Example 21 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class AuthenticationConfigurationGh3935Tests method delegateUsesExisitingAuthentication.
@Test
public void delegateUsesExisitingAuthentication() {
String username = "user";
String password = "password";
User user = new User(username, password, AuthorityUtils.createAuthorityList("ROLE_USER"));
when(this.uds.loadUserByUsername(username)).thenReturn(user);
AuthenticationManager authenticationManager = this.adapter.authenticationManager;
assertThat(authenticationManager).isNotNull();
Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
verify(this.uds).loadUserByUsername(username);
assertThat(auth.getPrincipal()).isEqualTo(user);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
User(org.springframework.security.core.userdetails.User)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 22 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class AuthenticationManagerBeanDefinitionParserTests method eventsArePublishedByDefault.
@Test
public void eventsArePublishedByDefault() throws Exception {
setContext(CONTEXT);
AuthListener listener = new AuthListener();
appContext.addApplicationListener(listener);
ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
assertThat(eventPublisher).isNotNull();
assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue();
pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
assertThat(listener.events).hasSize(1);
}
Also used :
DefaultAuthenticationEventPublisher(org.springframework.security.authentication.DefaultAuthenticationEventPublisher)
ProviderManager(org.springframework.security.authentication.ProviderManager)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 23 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class JdbcUserServiceBeanDefinitionParserTests method cacheIsInjectedIntoAuthenticationProvider.
@Test
public void cacheIsInjectedIntoAuthenticationProvider() {
setContext("<authentication-manager>" + " <authentication-provider>" + " <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>" + " </authentication-provider>" + "</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
ProviderManager mgr = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
assertThat(appContext.getBean("userCache")).isSameAs(provider.getUserCache());
provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
assertThat(provider.getUserCache().getUserFromCache("rod")).isNotNull().withFailMessage("Cache should contain user after authentication");
}
Also used :
DaoAuthenticationProvider(org.springframework.security.authentication.dao.DaoAuthenticationProvider)
ProviderManager(org.springframework.security.authentication.ProviderManager)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 24 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method supportsExternalMetadataSource.
@Test
@SuppressWarnings("unchecked")
public void supportsExternalMetadataSource() throws Exception {
setContext("<b:bean id='target' class='" + ConcreteFoo.class.getName() + "'/>" + "<method-security-metadata-source id='mds'>" + " <protect method='" + Foo.class.getName() + ".foo' access='ROLE_ADMIN'/>" + "</method-security-metadata-source>" + "<global-method-security pre-post-annotations='enabled' metadata-source-ref='mds'/>" + AUTH_PROVIDER_XML);
// External MDS should take precedence over PreAuthorize
SecurityContextHolder.getContext().setAuthentication(bob);
Foo foo = (Foo) appContext.getBean("target");
try {
foo.foo(new SecurityConfig("A"));
fail("Bob can't invoke admin methods");
} catch (AccessDeniedException expected) {
}
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
foo.foo(new SecurityConfig("A"));
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityConfig(org.springframework.security.access.SecurityConfig)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 25 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method worksWithoutTargetOrClass.
// SEC-936
@Test(expected = AccessDeniedException.class)
public void worksWithoutTargetOrClass() {
setContext("<global-method-security secured-annotations='enabled'/>" + "<b:bean id='businessService' class='org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean'>" + " <b:property name='serviceUrl' value='http://localhost:8080/SomeService'/>" + " <b:property name='serviceInterface' value='org.springframework.security.access.annotation.BusinessService'/>" + "</b:bean>" + AUTH_PROVIDER_XML);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
target = (BusinessService) appContext.getBean("businessService");
target.someUserMethod1();
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Aggregations
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)293
Test (org.junit.Test)149
Authentication (org.springframework.security.core.Authentication)110
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)33
GrantedAuthority (org.springframework.security.core.GrantedAuthority)33
UserDetails (org.springframework.security.core.userdetails.UserDetails)32
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)22
AuthenticationException (org.springframework.security.core.AuthenticationException)18
User (org.springframework.security.core.userdetails.User)16
SecurityContext (org.springframework.security.core.context.SecurityContext)15
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11
ArrayList (java.util.ArrayList)10
Before (org.junit.Before)8
AccessDeniedException (org.springframework.security.access.AccessDeniedException)8
