Example 11 with SecurityFilterChain
use of org.codice.ddf.platform.filter.SecurityFilterChain in project ddf by codice.
the class BasicAuthenticationHandlerTest method testGetNormalizedTokenNoResolveCompleted.
/**
* This test case handles the scenario in which the credentials are not to be obtained (i.e.
* resolve flag is not set) and the UsernameTokenType was successfully created from the HTTP
* request.
*/
@Test
public void testGetNormalizedTokenNoResolveCompleted() throws Exception {
BasicAuthenticationHandler handler = new BasicAuthenticationHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
SecurityFilterChain chain = mock(SecurityFilterChain.class);
when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()));
HandlerResult result = handler.getNormalizedToken(request, response, chain, false);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
assertEquals("admin", getAttributeValue(result.getToken(), USERNAME_ATTR));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 12 with SecurityFilterChain
use of org.codice.ddf.platform.filter.SecurityFilterChain in project ddf by codice.
the class BasicAuthenticationHandlerTest method testGetNormalizedTokenResolveCompleted.
/**
* This test case handles the scenario in which the credentials should be obtained (i.e. resolve
* flag is set) and UsernameTokenType was created from the HTTP request.
*/
@Test
public void testGetNormalizedTokenResolveCompleted() throws Exception {
BasicAuthenticationHandler handler = new BasicAuthenticationHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
SecurityFilterChain chain = mock(SecurityFilterChain.class);
when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()));
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
assertEquals("admin", getAttributeValue(result.getToken(), USERNAME_ATTR));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 13 with SecurityFilterChain
use of org.codice.ddf.platform.filter.SecurityFilterChain in project ddf by codice.
the class JettyAuthenticatorTest method registerSecurityFilter.
private SecurityFilter registerSecurityFilter(Dictionary serviceProperties) throws IOException, AuthenticationException {
final SecurityFilter securityFilter = mock(SecurityFilter.class);
Mockito.doAnswer(invocation -> {
Object[] args = invocation.getArguments();
((SecurityFilterChain) args[2]).doFilter(((ServletRequest) args[0]), ((ServletResponse) args[1]));
return null;
}).when(securityFilter).doFilter(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class));
final MockServiceReference securityFilterServiceReference = new MockServiceReference();
securityFilterServiceReference.setProperties(serviceProperties);
when(bundleContext.getService(securityFilterServiceReference)).thenReturn(securityFilter);
registeredSecurityFilterServiceReferences.add(securityFilterServiceReference);
return securityFilter;
}
Also used :
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
ServletRequest(javax.servlet.ServletRequest)
ServletResponse(javax.servlet.ServletResponse)
MockServiceReference(org.springframework.osgi.mock.MockServiceReference)
SecurityFilter(org.codice.ddf.platform.filter.SecurityFilter)
Example 14 with SecurityFilterChain
use of org.codice.ddf.platform.filter.SecurityFilterChain in project ddf by codice.
the class WebSSOFilterTest method testDoFilterWithRedirected.
@Test
public void testDoFilterWithRedirected() throws AuthenticationException, IOException {
ContextPolicy testPolicy = mock(ContextPolicy.class);
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
when(policyManager.getSessionAccess()).thenReturn(false);
WebSSOFilter filter = new WebSSOFilter();
// set handlers
AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
HandlerResult noActionResult = mock(HandlerResult.class);
when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
HandlerResult redirectedResult = mock(HandlerResult.class);
when(redirectedResult.getStatus()).thenReturn(Status.REDIRECTED);
when(redirectedResult.getToken()).thenReturn(null);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(redirectedResult);
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handler1));
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
try {
filter.doFilter(request, response, filterChain);
} catch (AuthenticationException e) {
}
// the next filter should NOT be called
verify(filterChain, never()).doFilter(request, response);
verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
Test(org.junit.Test)
Example 15 with SecurityFilterChain
use of org.codice.ddf.platform.filter.SecurityFilterChain in project ddf by codice.
the class WebSSOFilterTest method testDoFilterReturnsStatusCode503WhenNoHandlersRegisteredAndGuestAccessDisabled.
@Test
public void testDoFilterReturnsStatusCode503WhenNoHandlersRegisteredAndGuestAccessDisabled() throws IOException, AuthenticationException {
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
when(policyManager.getGuestAccess()).thenReturn(false);
when(policyManager.getSessionAccess()).thenReturn(true);
WebSSOFilter filter = new WebSSOFilter();
filter.setContextPolicyManager(policyManager);
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
filter.doFilter(request, response, filterChain);
verify(response).setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
verify(response).flushBuffer();
verify(filterChain, never()).doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
Test(org.junit.Test)
Aggregations
SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)21
HttpServletRequest (javax.servlet.http.HttpServletRequest)20
Test (org.junit.Test)20
HttpServletResponse (javax.servlet.http.HttpServletResponse)19
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)15
ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)11
ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)9
ServletRequest (javax.servlet.ServletRequest)6
ServletResponse (javax.servlet.ServletResponse)6
AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)6
SecurityLogger (ddf.security.audit.SecurityLogger)5
AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)5
SecurityConstants (ddf.security.SecurityConstants)4
Subject (ddf.security.Subject)4
CollectionPermission (ddf.security.permission.CollectionPermission)4
CollectionPermissionImpl (ddf.security.permission.impl.CollectionPermissionImpl)4
KeyValuePermissionImpl (ddf.security.permission.impl.KeyValuePermissionImpl)4
IOException (java.io.IOException)4
Collection (java.util.Collection)4
Collections (java.util.Collections)4
