#446 cookies when an authentication is required

open
Wolfgang Fahl
None
5
2012-09-13
2011-02-18
Tom Eugelink
No

I'm developing a security framework and writing unit tests for it. I have found a difference between all browsers and httpunit; when the digest authentication is used, my framework places the nonce value in the session and returns the authenticate response. This response also includes the jsessionid cookie generated by Tomcat / Jetty, etc.
Upon submit of the username and password by the browsers, the session is restored and I can compare values. However HttpUnit does not accept the jsessionid cookie. So upon submit of the username and password a new session is created which does not have the nonce value and authentication fails.

My framework runs perfectly on all browser, but fails to unittest with httpunit.

Why is HttpUnit's behavior different from all browsers?

Discussion

  • Wolfgang Fahl
    Wolfgang Fahl
    2012-09-13

    Dear httpunit user!

    Thank you for your bug report. We appreciate the time and effort you are putting into this.

    Please supply a testcase with the expected result for the bug report that you are asking a solution for and we'll look into implementing it. For a start you might want to get the trunk version from the subversion repository (see https://sourceforge.net/svn/?group_id=6550\)
    and have a look at the source code of some of the more than 700 JUnit based testcase in there.

    If you do not use or have subversion tool you can still directly browse our test cases via:
    http://httpunit.svn.sourceforge.net/viewvc/httpunit/trunk/httpunit/test/com/meterware/httpunit/
    Looking into one or more of the Junit Java source files
    should give you a clue on what a proper testcase for httpunit looks like, often you will probably only have to "clone" an existing testcase and modify it slightly to your needs.

    When you are ready you might want to attach the testcase (and if you already have started implementing a solution for it it also the actual code) to the patch section of the sourceforge.net tracker for patches of the httpunit project at
    https://sourceforge.net/tracker/?atid=306550&group_id=6550&func=browse.

    The main communication about further details of the development is via the httpunit developer mailinglist. You are most welcome to sign up via
    https://lists.sourceforge.net/lists/listinfo/httpunit-develop

    Yours
    The httpunit developer team

    (Russell, Wolfgang, Mark, Patrick and Tim as of 2008-04)

     
  • Wolfgang Fahl
    Wolfgang Fahl
    2012-09-13

    • assigned_to: nobody --> wolfgang_fahl