify();
576 servletAuthControl.verify();
577
578 assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
579 }
580 }