Examples with UsernamePasswordCredentials org.pac4j.core.credentials.UsernamePasswordCredentials used on opensource projects

Search in sources :

Example 81 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyUnknownDigest.

@Test
public void verifyUnknownDigest() throws Exception {
    val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
    val credentials = new UsernamePasswordCredentials("clientWithoutSecret", "ABCD123");
    val request = new MockHttpServletRequest();
    val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "unknown", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
    ticketRegistry.addTicket(ticket);
    request.addParameter(OAuth20Constants.CLIENT_ID, "clientWithoutSecret");
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CODE, ticket.getId());
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    assertThrows(CredentialsException.class, () -> authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE));
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) JEEContext(org.pac4j.jee.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 82 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationPlainWithSecretTransmittedByFormAuthn.

@Test
public void verifyAuthenticationPlainWithSecretTransmittedByFormAuthn() throws Exception {
    val credentials = new UsernamePasswordCredentials("client", "ABCD123");
    val request = new MockHttpServletRequest();
    ticketRegistry.addTicket(new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), "ABCD123", "plain", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE));
    request.addParameter(OAuth20Constants.CLIENT_ID, "client");
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
    request.addParameter(OAuth20Constants.CODE, "CODE-1234567890");
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("client", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) ArrayList(java.util.ArrayList) JEEContext(org.pac4j.jee.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 83 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OAuth20ProofKeyCodeExchangeAuthenticatorTests method verifyAuthenticationHashedWithSecretTransmittedByFormAuthn.

@Test
public void verifyAuthenticationHashedWithSecretTransmittedByFormAuthn() throws Exception {
    val hash = EncodingUtils.encodeUrlSafeBase64(DigestUtils.rawDigestSha256("ABCD123"));
    val credentials = new UsernamePasswordCredentials("client", "ABCD123");
    val request = new MockHttpServletRequest();
    val ticket = new OAuth20DefaultCode("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10), new MockTicketGrantingTicket("casuser"), new ArrayList<>(), hash, "s256", "clientid12345", new HashMap<>(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
    ticketRegistry.addTicket(ticket);
    request.addParameter(OAuth20Constants.CLIENT_ID, "client");
    request.addParameter(OAuth20Constants.CODE_VERIFIER, "ABCD123");
    request.addParameter(OAuth20Constants.CLIENT_SECRET, "secret");
    request.addParameter(OAuth20Constants.CODE, ticket.getId());
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("client", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy) JEEContext(org.pac4j.jee.context.JEEContext) OAuth20DefaultCode(org.apereo.cas.ticket.code.OAuth20DefaultCode) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 84 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OAuth20RefreshTokenAuthenticatorTests method verifyAuthentication.

@RetryingTest(3)
public void verifyAuthentication() throws Exception {
    val refreshToken = getRefreshToken(serviceWithoutSecret);
    ticketRegistry.addTicket(refreshToken);
    val credentials = new UsernamePasswordCredentials("clientWithoutSecret", refreshToken.getId());
    val request = new MockHttpServletRequest();
    request.addParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name());
    request.addParameter(OAuth20Constants.REFRESH_TOKEN, refreshToken.getId());
    request.addParameter(OAuth20Constants.CLIENT_ID, "clientWithoutSecret");
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("clientWithoutSecret", credentials.getUserProfile().getId());
    val badRefreshTokenCredentials = new UsernamePasswordCredentials("clientWithoutSecret", "badRefreshToken");
    val badRefreshTokenRequest = new MockHttpServletRequest();
    badRefreshTokenRequest.addParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name());
    badRefreshTokenRequest.addParameter(OAuth20Constants.REFRESH_TOKEN, "badRefreshToken");
    badRefreshTokenRequest.addParameter(OAuth20Constants.CLIENT_ID, "clientWithoutSecret");
    val badRefreshTokenCtx = new JEEContext(badRefreshTokenRequest, new MockHttpServletResponse());
    assertThrows(CredentialsException.class, () -> authenticator.validate(badRefreshTokenCredentials, badRefreshTokenCtx, JEESessionStore.INSTANCE));
    val badClientIdCredentials = new UsernamePasswordCredentials("clientWithoutSecret2", refreshToken.getId());
    val badClientIdRequest = new MockHttpServletRequest();
    badClientIdRequest.addParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name());
    badClientIdRequest.addParameter(OAuth20Constants.REFRESH_TOKEN, refreshToken.getId());
    badClientIdRequest.addParameter(OAuth20Constants.CLIENT_ID, "clientWithoutSecret2");
    val badClientIdCtx = new JEEContext(badClientIdRequest, new MockHttpServletResponse());
    assertThrows(CredentialsException.class, () -> authenticator.validate(badClientIdCredentials, badClientIdCtx, JEESessionStore.INSTANCE));
    val unsupportedClientRefreshToken = getRefreshToken(service);
    ticketRegistry.addTicket(unsupportedClientRefreshToken);
    val unsupportedClientCredentials = new UsernamePasswordCredentials("client", refreshToken.getId());
    val unsupportedClientRequest = new MockHttpServletRequest();
    unsupportedClientRequest.addParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name());
    unsupportedClientRequest.addParameter(OAuth20Constants.REFRESH_TOKEN, unsupportedClientRefreshToken.getId());
    unsupportedClientRequest.addParameter(OAuth20Constants.CLIENT_ID, "client");
    val unsupportedClientCtx = new JEEContext(unsupportedClientRequest, new MockHttpServletResponse());
    authenticator.validate(unsupportedClientCredentials, unsupportedClientCtx, JEESessionStore.INSTANCE);
    assertNull(unsupportedClientCredentials.getUserProfile());
    val unknownClientCredentials = new UsernamePasswordCredentials("unknownclient", refreshToken.getId());
    val unknownclientRequest = new MockHttpServletRequest();
    unknownclientRequest.addParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name());
    unknownclientRequest.addParameter(OAuth20Constants.REFRESH_TOKEN, unsupportedClientRefreshToken.getId());
    unknownclientRequest.addParameter(OAuth20Constants.CLIENT_ID, "unknownclient");
    val unknownclientCtx = new JEEContext(unknownclientRequest, new MockHttpServletResponse());
    authenticator.validate(unknownClientCredentials, unknownclientCtx, JEESessionStore.INSTANCE);
    assertNull(unknownClientCredentials.getUserProfile());
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.jee.context.JEEContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) RetryingTest(org.junitpioneer.jupiter.RetryingTest)

Example 85 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OAuth20UsernamePasswordAuthenticatorTests method verifyAcceptedCredentialsWithClientSecretWithBasicAuth.

@Test
public void verifyAcceptedCredentialsWithClientSecretWithBasicAuth() {
    val credentials = new UsernamePasswordCredentials("casuser", "casuser");
    val request = new MockHttpServletRequest();
    val headers = HttpUtils.createBasicAuthHeaders("client", "secret");
    val authz = headers.get(AUTHORIZATION);
    assertNotNull(authz);
    request.addHeader(AUTHORIZATION, authz);
    val ctx = new JEEContext(request, new MockHttpServletResponse());
    authenticator.validate(credentials, ctx, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
    assertEquals("casuser", credentials.getUserProfile().getId());
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.jee.context.JEEContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Aggregations

UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)91 lombok.val (lombok.val)35 Test (org.junit.Test)25 JEEContext (org.pac4j.jee.context.JEEContext)24 CommonProfile (org.pac4j.core.profile.CommonProfile)23 Test (org.junit.jupiter.api.Test)21 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)21 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)21 MockSessionStore (org.pac4j.core.context.session.MockSessionStore)17 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)10 BasicAuthExtractor (org.pac4j.core.credentials.extractor.BasicAuthExtractor)10 OAuth20DefaultCode (org.apereo.cas.ticket.code.OAuth20DefaultCode)8 HardTimeoutExpirationPolicy (org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy)8 HashMap (java.util.HashMap)7 SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)7 Map (java.util.Map)6 WebContext (org.pac4j.core.context.WebContext)5 UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)4 CasRestProfile (org.pac4j.cas.profile.CasRestProfile)4 CredentialsException (org.pac4j.core.exception.CredentialsException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial