Example 11 with IdmJwtAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class OAuthAuthenticationManager method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!(authentication instanceof IdmJwtAuthentication)) {
throw new IdmAuthenticationException("Unsupported granted authority " + authentication.getClass().getName());
}
IdmJwtAuthentication idmJwtAuthentication = (IdmJwtAuthentication) authentication;
IdmIdentityDto identity = getIdentityForToken(idmJwtAuthentication);
IdmAuthorityChange authChange = getIdentityAuthorityChange(identity);
checkIssuedTime(idmJwtAuthentication.getIssuedAt(), authChange);
checkExpirationTime(idmJwtAuthentication);
checkDisabled(identity);
// Set logged user to workflow engine
workflowIdentityService.setAuthenticatedUserId(identity.getUsername());
// set authentication
securityService.setAuthentication(idmJwtAuthentication);
//
return idmJwtAuthentication;
}
Also used :
IdmAuthorityChange(eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Example 12 with IdmJwtAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class OAuthAuthenticationManagerTest method testIdentityNotExists.
/**
* Non-existent identities cannot possess auth. tokens.
*/
@Test
public void testIdentityNotExists() {
IdmJwtAuthentication authentication = getAuthentication(USER_NAME, DateTime.now().plusHours(1), DateTime.now());
when(identityService.getByUsername(USER_NAME)).thenReturn(null);
try {
authManager.authenticate(authentication);
Assert.fail("Cannot authenticate unknown identity.");
} catch (AuthenticationException e) {
verify(identityService).getByUsername(USER_NAME);
}
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
Test(org.junit.Test)
AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)
Example 13 with IdmJwtAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class OAuthAuthenticationManagerTest method testAuthorityModification.
/**
* Removing a role which grants authorities results in authentication
* expiration.
*/
@Test
public void testAuthorityModification() {
IdmIdentityDto i = getTestIdentity();
IdmAuthorityChange ac = getAuthChange(i, DateTime.now());
IdmJwtAuthentication authentication = getAuthentication(USER_NAME, DateTime.now().plusHours(1), DateTime.now().minusHours(1));
when(identityService.getByUsername(USER_NAME)).thenReturn(i);
when(acRepository.findOneByIdentity_Id(i.getId())).thenReturn(ac);
try {
authManager.authenticate(authentication);
Assert.fail("Cannot authenticate identity with modified authorities.");
} catch (ResultCodeException e) {
Assert.assertEquals(CoreResultCode.AUTHORITIES_CHANGED.getStatus(), e.getStatus());
Assert.assertEquals(CoreResultCode.AUTHORITIES_CHANGED.getMessage(), e.getMessage());
verify(identityService).getByUsername(USER_NAME);
verify(acRepository).findOneByIdentity_Id(i.getId());
}
}
Also used :
IdmAuthorityChange(eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)
Example 14 with IdmJwtAuthentication
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class AbstractWorkflowIntegrationTest method loginWithout.
/**
* Login as user without authorities given in parameter authorities
*
* @param user
* @param authorities
*/
public void loginWithout(String user, String... authorities) {
Collection<GrantedAuthority> authoritiesWithout = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
for (String auth : authorities) {
if (auth.equals(authority.getAuthority())) {
return false;
}
}
return true;
}).collect(Collectors.toList());
IdmIdentityDto identity = (IdmIdentityDto) lookupService.getDtoLookup(IdmIdentityDto.class).lookup(user);
SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(identity, null, authoritiesWithout, "test"));
}
Also used :
SpringProcessEngineConfiguration(org.activiti.spring.SpringProcessEngineConfiguration)
AuthenticationTestUtils(eu.bcvsolutions.idm.test.api.utils.AuthenticationTestUtils)
ActivitiRule(org.activiti.engine.test.ActivitiRule)
Collection(java.util.Collection)
ProcessEngineConfigurationImpl(org.activiti.engine.impl.cfg.ProcessEngineConfigurationImpl)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
AutowireCapableBeanFactory(org.springframework.beans.factory.config.AutowireCapableBeanFactory)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
Collectors(java.util.stream.Collectors)
DefaultActivityBehaviorFactory(org.activiti.engine.impl.bpmn.parser.factory.DefaultActivityBehaviorFactory)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
IdentityService(org.activiti.engine.IdentityService)
WorkflowDeploymentDto(eu.bcvsolutions.idm.core.workflow.api.dto.WorkflowDeploymentDto)
Rule(org.junit.Rule)
LookupService(eu.bcvsolutions.idm.core.api.service.LookupService)
IdmAuthorityUtils(eu.bcvsolutions.idm.core.security.api.utils.IdmAuthorityUtils)
WorkflowDeploymentService(eu.bcvsolutions.idm.core.workflow.api.service.WorkflowDeploymentService)
Ignore(org.junit.Ignore)
ModuleService(eu.bcvsolutions.idm.core.api.service.ModuleService)
IdmGroupPermission(eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
InputStream(java.io.InputStream)
Before(org.junit.Before)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Aggregations
IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)14
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)10
Test (org.junit.Test)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
ModuleService (eu.bcvsolutions.idm.core.api.service.ModuleService)4
IdmGroupPermission (eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission)4
IdmAuthorityUtils (eu.bcvsolutions.idm.core.security.api.utils.IdmAuthorityUtils)4
AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)4
Collection (java.util.Collection)4
Collectors (java.util.stream.Collectors)4
Before (org.junit.Before)4
Autowired (org.springframework.beans.factory.annotation.Autowired)4
SecurityContextHolder (org.springframework.security.core.context.SecurityContextHolder)4
InitTestData (eu.bcvsolutions.idm.InitTestData)2
AbstractCoreWorkflowIntegrationTest (eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest)2
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)2
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)2
RoleRequestException (eu.bcvsolutions.idm.core.api.exception.RoleRequestException)2
IdmConfigurationService (eu.bcvsolutions.idm.core.api.service.IdmConfigurationService)2
IdmIdentityRoleService (eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)2
