Example 31 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class BasicAuthenticationFilterTests method setUp.
// ~ Methods
// ========================================================================================================
@Before
public void setUp() throws Exception {
SecurityContextHolder.clearContext();
UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));
manager = mock(AuthenticationManager.class);
when(manager.authenticate(rodRequest)).thenReturn(rod);
when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Before(org.junit.Before)
Example 32 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class PreAuthenticatedAuthenticationProviderTests method authenticateInvalidToken.
@Test
public final void authenticateInvalidToken() throws Exception {
UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new UsernamePasswordAuthenticationToken("dummyUser", "dummyPwd");
Authentication result = provider.authenticate(request);
assertThat(result).isNull();
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
User(org.springframework.security.core.userdetails.User)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 33 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.
the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.
@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
request.setParameter("grant_type", "password");
Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
filter.doFilter(request, response, chain);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
assertTrue(authentication instanceof OAuth2Authentication);
assertFalse(authentication.isAuthenticated());
}
Also used :
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 34 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.
the class TokenEndpointTests method testGetAccessTokenWithNoClientId.
@Test
public void testGetAccessTokenWithNoClientId() throws HttpRequestMethodNotSupportedException {
HashMap<String, String> parameters = new HashMap<String, String>();
parameters.put(OAuth2Utils.GRANT_TYPE, "authorization_code");
OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
@SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
clientAuthentication = new UsernamePasswordAuthenticationToken(null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT")));
ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
assertNotNull(response);
assertEquals(HttpStatus.OK, response.getStatusCode());
OAuth2AccessToken body = response.getBody();
assertEquals(body, expectedToken);
assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
HashMap(java.util.HashMap)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
TokenRequest(org.springframework.security.oauth2.provider.TokenRequest)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
Test(org.junit.Test)
Example 35 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.
the class OAuth2MethodSecurityExpressionHandlerTests method testNonOauthClient.
@Test
public void testNonOauthClient() throws Exception {
Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testNonOauthClient"));
EvaluationContext context = handler.createEvaluationContext(clientAuthentication, invocation);
Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole()");
assertFalse((Boolean) expression.getValue(context));
}
Also used :
SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation)
Expression(org.springframework.expression.Expression)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
EvaluationContext(org.springframework.expression.EvaluationContext)
Test(org.junit.Test)
Aggregations
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309
Test (org.junit.Test)156
Authentication (org.springframework.security.core.Authentication)114
GrantedAuthority (org.springframework.security.core.GrantedAuthority)37
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34
UserDetails (org.springframework.security.core.userdetails.UserDetails)33
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
SecurityContext (org.springframework.security.core.context.SecurityContext)21
AuthenticationException (org.springframework.security.core.AuthenticationException)20
User (org.springframework.security.core.userdetails.User)17
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15
ArrayList (java.util.ArrayList)14
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11
Before (org.junit.Before)8
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8
