I'm developing a security framework and writing unit tests for it. I have found a difference between all browsers and httpunit; when the digest authentication is used, my framework places the nonce value in the session and returns the authenticate response. This response also includes the jsessionid cookie generated by Tomcat / Jetty, etc.
Upon submit of the username and password by the browsers, the session is restored and I can compare values. However HttpUnit does not accept the jsessionid cookie. So upon submit of the username and password a new session is created which does not have the nonce value and authentication fails.
My framework runs perfectly on all browser, but fails to unittest with httpunit.
Why is HttpUnit's behavior different from all browsers?
Dear httpunit user!
Thank you for your bug report. We appreciate the time and effort you are putting into this.
Please supply a testcase with the expected result for the bug report that you are asking a solution for and we'll look into implementing it. For a start you might want to get the trunk version from the subversion repository (see https://sourceforge.net/svn/?group_id=6550\)
and have a look at the source code of some of the more than 700 JUnit based testcase in there.
If you do not use or have subversion tool you can still directly browse our test cases via:
http://httpunit.svn.sourceforge.net/viewvc/httpunit/trunk/httpunit/test/com/meterware/httpunit/
Looking into one or more of the Junit Java source files
should give you a clue on what a proper testcase for httpunit looks like, often you will probably only have to "clone" an existing testcase and modify it slightly to your needs.
When you are ready you might want to attach the testcase (and if you already have started implementing a solution for it it also the actual code) to the patch section of the sourceforge.net tracker for patches of the httpunit project at
https://sourceforge.net/tracker/?atid=306550&group_id=6550&func=browse.
The main communication about further details of the development is via the httpunit developer mailinglist. You are most welcome to sign up via
https://lists.sourceforge.net/lists/listinfo/httpunit-develop
Yours
The httpunit developer team
(Russell, Wolfgang, Mark, Patrick and Tim as of 2008-04)
Dear Tom,
thank you for your bug report.
You might want to supply a test case per the httpunit developer FAQ.e.g. at
https://sourceforge.net/mailarchive/forum.php?thread_name=4EEEE9F8.3040907%40bitplan.com&forum_name=httpunit-develop
Yours
Wolfgang