@Test
public void testNegotiate() throws IOException, ServletException {
String securityPackage = NEGOTIATE;
// client credentials handle
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
// role will contain both Everyone and SID
this.filter.setRoleFormat("both");
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
// filter chain
SimpleFilterChain filterChain = new SimpleFilterChain();
// negotiate
boolean authenticated = false;
SimpleHttpRequest request = new SimpleHttpRequest();
while (true) {
String clientToken = BaseEncoding.base64().encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
this.filter.doFilter(request, response, filterChain);
Subject subject = (Subject) request.getSession().getAttribute("javax.security.auth.subject");
authenticated = (subject != null && subject.getPrincipals().size() > 0);
if (authenticated) {
Assertions.assertThat(response.getHeaderNamesSize()).isGreaterThanOrEqualTo(0);
break;
}
assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
assertEquals("keep-alive", response.getHeader("Connection"));
assertEquals(2, response.getHeaderNamesSize());
assertEquals(401, response.getStatus());
String continueToken = response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken);
Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0);
SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, "localhost");
}
assertTrue(authenticated);
assertTrue(filterChain.getRequest() instanceof NegotiateRequestWrapper);
assertTrue(filterChain.getResponse() instanceof SimpleHttpResponse);
NegotiateRequestWrapper wrappedRequest = (NegotiateRequestWrapper) filterChain.getRequest();
assertEquals(NEGOTIATE.toUpperCase(), wrappedRequest.getAuthType());
assertEquals(Secur32Util.getUserNameEx(EXTENDED_NAME_FORMAT.NameSamCompatible),
wrappedRequest.getRemoteUser());
assertTrue(wrappedRequest.getUserPrincipal() instanceof WindowsPrincipal);
String everyoneGroupName = Advapi32Util.getAccountBySid("S-1-1-0").name;
assertTrue(wrappedRequest.isUserInRole(everyoneGroupName));
assertTrue(wrappedRequest.isUserInRole("S-1-1-0"));
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}