我还在尝试为Wildfly 9实现自定义JASPIC登录模块。如果登录成功,一切都按预期工作。但如果登录失败,我会期待HTTP 403响应。所以我写了这个小测试:
@Test
public void invalidCredentials() throws IOException, SAXException {
try {
WebConversation webConversation = new WebConversation();
GetMethodWebRequest request = new GetMethodWebRequest(deployUrl + "LoginServlet");
request.setParameter("token", "invalid");
WebResponse response = webConversation.getResponse(request);
fail("Got " + response.getResponseCode() + " expected 403!");
} catch (final HttpException e) {
assertEquals(403, e.getResponseCode());
}
}
结果如下:
Failed tests:
JaspicLoginTest.invalidCredentials:114 Got 200 expected 403!
我尝试了这三个选项,在无效身份验证后结束validateRequest的方法ServerAuthModule:
return AuthStatus.SEND_FAILURE;
return AuthStatus.FAILURE;
throw new AuthException();
但以上都没有产生认证失败的HTTP响应(403)。这又是一只Wildfly虫吗?或者我是否必须以其他方式生成此返回代码?
答案 0 :(得分:1)
好的,显然可以使用MessageInfo对象,可以这样做:
public AuthStatus validateRequest(MessageInfo messageInfo,
Subject clientSubject,
Subject serviceSubject) throws AuthException{
//Invalid case:
HttpServletResponse response =
(HttpServletResponse) messageInfo.getResponseMessage();
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return AuthStatus.SEND_FAILURE;
}