Examples with HandlerResult org.codice.ddf.security.handler.api.HandlerResult used on opensource projects

Example 66 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class LoginFilterTest method testBadToken.

@Test
public void testBadToken() throws Exception {
    HandlerResult result = new HandlerResultImpl(HandlerResult.Status.COMPLETED, badAuthenticationTokenMock);
    when(requestMock.getAttribute(AUTHENTICATION_TOKEN_KEY)).thenReturn(result);
    loginFilter.doFilter(requestMock, responseMock, FAIL_FILTER_CHAIN);
    verify(requestMock, times(0)).setAttribute(any(), any());
}

Example 67 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class WebSSOFilterTest method testDoFilterWithRedirected.

@Test
public void testDoFilterWithRedirected() throws AuthenticationException, IOException {
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    when(policyManager.getSessionAccess()).thenReturn(false);
    WebSSOFilter filter = new WebSSOFilter();
    // set handlers
    AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
    HandlerResult noActionResult = mock(HandlerResult.class);
    when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
    HandlerResult redirectedResult = mock(HandlerResult.class);
    when(redirectedResult.getStatus()).thenReturn(Status.REDIRECTED);
    when(redirectedResult.getToken()).thenReturn(null);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(redirectedResult);
    filter.setContextPolicyManager(policyManager);
    filter.setHandlerList(Collections.singletonList(handler1));
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    try {
        filter.doFilter(request, response, filterChain);
    } catch (AuthenticationException e) {
    }
    // the next filter should NOT be called
    verify(filterChain, never()).doFilter(request, response);
    verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}

Example 68 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class WebSSOFilterTest method testDoFilterResolvingOnSecondCall.

@Test
public void testDoFilterResolvingOnSecondCall() throws IOException, AuthenticationException {
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    when(policyManager.getSessionAccess()).thenReturn(false);
    WebSSOFilter filter = new WebSSOFilter();
    // set handlers
    AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
    when(handler1.getAuthenticationType()).thenReturn("basic");
    HandlerResult noActionResult = mock(HandlerResult.class);
    when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
    HandlerResult completedResult = mock(HandlerResult.class);
    when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
    when(completedResult.getToken()).thenReturn(null);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(completedResult);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
    filter.setContextPolicyManager(policyManager);
    filter.setHandlerList(Collections.singletonList(handler1));
    filter.setSecurityLogger(mock(SecurityLogger.class));
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    try {
        filter.doFilter(request, response, filterChain);
    } catch (AuthenticationException e) {
    }
    verify(handler1, times(2)).getNormalizedToken(any(HttpServletRequest.class), any(HttpServletResponse.class), any(SecurityFilterChain.class), anyBoolean());
    // the next filter should NOT be called
    verify(filterChain, never()).doFilter(request, response);
    verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}

Example 69 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class WebSSOFilterTest method testDoFilterGetResultFromSession.

@Test
public void testDoFilterGetResultFromSession() throws Exception {
    PrincipalCollection principalCollectionMock = mock(PrincipalCollection.class);
    when(principalCollectionMock.byType(any())).thenReturn(Collections.singletonList("principal"));
    PrincipalHolder principalHolderMock = mock(PrincipalHolder.class);
    when(principalHolderMock.getPrincipals()).thenReturn(principalCollectionMock);
    HttpSession sessionMock = mock(HttpSession.class);
    when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
    HttpServletRequest requestMock = mock(HttpServletRequest.class);
    when(requestMock.getSession(any(Boolean.class))).thenReturn(sessionMock);
    when(requestMock.getRequestURI()).thenReturn(MOCK_CONTEXT);
    when(requestMock.getRequestedSessionId()).thenReturn("JSESSIONID");
    HttpServletResponse responseMock = mock(HttpServletResponse.class);
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getSessionAccess()).thenReturn(true);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
    when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
    AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
    when(handlerMock.getAuthenticationType()).thenReturn("basic");
    HandlerResult completedResult = mock(HandlerResult.class);
    when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
    when(completedResult.getToken()).thenReturn(mock(BaseAuthenticationToken.class));
    when(handlerMock.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), anyBoolean())).thenReturn(completedResult);
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    WebSSOFilter filter = new WebSSOFilter();
    filter.setContextPolicyManager(policyManager);
    filter.setHandlerList(Collections.singletonList(handlerMock));
    filter.doFilter(requestMock, responseMock, filterChain);
    verify(sessionMock, times(1)).getAttribute(SECURITY_TOKEN_KEY);
    verify(handlerMock, times(0)).getNormalizedToken(any(), any(), any(), anyBoolean());
    verify(requestMock, times(1)).setAttribute(eq(AUTHENTICATION_TOKEN_KEY), any());
}

Example 70 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class BasicAuthenticationHandler method getNormalizedToken.

/**
 * Processes the incoming request to retrieve the username/password tokens. Handles responding to
 * the client that authentication is needed if they are not present in the request. Returns the
 * {@link org.codice.ddf.security.handler.api.HandlerResult} for the HTTP Request.
 *
 * @param request http request to obtain attributes from and to pass into any local filter chains
 *     required
 * @param response http response to return http responses or redirects
 * @param chain original filter chain (should not be called from your handler)
 * @param resolve flag with true implying that credentials should be obtained, false implying
 *     return if no credentials are found.
 * @return
 */
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, SecurityFilterChain chain, boolean resolve) {
    HandlerResult handlerResult = new HandlerResultImpl(HandlerResult.Status.NO_ACTION, null);
    handlerResult.setSource(SOURCE);
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String path = httpRequest.getServletPath();
    LOGGER.debug("Handling request for path {}", path);
    LOGGER.debug("Doing authentication and authorization for path {}", path);
    AuthenticationToken token = extractAuthenticationInfo(httpRequest);
    // we found credentials, attach to result and return with completed status
    if (token != null) {
        handlerResult.setToken(token);
        handlerResult.setStatus(HandlerResult.Status.COMPLETED);
        return handlerResult;
    }
    // prompt for credentials since we didn't find any
    doAuthPrompt((HttpServletResponse) response);
    handlerResult.setStatus(HandlerResult.Status.REDIRECTED);
    return handlerResult;
}