我仍在尝试为Wildfly 9实现一个自定义的JASPIC登录模块。如果登录成功,一切正常。但是,如果登录不成功,我希望得到HTTP 403响应。所以我写了一个小测试:
@Test
public void invalidCredentials() throws IOException, SAXException {
try {
WebConversation webConversation = new WebConversation();
GetMethodWebRequest request = new GetMethodWebRequest(deployUrl + "LoginServlet");
request.setParameter("token", "invalid");
WebResponse response = webConversation.getResponse(request);
fail("Got " + response.getResponseCode() + " expected 403!");
} catch (final HttpException e) {
assertEquals(403, e.getResponseCode());
}
}
结果是:
Failed tests:
JaspicLoginTest.invalidCredentials:114 Got 200 expected 403!
我尝试了这三个选项来结束无效身份验证后ServerAuthModule的方法validateRequest:
return AuthStatus.SEND_FAILURE;
return AuthStatus.FAILURE;
throw new AuthException();
但是以上都不产生认证失败HTTP响应(403)。这又是野蝇虫吗?或者我必须以其他方式生成此返回代码吗?
好的,显然可以接受MessageInfo对象,并且可以执行以下操作:
public AuthStatus validateRequest(MessageInfo messageInfo,
Subject clientSubject,
Subject serviceSubject) throws AuthException{
//Invalid case:
HttpServletResponse response =
(HttpServletResponse) messageInfo.getResponseMessage();
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return AuthStatus.SEND_FAILURE;
}