Example 36 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class AbstractHashedCredentialsMatcherTest method testBasic.
@Test
public void testBasic() {
CredentialsMatcher matcher = (CredentialsMatcher) ClassUtils.newInstance(getMatcherClass());
byte[] hashed = hash("password").getBytes();
AuthenticationInfo account = new SimpleAuthenticationInfo("username", hashed, "realmName");
AuthenticationToken token = new UsernamePasswordToken("username", "password");
assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used :
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Example 37 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class HashedCredentialsMatcherTest method testBackwardsCompatibleUnsaltedAuthenticationInfo.
/**
* Test backwards compatibility of unsalted credentials before
* <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
*/
@Test
public void testBackwardsCompatibleUnsaltedAuthenticationInfo() {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
// simulate an account with SHA-1 hashed password (no salt)
final String username = "username";
final String password = "password";
final Object hashedPassword = new Sha1Hash(password).getBytes();
AuthenticationInfo account = new AuthenticationInfo() {
public PrincipalCollection getPrincipals() {
return new SimplePrincipalCollection(username, "realmName");
}
public Object getCredentials() {
return hashedPassword;
}
};
// simulate a username/password (plaintext) token created in response to a login attempt:
AuthenticationToken token = new UsernamePasswordToken("username", "password");
// verify the hashed token matches what is in the account:
assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used :
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
Sha1Hash(org.apache.shiro.crypto.hash.Sha1Hash)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Example 38 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class BasicHttpFilterAuthenticationTest method createTokenNoPassword.
@Test
public void createTokenNoPassword() throws Exception {
testFilter = new BasicHttpAuthenticationFilter();
HttpServletRequest request = createMock(HttpServletRequest.class);
expect(request.getHeader("Authorization")).andReturn(createAuthorizationHeader("pedro", ""));
expect(request.getRemoteHost()).andReturn("localhost");
HttpServletResponse response = createMock(HttpServletResponse.class);
replay(request);
replay(response);
AuthenticationToken token = testFilter.createToken(request, response);
assertNotNull(token);
assertTrue("Token is not a username and password token.", token instanceof UsernamePasswordToken);
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
assertEquals("pedro", upToken.getUsername());
assertEquals("Password is not empty.", 0, upToken.getPassword().length);
verify(request);
verify(response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Example 39 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class AuthorizationFilterTest method testUserOnAccessDeniedWithResponseError.
@Test
public void testUserOnAccessDeniedWithResponseError() throws IOException {
// Tests when a user (known identity) is denied access and no unauthorizedUrl has been configured.
// This should trigger an HTTP response error code.
// log in the user using the account provided by the superclass for tests:
SecurityUtils.getSubject().login(new UsernamePasswordToken("test", "test"));
AuthorizationFilter filter = new AuthorizationFilter() {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
// for this test case
return false;
}
};
HttpServletRequest request = createNiceMock(HttpServletRequest.class);
HttpServletResponse response = createNiceMock(HttpServletResponse.class);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
replay(response);
filter.onAccessDenied(request, response);
verify(response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletResponse(javax.servlet.ServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Example 40 with UsernamePasswordToken
use of org.apache.shiro.authc.UsernamePasswordToken in project shiro by apache.
the class CookieRememberMeManagerTest method onSuccessfulLogin.
@Test
public void onSuccessfulLogin() {
HttpServletRequest mockRequest = createNiceMock(HttpServletRequest.class);
HttpServletResponse mockResponse = createNiceMock(HttpServletResponse.class);
WebSubject mockSubject = createNiceMock(WebSubject.class);
expect(mockSubject.getServletRequest()).andReturn(mockRequest).anyTimes();
expect(mockSubject.getServletResponse()).andReturn(mockResponse).anyTimes();
CookieRememberMeManager mgr = new CookieRememberMeManager();
org.apache.shiro.web.servlet.Cookie cookie = createMock(org.apache.shiro.web.servlet.Cookie.class);
mgr.setCookie(cookie);
// first remove any previous cookie
cookie.removeFrom(isA(HttpServletRequest.class), isA(HttpServletResponse.class));
// then ensure a new cookie is created by reading the template's attributes:
expect(cookie.getName()).andReturn("rememberMe");
expect(cookie.getValue()).andReturn(null);
expect(cookie.getComment()).andReturn(null);
expect(cookie.getDomain()).andReturn(null);
expect(cookie.getPath()).andReturn(null);
expect(cookie.getMaxAge()).andReturn(SimpleCookie.DEFAULT_MAX_AGE);
expect(cookie.getVersion()).andReturn(SimpleCookie.DEFAULT_VERSION);
expect(cookie.isSecure()).andReturn(false);
expect(cookie.isHttpOnly()).andReturn(true);
UsernamePasswordToken token = new UsernamePasswordToken("user", "secret");
token.setRememberMe(true);
AuthenticationInfo account = new SimpleAuthenticationInfo("user", "secret", "test");
replay(mockSubject);
replay(mockRequest);
replay(cookie);
mgr.onSuccessfulLogin(mockSubject, token, account);
verify(mockRequest);
verify(mockSubject);
verify(cookie);
}
Also used :
ShiroHttpServletRequest(org.apache.shiro.web.servlet.ShiroHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebSubject(org.apache.shiro.web.subject.WebSubject)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Aggregations
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)114
Subject (org.apache.shiro.subject.Subject)50
Test (org.junit.Test)30
AuthenticationException (org.apache.shiro.authc.AuthenticationException)28
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)27
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)17
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)15
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)11
Test (org.testng.annotations.Test)11
LockedAccountException (org.apache.shiro.authc.LockedAccountException)10
IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)9
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)7
DelegatingSubject (org.apache.shiro.subject.support.DelegatingSubject)7
Session (org.apache.shiro.session.Session)6
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)6
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)4
AbstractQi4jTest (org.qi4j.test.AbstractQi4jTest)4
