Example 26 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method targetShouldAllowProtectedMethodInvocationWithCorrectRole.
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
loadContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
// SEC-1213. Check the order
Advisor[] advisors = ((Advised) target).getAdvisors();
assertThat(advisors.length).isEqualTo(1);
assertThat(((MethodSecurityMetadataSourceAdvisor) advisors[0]).getOrder()).isEqualTo(1001);
}
Also used :
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
Advised(org.springframework.aop.framework.Advised)
Advisor(org.springframework.aop.Advisor)
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 27 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method supportsMethodArgumentsInPointcut.
@Test
public void supportsMethodArgumentsInPointcut() {
setContext("<b:bean id='target' class='org.springframework.security.access.annotation.BusinessServiceImpl'/>" + "<global-method-security>" + " <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.someOther(String))' access='ROLE_ADMIN'/>" + " <protect-pointcut expression='execution(* org.springframework.security.access.annotation.BusinessService.*(..))' access='ROLE_USER'/>" + "</global-method-security>" + ConfigTestUtils.AUTH_PROVIDER_XML);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
target = (BusinessService) appContext.getBean("target");
// someOther(int) should not be matched by someOther(String), but should require
// ROLE_USER
target.someOther(0);
try {
// String version should required admin role
target.someOther("somestring");
fail("Expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 28 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method worksWithAspectJAutoproxy.
@Test(expected = AccessDeniedException.class)
public void worksWithAspectJAutoproxy() {
setContext("<global-method-security>" + " <protect-pointcut expression='execution(* org.springframework.security.config.*Service.*(..))'" + " access='ROLE_SOMETHING' />" + "</global-method-security>" + "<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" + "<aop:aspectj-autoproxy />" + "<authentication-manager>" + " <authentication-provider user-service-ref='myUserService'/>" + "</authentication-manager>");
UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
SecurityContextHolder.getContext().setAuthentication(token);
service.loadUserByUsername("notused");
}
Also used :
UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService)
PostProcessedMockUserDetailsService(org.springframework.security.config.PostProcessedMockUserDetailsService)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 29 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class InterceptMethodsBeanDefinitionDecoratorTests method targetShouldAllowProtectedMethodInvocationWithCorrectRole.
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(token);
target.doSomething();
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 30 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class SecuredAnnotationDrivenBeanDefinitionParserTests method targetShouldAllowProtectedMethodInvocationWithCorrectRole.
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Aggregations
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)293
Test (org.junit.Test)149
Authentication (org.springframework.security.core.Authentication)110
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)33
GrantedAuthority (org.springframework.security.core.GrantedAuthority)33
UserDetails (org.springframework.security.core.userdetails.UserDetails)32
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)22
AuthenticationException (org.springframework.security.core.AuthenticationException)18
User (org.springframework.security.core.userdetails.User)16
SecurityContext (org.springframework.security.core.context.SecurityContext)15
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11
ArrayList (java.util.ArrayList)10
Before (org.junit.Before)8
AccessDeniedException (org.springframework.security.access.AccessDeniedException)8
