package org.geoserver.security.auth;

import java.net.URLEncoder;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.Cookie;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.security.ConstantFilterChain;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.RequestFilterChain;
import org.geoserver.security.config.BasicAuthenticationFilterConfig;
import org.geoserver.security.config.CredentialsFromRequestHeaderFilterConfig;
import org.geoserver.security.config.DigestAuthenticationFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationBaseFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationFilterConfig;
import org.geoserver.security.config.LogoutFilterConfig;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RequestHeaderAuthenticationFilterConfig;
import org.geoserver.security.config.RoleSource;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationFilterConfig;
import org.geoserver.security.config.X509CertificateAuthenticationFilterConfig;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilter;
import org.geoserver.security.filter.GeoServerCredentialsFromRequestHeaderFilter;
import org.geoserver.security.filter.GeoServerDigestAuthenticationFilter;
import org.geoserver.security.filter.GeoServerJ2eeAuthenticationFilter;
import org.geoserver.security.filter.GeoServerLogoutFilter;
import org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter;
import org.geoserver.security.filter.GeoServerRoleFilter;
import org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter;
import org.geoserver.security.filter.GeoServerX509CertificateAuthenticationFilter;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.test.RunTestSetup;
import org.geoserver.test.SystemTest;
import org.geotools.data.Base64;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/auth/AuthenticationFilterTest.class */
public class AuthenticationFilterTest extends AbstractAuthenticationProviderTest {
    public static final String testFilterName = "basicAuthTestFilter";
    public static final String testFilterName2 = "digestAuthTestFilter";
    public static final String testFilterName3 = "j2eeAuthTestFilter";
    public static final String testFilterName4 = "requestHeaderTestFilter";
    public static final String testFilterName5 = "basicAuthTestFilterWithRememberMe";
    public static final String testFilterName6 = "formLoginTestFilter";
    public static final String testFilterName7 = "formLoginTestFilterWithRememberMe";
    public static final String testFilterName8 = "x509TestFilter";
    public static final String testFilterName9 = "logoutTestFilter";
    public static final String testFilterName10 = "credentialsFromHeaderTestFilter";
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !AuthenticationFilterTest.class.desiredAssertionStatus();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.security.auth.AbstractAuthenticationProviderTest, org.geoserver.test.GeoServerSystemTestSupport
    public void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        LogoutFilterConfig logoutFilterConfig = new LogoutFilterConfig();
        logoutFilterConfig.setClassName(GeoServerLogoutFilter.class.getName());
        logoutFilterConfig.setName(testFilterName9);
        logoutFilterConfig.setRedirectURL("/web/");
        getSecurityManager().saveFilter(logoutFilterConfig);
        BasicAuthenticationFilterConfig basicAuthenticationFilterConfig = new BasicAuthenticationFilterConfig();
        basicAuthenticationFilterConfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName());
        basicAuthenticationFilterConfig.setUseRememberMe(false);
        basicAuthenticationFilterConfig.setName("basicAuthTestFilter");
        getSecurityManager().saveFilter(basicAuthenticationFilterConfig);
    }

    @Before
    public void revertFilters() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        if (securityManager.listFilters().contains("digestAuthTestFilter")) {
            securityManager.removeFilter(securityManager.loadFilterConfig("digestAuthTestFilter"));
        }
    }

    @Test
    public void testBasicAuth() throws Exception {
        prepareFilterChain(this.pattern, "basicAuthTestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        modifyChain(this.pattern, false, true, "roleFilter");
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        String header2 = mockHttpServletResponse2.getHeader(GeoServerRoleFilter.DEFAULT_HEADER_ATTRIBUTE);
        Assert.assertNotNull(header2);
        String[] split = header2.split(";");
        Assert.assertEquals(3L, split.length);
        List asList = Arrays.asList(split);
        Assert.assertTrue(asList.contains(GeoServerRole.AUTHENTICATED_ROLE.getAuthority()));
        Assert.assertTrue(asList.contains(AbstractAuthenticationProviderTest.rootRole));
        Assert.assertTrue(asList.contains(AbstractAuthenticationProviderTest.derivedRole));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:wrongpass".getBytes())));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        String header3 = mockHttpServletResponse3.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header3);
        if (!$assertionsDisabled && header3.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header3.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse3.getStatus());
        Assert.assertNull((SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("unknwon:pw1".getBytes())));
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain3);
        String header4 = mockHttpServletResponse4.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header4);
        if (!$assertionsDisabled && header4.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header4.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse4.getStatus());
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest5.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes(("root:" + getMasterPassword()).getBytes())));
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, mockFilterChain4);
        Assert.assertEquals(200L, mockHttpServletResponse5.getStatus());
        Authentication authentication2 = ((SecurityContext) createRequest5.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals("root", authentication2.getPrincipal());
        Assert.assertTrue(authentication2.getAuthorities().size() == 1);
        Assert.assertTrue(authentication2.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest6.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("root:geoserver1".getBytes())));
        getProxy().doFilter(createRequest6, mockHttpServletResponse6, mockFilterChain5);
        String header5 = mockHttpServletResponse6.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header5);
        if (!$assertionsDisabled && header5.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header5.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse6.getStatus());
        Assert.assertNull((SecurityContext) createRequest6.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        getSecurityManager().getAuthenticationCache().removeAll();
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        MockHttpServletRequest createRequest7 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse7 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain6 = new MockFilterChain();
        createRequest7.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest7, mockHttpServletResponse7, mockFilterChain6);
        String header6 = mockHttpServletResponse7.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header6);
        if (!$assertionsDisabled && header6.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header6.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse7.getStatus());
        Assert.assertNull((SecurityContext) createRequest7.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testCredentialsFromHeader() throws Exception {
        CredentialsFromRequestHeaderFilterConfig credentialsFromRequestHeaderFilterConfig = new CredentialsFromRequestHeaderFilterConfig();
        credentialsFromRequestHeaderFilterConfig.setClassName(GeoServerCredentialsFromRequestHeaderFilter.class.getName());
        credentialsFromRequestHeaderFilterConfig.setUserNameHeaderName("X-Credentials");
        credentialsFromRequestHeaderFilterConfig.setPasswordHeaderName("X-Credentials");
        credentialsFromRequestHeaderFilterConfig.setUserNameRegex("private-user=([^&]*)");
        credentialsFromRequestHeaderFilterConfig.setPasswordRegex("private-pw=([^&]*)");
        credentialsFromRequestHeaderFilterConfig.setParseAsUriComponents(true);
        credentialsFromRequestHeaderFilterConfig.setName(testFilterName10);
        getSecurityManager().saveFilter(credentialsFromRequestHeaderFilterConfig);
        prepareFilterChain(this.pattern, testFilterName10);
        modifyChain(this.pattern, false, true, null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("X-Credentials", "private-user=user1&private-pw=pw1");
        getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("X-Credentials", "private-user=user1&private-pw=wrongpass");
        getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
        Assert.assertEquals(403L, mockHttpServletResponse2.getStatus());
        Assert.assertNull((SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.addHeader("X-Credentials", "private-user=wronguser&private-pw=pw1");
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(403L, mockHttpServletResponse3.getStatus());
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest5.addHeader("X-Credentials", "private-user=root&private-pw=" + URLEncoder.encode(getMasterPassword(), "UTF-8"));
        getProxy().doFilter(createRequest5, mockHttpServletResponse4, mockFilterChain4);
        Assert.assertEquals(200L, mockHttpServletResponse4.getStatus());
        Authentication authentication2 = ((SecurityContext) createRequest5.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals("root", authentication2.getPrincipal());
        Assert.assertTrue(authentication2.getAuthorities().size() == 2);
        Assert.assertTrue(authentication2.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest6.addHeader("X-Credentials", "private-user=root&private-pw=geoserver1");
        getProxy().doFilter(createRequest6, mockHttpServletResponse5, mockFilterChain5);
        Assert.assertEquals(403L, mockHttpServletResponse5.getStatus());
        Assert.assertNull((SecurityContext) createRequest6.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        getSecurityManager().getAuthenticationCache().removeAll();
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        MockHttpServletRequest createRequest7 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain6 = new MockFilterChain();
        createRequest7.addHeader("X-Credentials", "private-user=user1&private-pw=pw1");
        getProxy().doFilter(createRequest7, mockHttpServletResponse6, mockFilterChain6);
        Assert.assertEquals(403L, mockHttpServletResponse6.getStatus());
        Assert.assertNull((SecurityContext) createRequest7.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testJ2eeProxy() throws Exception {
        J2eeAuthenticationFilterConfig j2eeAuthenticationFilterConfig = new J2eeAuthenticationFilterConfig();
        j2eeAuthenticationFilterConfig.setClassName(GeoServerJ2eeAuthenticationFilter.class.getName());
        j2eeAuthenticationFilterConfig.setName("j2eeAuthTestFilter");
        j2eeAuthenticationFilterConfig.setRoleSource(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE);
        j2eeAuthenticationFilterConfig.setRoleServiceName("rs1");
        j2eeAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        j2eeAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "j2eeAuthTestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        for (J2eeAuthenticationBaseFilterConfig.J2EERoleSource j2EERoleSource : J2eeAuthenticationBaseFilterConfig.J2EERoleSource.values()) {
            j2eeAuthenticationFilterConfig.setRoleSource(j2EERoleSource);
            getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            MockFilterChain mockFilterChain = new MockFilterChain();
            createRequest2.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationFilterTest.1
                @Override // java.security.Principal
                public String getName() {
                    return AbstractAuthenticationProviderTest.testUserName;
                }
            });
            if (j2EERoleSource == J2eeAuthenticationBaseFilterConfig.J2EERoleSource.Header) {
                createRequest2.addHeader("roles", "DerivedRole;RootRole");
            }
            if (j2EERoleSource == J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE) {
                createRequest2.addUserRole(AbstractAuthenticationProviderTest.derivedRole);
            }
            getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
            Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
            SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
            Assert.assertNotNull(securityContext);
            Authentication authentication = securityContext.getAuthentication();
            Assert.assertNotNull(authentication);
            Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(authentication);
            Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, authentication.getPrincipal());
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        }
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationFilterTest.2
            @Override // java.security.Principal
            public String getName() {
                return "root";
            }
        });
        getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        SecurityContext securityContext2 = (SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext2);
        Authentication authentication2 = securityContext2.getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals("root", authentication2.getPrincipal());
        Assert.assertTrue(authentication2.getAuthorities().size() == 1);
        Assert.assertTrue(authentication2.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        j2eeAuthenticationFilterConfig.setRoleServiceName((String) null);
        getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationFilterTest.3
            @Override // java.security.Principal
            public String getName() {
                return AbstractAuthenticationProviderTest.testUserName;
            }
        });
        createRequest4.addUserRole(AbstractAuthenticationProviderTest.derivedRole);
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        SecurityContext securityContext3 = (SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext3);
        Authentication authentication3 = securityContext3.getAuthentication();
        Assert.assertNotNull(authentication3);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication3);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, authentication3.getPrincipal());
        Assert.assertTrue(authentication3.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication3.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testRequestHeaderProxy() throws Exception {
        RequestHeaderAuthenticationFilterConfig requestHeaderAuthenticationFilterConfig = new RequestHeaderAuthenticationFilterConfig();
        requestHeaderAuthenticationFilterConfig.setClassName(GeoServerRequestHeaderAuthenticationFilter.class.getName());
        requestHeaderAuthenticationFilterConfig.setName("requestHeaderTestFilter");
        requestHeaderAuthenticationFilterConfig.setRoleServiceName("rs1");
        requestHeaderAuthenticationFilterConfig.setPrincipalHeaderAttribute("principal");
        requestHeaderAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService);
        requestHeaderAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        requestHeaderAuthenticationFilterConfig.setPrincipalHeaderAttribute("principal");
        requestHeaderAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "requestHeaderTestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        for (RoleSource roleSource : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource);
            getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            MockFilterChain mockFilterChain = new MockFilterChain();
            createRequest2.addHeader("principal", AbstractAuthenticationProviderTest.testUserName);
            if (roleSource.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                createRequest2.addHeader("roles", "DerivedRole;RootRole");
            }
            getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
            Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
            SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
            Assert.assertNotNull(securityContext);
            Authentication authentication = securityContext.getAuthentication();
            Assert.assertNotNull(authentication);
            Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(authentication);
            Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, authentication.getPrincipal());
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        }
        for (RoleSource roleSource2 : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource2);
            getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource2);
            MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
            MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
            MockFilterChain mockFilterChain2 = new MockFilterChain();
            createRequest3.addHeader("principal", "unknwon");
            getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
            Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
            SecurityContext securityContext2 = (SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
            Assert.assertNotNull(securityContext2);
            Authentication authentication2 = securityContext2.getAuthentication();
            Assert.assertNotNull(authentication2);
            Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(authentication2);
            Assert.assertEquals("unknwon", authentication2.getPrincipal());
        }
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        requestHeaderAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService);
        getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.addHeader("principal", AbstractAuthenticationProviderTest.testUserName);
        getProxy().doFilter(createRequest4, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testDigestAuth() throws Exception {
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = new DigestAuthenticationFilterConfig();
        digestAuthenticationFilterConfig.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        digestAuthenticationFilterConfig.setName("digestAuthTestFilter");
        digestAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "digestAuthTestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", clientDigestString(header, AbstractAuthenticationProviderTest.testUserName, AbstractAuthenticationProviderTest.testPassword, createRequest2.getMethod()));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", clientDigestString(header, AbstractAuthenticationProviderTest.testUserName, "wrongpass", createRequest3.getMethod()));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        String header2 = mockHttpServletResponse3.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header2);
        if (!$assertionsDisabled && header2.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header2.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse3.getStatus());
        Assert.assertNull((SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.addHeader("Authorization", clientDigestString(header2, "unknown", AbstractAuthenticationProviderTest.testPassword, createRequest4.getMethod()));
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain3);
        String header3 = mockHttpServletResponse4.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header3);
        if (!$assertionsDisabled && header3.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header3.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse4.getStatus());
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest5.addHeader("Authorization", clientDigestString(header3, "root", getMasterPassword(), createRequest5.getMethod()));
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, mockFilterChain4);
        Assert.assertEquals(200L, mockHttpServletResponse5.getStatus());
        Authentication authentication2 = ((SecurityContext) createRequest5.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals("root", ((UserDetails) authentication2.getPrincipal()).getUsername());
        Assert.assertTrue(authentication2.getAuthorities().size() == 1);
        Assert.assertTrue(authentication2.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest6.addHeader("Authorization", clientDigestString(header3, "root", "geoserver1", createRequest6.getMethod()));
        getProxy().doFilter(createRequest6, mockHttpServletResponse6, mockFilterChain5);
        String header4 = mockHttpServletResponse6.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header4);
        if (!$assertionsDisabled && header4.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header4.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse6.getStatus());
        Assert.assertNull((SecurityContext) createRequest6.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        MockHttpServletRequest createRequest7 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse7 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain6 = new MockFilterChain();
        createRequest7.addHeader("Authorization", clientDigestString(header4, "unknown", AbstractAuthenticationProviderTest.testPassword, createRequest7.getMethod()));
        getProxy().doFilter(createRequest7, mockHttpServletResponse7, mockFilterChain6);
        String header5 = mockHttpServletResponse7.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header5);
        if (!$assertionsDisabled && header5.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header5.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse7.getStatus());
        Assert.assertNull((SecurityContext) createRequest7.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testBasicAuthWithRememberMe() throws Exception {
        BasicAuthenticationFilterConfig basicAuthenticationFilterConfig = new BasicAuthenticationFilterConfig();
        basicAuthenticationFilterConfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName());
        basicAuthenticationFilterConfig.setUseRememberMe(true);
        basicAuthenticationFilterConfig.setName("basicAuthTestFilterWithRememberMe");
        getSecurityManager().saveFilter(basicAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "basicAuthTestFilterWithRememberMe", "rememberme");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(0L, mockHttpServletResponse.getCookies().length);
        Assert.assertNotNull(mockHttpServletResponse.getHeader("WWW-Authenticate"));
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("abc@xyz.com:abc".getBytes())));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(1L, mockHttpServletResponse2.getCookies().length);
        Cookie cookie = mockHttpServletResponse2.getCookies()[0];
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.addParameter("_spring_security_remember_me", "yes");
        createRequest3.setCookies(new Cookie[]{cookie});
        getProxy().doFilter(createRequest3, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        SecurityContext securityContext2 = (SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext2);
        Authentication authentication2 = securityContext2.getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication2);
        Assert.assertEquals("abc@xyz.com", ((UserDetails) authentication2.getPrincipal()).getUsername());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.addParameter("_spring_security_remember_me", "yes");
        createRequest4.setCookies(new Cookie[]{cookie});
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest4.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("abc@xyz.com:abc".getBytes())));
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        SecurityContext securityContext3 = (SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext3);
        Authentication authentication3 = securityContext3.getAuthentication();
        Assert.assertNotNull(authentication3);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication3);
        Assert.assertEquals("abc@xyz.com", ((UserDetails) authentication3.getPrincipal()).getUsername());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest5.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes(("root:" + getMasterPassword()).getBytes())));
        getProxy().doFilter(createRequest5, mockHttpServletResponse4, mockFilterChain3);
        Assert.assertEquals(200L, mockHttpServletResponse4.getStatus());
        SecurityContext securityContext4 = (SecurityContext) createRequest5.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext4);
        Assert.assertNotNull(securityContext4.getAuthentication());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals(0L, mockHttpServletResponse4.getCookies().length);
        updateUser("ug1", "abc@xyz.com", false);
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        createRequest6.addParameter("_spring_security_remember_me", "yes");
        createRequest6.setCookies(new Cookie[]{cookie});
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        getProxy().doFilter(createRequest6, mockHttpServletResponse5, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse5.getStatus());
        Assert.assertEquals(1L, mockHttpServletResponse5.getCookies().length);
        Assert.assertNull(mockHttpServletResponse5.getCookies()[0].getValue());
        updateUser("ug1", "abc@xyz.com", true);
    }

    @Test
    public void testFormLogin() throws Exception {
        UsernamePasswordAuthenticationFilterConfig usernamePasswordAuthenticationFilterConfig = new UsernamePasswordAuthenticationFilterConfig();
        usernamePasswordAuthenticationFilterConfig.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName());
        usernamePasswordAuthenticationFilterConfig.setUsernameParameterName("username");
        usernamePasswordAuthenticationFilterConfig.setPasswordParameterName("password");
        usernamePasswordAuthenticationFilterConfig.setName(testFilterName6);
        getSecurityManager().saveFilter(usernamePasswordAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "form");
        modifyChain(this.pattern, false, true, null);
        prepareFilterChain(ConstantFilterChain.class, "/j_spring_security_check_foo/", testFilterName6);
        modifyChain("/j_spring_security_check_foo/", false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=false"));
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.setMethod("POST");
        createRequest2.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), AbstractAuthenticationProviderTest.testUserName);
        createRequest2.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), AbstractAuthenticationProviderTest.testPassword);
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertTrue(mockHttpServletResponse2.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse2.getHeader("Location").endsWith("/web"));
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        GeoServerLogoutFilter loadFilter = getSecurityManager().loadFilter("formLogout");
        MockHttpServletRequest createRequest3 = createRequest("/j_spring_security_logout_foo");
        createRequest3.getSession(true).setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        loadFilter.doFilter(createRequest3, mockHttpServletResponse3, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse3.getStatus() == 302);
        String header = mockHttpServletResponse3.getHeader("Location");
        Assert.assertNotNull(header);
        Assert.assertTrue(header.endsWith("/web/"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest4.setMethod("POST");
        createRequest4.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), AbstractAuthenticationProviderTest.testUserName);
        createRequest4.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), "wrongpass");
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain2);
        Assert.assertTrue(mockHttpServletResponse4.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse4.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=true"));
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest5 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest5.setMethod("POST");
        createRequest5.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), "unknwon");
        createRequest5.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), AbstractAuthenticationProviderTest.testPassword);
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, mockFilterChain3);
        Assert.assertTrue(mockHttpServletResponse5.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse5.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=true"));
        Assert.assertNull((SecurityContext) createRequest5.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest6 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest6.setMethod("POST");
        createRequest6.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), "root");
        createRequest6.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), getMasterPassword());
        getProxy().doFilter(createRequest6, mockHttpServletResponse6, mockFilterChain4);
        Assert.assertTrue(mockHttpServletResponse6.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse6.getHeader("Location").endsWith("/web"));
        Authentication authentication2 = ((SecurityContext) createRequest6.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals("root", authentication2.getPrincipal());
        Assert.assertTrue(authentication2.getAuthorities().size() == 1);
        Assert.assertTrue(authentication2.getAuthorities().contains(GeoServerRole.ADMIN_ROLE));
        MockHttpServletRequest createRequest7 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse7 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest7.setMethod("POST");
        createRequest7.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), "root");
        createRequest7.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), "geoserver1");
        getProxy().doFilter(createRequest7, mockHttpServletResponse7, mockFilterChain5);
        Assert.assertTrue(mockHttpServletResponse7.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse7.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=true"));
        Assert.assertNull((SecurityContext) createRequest7.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        MockHttpServletRequest createRequest8 = createRequest("/j_spring_security_check_foo");
        MockHttpServletResponse mockHttpServletResponse8 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain6 = new MockFilterChain();
        createRequest8.setMethod("POST");
        createRequest8.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), AbstractAuthenticationProviderTest.testUserName);
        createRequest8.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), AbstractAuthenticationProviderTest.testPassword);
        getProxy().doFilter(createRequest8, mockHttpServletResponse8, mockFilterChain6);
        Assert.assertTrue(mockHttpServletResponse8.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse8.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=true"));
        Assert.assertNull((SecurityContext) createRequest8.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testFormLoginWithRememberMe() throws Exception {
        UsernamePasswordAuthenticationFilterConfig usernamePasswordAuthenticationFilterConfig = new UsernamePasswordAuthenticationFilterConfig();
        usernamePasswordAuthenticationFilterConfig.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName());
        usernamePasswordAuthenticationFilterConfig.setUsernameParameterName("username");
        usernamePasswordAuthenticationFilterConfig.setPasswordParameterName("password");
        usernamePasswordAuthenticationFilterConfig.setName(testFilterName7);
        getSecurityManager().saveFilter(usernamePasswordAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "rememberme", "form");
        modifyChain(this.pattern, false, true, null);
        prepareFilterChain("/j_spring_security_check_foo/", testFilterName7);
        modifyChain("/j_spring_security_check_foo/", false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=false"));
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/j_spring_security_check_foo");
        createRequest2.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.setMethod("POST");
        createRequest2.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), AbstractAuthenticationProviderTest.testUserName);
        createRequest2.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), AbstractAuthenticationProviderTest.testPassword);
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertTrue(mockHttpServletResponse2.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse2.getHeader("Location").endsWith("/web"));
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        Assert.assertEquals(1L, mockHttpServletResponse2.getCookies().length);
        Cookie cookie = mockHttpServletResponse2.getCookies()[0];
        Assert.assertNotNull(cookie.getValue());
        GeoServerLogoutFilter loadFilter = getSecurityManager().loadFilter("formLogout");
        MockHttpServletRequest createRequest3 = createRequest("/j_spring_security_logout_foo");
        createRequest3.getSession(true).setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        loadFilter.doFilter(createRequest3, mockHttpServletResponse3, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse3.getStatus() == 302);
        String header = mockHttpServletResponse3.getHeader("Location");
        Assert.assertNotNull(header);
        Assert.assertTrue(header.endsWith("/web/"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertNull(mockHttpServletResponse3.getCookies()[0].getValue());
        MockHttpServletRequest createRequest4 = createRequest("/j_spring_security_check_foo");
        createRequest4.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest4.setMethod("POST");
        createRequest4.addParameter(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName(), "root");
        createRequest4.addParameter(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName(), getMasterPassword());
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain2);
        Assert.assertTrue(mockHttpServletResponse4.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse4.getHeader("Location").endsWith("/web"));
        SecurityContext securityContext2 = (SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext2);
        Authentication authentication2 = securityContext2.getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertEquals("root", authentication2.getPrincipal());
        Assert.assertEquals(0L, mockHttpServletResponse4.getCookies().length);
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setCookies(new Cookie[]{cookie});
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse5.getStatus() == 302);
        Assert.assertTrue(mockHttpServletResponse5.getHeader("Location").endsWith("/web/wicket/bookmarkable/org.geoserver.web.GeoServerLoginPage?error=false"));
        Assert.assertEquals(1L, mockHttpServletResponse5.getCookies().length);
        Assert.assertNull(mockHttpServletResponse5.getCookies()[0].getValue());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
    }

    @Test
    public void testX509Auth() throws Exception {
        X509CertificateAuthenticationFilterConfig x509CertificateAuthenticationFilterConfig = new X509CertificateAuthenticationFilterConfig();
        x509CertificateAuthenticationFilterConfig.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());
        x509CertificateAuthenticationFilterConfig.setName("x509TestFilter");
        x509CertificateAuthenticationFilterConfig.setRoleServiceName("rs1");
        x509CertificateAuthenticationFilterConfig.setRoleSource(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.RoleService);
        x509CertificateAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        x509CertificateAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "x509TestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        for (J2eeAuthenticationBaseFilterConfig.J2EERoleSource j2EERoleSource : J2eeAuthenticationBaseFilterConfig.J2EERoleSource.values()) {
            x509CertificateAuthenticationFilterConfig.setRoleSource(j2EERoleSource);
            getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            MockFilterChain mockFilterChain = new MockFilterChain();
            if (j2EERoleSource == J2eeAuthenticationBaseFilterConfig.J2EERoleSource.Header) {
                createRequest2.addHeader("roles", "DerivedRole;RootRole");
            }
            if (j2EERoleSource == J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE) {
                createRequest2.addUserRole(AbstractAuthenticationProviderTest.derivedRole);
            }
            setCertifacteForUser(AbstractAuthenticationProviderTest.testUserName, createRequest2);
            getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
            Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
            SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
            Assert.assertNotNull(securityContext);
            Authentication authentication = securityContext.getAuthentication();
            Assert.assertNotNull(authentication);
            Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(authentication);
            Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, authentication.getPrincipal());
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
            Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        }
        for (J2eeAuthenticationBaseFilterConfig.J2EERoleSource j2EERoleSource2 : J2eeAuthenticationBaseFilterConfig.J2EERoleSource.values()) {
            x509CertificateAuthenticationFilterConfig.setRoleSource(j2EERoleSource2);
            getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
            x509CertificateAuthenticationFilterConfig.setRoleSource(j2EERoleSource2);
            MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
            MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
            MockFilterChain mockFilterChain2 = new MockFilterChain();
            if (j2EERoleSource2 == J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE) {
            }
            setCertifacteForUser("unknown", createRequest3);
            getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
            Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
            SecurityContext securityContext2 = (SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
            Assert.assertNotNull(securityContext2);
            Authentication authentication2 = securityContext2.getAuthentication();
            Assert.assertNotNull(authentication2);
            Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(authentication2);
            Assert.assertEquals("unknown", authentication2.getPrincipal());
        }
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, false);
        x509CertificateAuthenticationFilterConfig.setRoleSource(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.UserGroupService);
        getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        setCertifacteForUser(AbstractAuthenticationProviderTest.testUserName, createRequest4);
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(403L, mockHttpServletResponse3.getStatus());
        Assert.assertNull((SecurityContext) createRequest4.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", AbstractAuthenticationProviderTest.testUserName, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    @RunTestSetup
    public void testCascadingFilters() throws Exception {
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = new DigestAuthenticationFilterConfig();
        digestAuthenticationFilterConfig.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        digestAuthenticationFilterConfig.setName("digestAuthTestFilter");
        digestAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, "basicAuthTestFilter", "digestAuthTestFilter");
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertNull((SecurityContext) createRequest.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", clientDigestString(header, AbstractAuthenticationProviderTest.testUserName, AbstractAuthenticationProviderTest.testPassword, createRequest2.getMethod()));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication.getPrincipal()).getUsername());
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        SecurityContext securityContext2 = (SecurityContext) createRequest3.getSession(true).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext2);
        Authentication authentication2 = securityContext2.getAuthentication();
        Assert.assertNotNull(authentication2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication2);
        Assert.assertEquals(AbstractAuthenticationProviderTest.testUserName, ((UserDetails) authentication2.getPrincipal()).getUsername());
        Assert.assertTrue(authentication2.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.rootRole)));
        Assert.assertTrue(authentication2.getAuthorities().contains(new GeoServerRole(AbstractAuthenticationProviderTest.derivedRole)));
    }

    public void testSSL() throws Exception {
        prepareFilterChain(this.pattern, "anonymous");
        modifyChain(this.pattern, false, true, null);
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        RequestFilterChain requestChainByName = securityConfig.getFilterChain().getRequestChainByName("testChain");
        requestChainByName.setRequireSSL(true);
        getSecurityManager().saveSecurityConfig(securityConfig);
        MockHttpServletRequest createRequest = createRequest("/foo/bar?request=getCapabilities&a=b");
        createRequest.setProtocol("https");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar?request=getCapabilities&a=b");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest2, mockHttpServletResponse, new MockFilterChain());
        Assert.assertTrue(mockHttpServletResponse.getStatus() == 302);
        String header = mockHttpServletResponse.getHeader("Location");
        Assert.assertNotNull(header);
        Assert.assertTrue(header.startsWith("https"));
        Assert.assertTrue(header.indexOf("a=b") != -1);
        Assert.assertTrue(header.indexOf("443") != -1);
        requestChainByName.setRequireSSL(false);
        getSecurityManager().saveSecurityConfig(securityConfig);
    }
}
