BasicAuthenticator.java

/*-
 * #%L
 * io.earcam.utilitarian.web.jaxrs
 * %%
 * Copyright (C) 2017 earcam
 * %%
 * SPDX-License-Identifier: (BSD-3-Clause OR EPL-1.0 OR Apache-2.0 OR MIT)
 *
 * You <b>must</b> choose to accept, in full - any individual or combination of
 * the following licenses:
 * <ul>
 * 	<li><a href="https://opensource.org/licenses/BSD-3-Clause">BSD-3-Clause</a></li>
 * 	<li><a href="https://www.eclipse.org/legal/epl-v10.html">EPL-1.0</a></li>
 * 	<li><a href="https://www.apache.org/licenses/LICENSE-2.0">Apache-2.0</a></li>
 * 	<li><a href="https://opensource.org/licenses/MIT">MIT</a></li>
 * </ul>
 * #L%
 */
package io.earcam.utilitarian.web.jaxrs;

import static java.nio.charset.StandardCharsets.UTF_8;

import java.io.IOException;

import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.xml.bind.DatatypeConverter;

/**
 * <p>
 * A JAX-RS client filter providing support for the
 * <a href="https://en.wikipedia.org/wiki/Basic_access_authentication">Basic Authentication</a>
 * form of <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication">HTTP Authentication</a>
 * scheme.
 * </p>
 *
 * <p>
 * <b>Note</b>: unfortunately implementations (e.g. Jersey) don't acknowledge the risks
 * of interned String passwords by allowing the header value to be set as a {@code char} array.
 * This is likely due to API design, e.g. {@link javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate}
 * </p>
 */
public class BasicAuthenticator implements ClientRequestFilter {

	static final String AUTHORIZATION = "Authorization";
	private final String username;
	private final String password;


	public BasicAuthenticator(String username, String password)
	{
		this.username = username;
		this.password = password;
	}


	@Override
	public void filter(ClientRequestContext requestContext) throws IOException
	{
		MultivaluedMap<String, Object> headers = requestContext.getHeaders();
		headers.add(AUTHORIZATION, basicAuthentication());
	}


	private String basicAuthentication()
	{
		String token = this.username + ":" + this.password;
		return "BASIC " + DatatypeConverter.printBase64Binary(token.getBytes(UTF_8));
	}
}




Active mutators

INCREMENTS_MUTATOR
VOID_METHOD_CALL_MUTATOR
RETURN_VALS_MUTATOR
MATH_MUTATOR
NEGATE_CONDITIONALS_MUTATOR
INVERT_NEGS_MUTATOR
CONDITIONALS_BOUNDARY_MUTATOR

Tests examined

io.earcam.utilitarian.web.jaxrs.BasicAuthenticatorTest.happy() (319 ms)

Report generated by PIT 1.4.3

1		/*-
2		* #%L
3		* io.earcam.utilitarian.web.jaxrs
4		* %%
5		* Copyright (C) 2017 earcam
6		* %%
7		* SPDX-License-Identifier: (BSD-3-Clause OR EPL-1.0 OR Apache-2.0 OR MIT)
8		*
9		* You <b>must</b> choose to accept, in full - any individual or combination of
10		* the following licenses:
11		* <ul>
12		* <li><a href="https://opensource.org/licenses/BSD-3-Clause">BSD-3-Clause</a></li>
13		* <li><a href="https://www.eclipse.org/legal/epl-v10.html">EPL-1.0</a></li>
14		* <li><a href="https://www.apache.org/licenses/LICENSE-2.0">Apache-2.0</a></li>
15		* <li><a href="https://opensource.org/licenses/MIT">MIT</a></li>
16		* </ul>
17		* #L%
18		*/
19		package io.earcam.utilitarian.web.jaxrs;
20
21		import static java.nio.charset.StandardCharsets.UTF_8;
22
23		import java.io.IOException;
24
25		import javax.ws.rs.client.ClientRequestContext;
26		import javax.ws.rs.client.ClientRequestFilter;
27		import javax.ws.rs.core.MultivaluedMap;
28		import javax.xml.bind.DatatypeConverter;
29
30		/**
31		* <p>
32		* A JAX-RS client filter providing support for the
33		* <a href="https://en.wikipedia.org/wiki/Basic_access_authentication">Basic Authentication</a>
34		* form of <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication">HTTP Authentication</a>
35		* scheme.
36		* </p>
37		*
38		* <p>
39		* <b>Note</b>: unfortunately implementations (e.g. Jersey) don't acknowledge the risks
40		* of interned String passwords by allowing the header value to be set as a {@code char} array.
41		* This is likely due to API design, e.g. {@link javax.ws.rs.ext.RuntimeDelegate.HeaderDelegate}
42		* </p>
43		*/
44		public class BasicAuthenticator implements ClientRequestFilter {
45
46		static final String AUTHORIZATION = "Authorization";
47		private final String username;
48		private final String password;
49
50
51		public BasicAuthenticator(String username, String password)
52		{
53		this.username = username;
54		this.password = password;
55		}
56
57
58		@Override
59		public void filter(ClientRequestContext requestContext) throws IOException
60		{
61		MultivaluedMap<String, Object> headers = requestContext.getHeaders();
62	1 1. filter : removed call to javax/ws/rs/core/MultivaluedMap::add → KILLED	headers.add(AUTHORIZATION, basicAuthentication());
63		}
64
65
66		private String basicAuthentication()
67		{
68		String token = this.username + ":" + this.password;
69	1 1. basicAuthentication : mutated return of Object value for io/earcam/utilitarian/web/jaxrs/BasicAuthenticator::basicAuthentication to ( if (x != null) null else throw new RuntimeException ) → KILLED	return "BASIC " + DatatypeConverter.printBase64Binary(token.getBytes(UTF_8));
70		}
71		}
		Mutations
62		1.1 Location : filter Killed by : io.earcam.utilitarian.web.jaxrs.BasicAuthenticatorTest.happy() removed call to javax/ws/rs/core/MultivaluedMap::add → KILLED
69		1.1 Location : basicAuthentication Killed by : io.earcam.utilitarian.web.jaxrs.BasicAuthenticatorTest.happy() mutated return of Object value for io/earcam/utilitarian/web/jaxrs/BasicAuthenticator::basicAuthentication to ( if (x != null) null else throw new RuntimeException ) → KILLED

BasicAuthenticator.java

Mutations

Active mutators

Tests examined