Added test for forbidden user

http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java

@@ -171,7 +171,7 @@ public void evaluateRequest(final HttpServerRequest request) throws HttpAuthenti
                                 httpBasic.debugf("User %s authorization failed.", username);
                                 fail();
 
-                                request.authenticationFailed(httpBasic.authorizationFailed(username), httpResponse -> httpResponse.setStatusCode(HttpConstants.FORBIDDEN));
+                                request.authenticationFailed(httpBasic.authorizationFailed(username), response -> response.setStatusCode(HttpConstants.FORBIDDEN));
                                 return;
                             }
 

tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java

@@ -99,4 +99,15 @@ public void testStatefulBasicRFC7617Examples() throws Exception {
         testStatefulBasic("Aladdin", "WallyWorld", "open sesame", "basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
         testStatefulBasic("test", "foo", "123\u00A3", "BASIC dGVzdDoxMjPCow==");
     }
+
+    @Test
+    public void testBasicUnauthorizedUser() throws Exception {
+       HttpServerAuthenticationMechanism mechanism = basicFactory.createAuthenticationMechanism(HttpConstants.BASIC_NAME,
+                Collections.singletonMap(HttpConstants.CONFIG_REALM, "test-realm"), getCallbackHandler("unauthorizedUser", "test-realm", "password"));
+        TestingHttpServerRequest request = new TestingHttpServerRequest(new String[] {"Basic dW5hdXRob3JpemVkVXNlcjpwYXNzd29yZA=="});
+        mechanism.evaluateRequest(request);
+        Assert.assertEquals(Status.FAILED, request.getResult());
+        TestingHttpServerResponse response = request.getResponse();
+        Assert.assertEquals(HttpConstants.FORBIDDEN, response.getStatusCode());
+    }
 }

tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java

@@ -471,7 +471,10 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri
                     Assert.assertNotNull(clearPwdCredential);
                     Assert.assertArrayEquals(password.toCharArray(), clearPwdCredential.getPassword());
                 } else if (callback instanceof AuthorizeCallback) {
-                    if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) &&
+                    if(username.equalsIgnoreCase("unauthorizedUser")){
+                        ((AuthorizeCallback) callback).setAuthorized(false);
+                    }
+                    else if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) &&
                        username.equals(((AuthorizeCallback) callback).getAuthorizationID())) {
                         ((AuthorizeCallback) callback).setAuthorized(true);
                     } else {