Example 6 with AnonymousAuthenticationToken
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class AnonymousAuthenticationProviderTests method testNormalOperation.
@Test
public void testNormalOperation() throws Exception {
AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
Authentication result = aap.authenticate(token);
assertThat(token).isEqualTo(result);
}
Also used :
Authentication(org.springframework.security.core.Authentication)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)
Example 7 with AnonymousAuthenticationToken
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class AnonymousAuthenticationTokenTests method testNotEqualsDueToKey.
@Test
public void testNotEqualsDueToKey() {
AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
assertThat(token1.equals(token2)).isFalse();
}
Also used :
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
Test(org.junit.Test)
Example 8 with AnonymousAuthenticationToken
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security-oauth by spring-projects.
the class AccessTokenProviderChain method obtainAccessToken.
public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
OAuth2AccessToken accessToken = null;
OAuth2AccessToken existingToken = null;
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof AnonymousAuthenticationToken) {
if (!resource.isClientOnly()) {
throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
}
}
if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {
existingToken = request.getExistingToken();
if (existingToken == null && clientTokenServices != null) {
existingToken = clientTokenServices.getAccessToken(resource, auth);
}
if (existingToken != null) {
if (existingToken.isExpired()) {
if (clientTokenServices != null) {
clientTokenServices.removeAccessToken(resource, auth);
}
OAuth2RefreshToken refreshToken = existingToken.getRefreshToken();
if (refreshToken != null) {
accessToken = refreshAccessToken(resource, refreshToken, request);
}
} else {
accessToken = existingToken;
}
}
}
if (accessToken == null) {
// looks like we need to try to obtain a new token.
accessToken = obtainNewAccessTokenInternal(resource, request);
if (accessToken == null) {
throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
}
}
if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
clientTokenServices.saveAccessToken(resource, auth, accessToken);
}
return accessToken;
}
Also used :
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
Authentication(org.springframework.security.core.Authentication)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Example 9 with AnonymousAuthenticationToken
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class AnonymousAuthenticationTokenMixinTests method serializeAnonymousAuthenticationTokenTest.
// @formatter:on
@Test
public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
User user = createDefaultUser();
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
String actualJson = mapper.writeValueAsString(token);
JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true);
}
Also used :
User(org.springframework.security.core.userdetails.User)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
Test(org.junit.Test)
Example 10 with AnonymousAuthenticationToken
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class ExceptionTranslationFilterTests method testAccessDeniedWhenAnonymous.
@Test
public void testAccessDeniedWhenAnonymous() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/secure/page.html");
request.setServerPort(80);
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class);
doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is
// anonymous
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
// Test
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)40
Test (org.junit.Test)20
Authentication (org.springframework.security.core.Authentication)13
GrantedAuthority (org.springframework.security.core.GrantedAuthority)7
ArrayList (java.util.ArrayList)6
Before (org.junit.Before)6
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
AccessDeniedException (org.springframework.security.access.AccessDeniedException)2
AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)2
User (org.springframework.security.core.userdetails.User)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2
SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
