Search in sources :

Example 91 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class OAuth2AuthorizationCodeGrantFilterTests method doFilterWhenAuthorizationSucceedsAndAnonymousAccessThenAuthorizedClientSavedToHttpSession.

@Test
public void doFilterWhenAuthorizationSucceedsAndAnonymousAccessThenAuthorizedClientSavedToHttpSession() throws Exception {
    AnonymousAuthenticationToken anonymousPrincipal = new AnonymousAuthenticationToken("key-1234", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
    SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
    securityContext.setAuthentication(anonymousPrincipal);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest authorizationRequest = createAuthorizationRequest("/callback/client-1");
    MockHttpServletRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.setUpAuthorizationRequest(authorizationRequest, response, this.registration1);
    this.setUpAuthenticationResult(this.registration1);
    this.filter.doFilter(authorizationResponse, response, filterChain);
    OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient(this.registration1.getRegistrationId(), anonymousPrincipal, authorizationResponse);
    assertThat(authorizedClient).isNotNull();
    assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1);
    assertThat(authorizedClient.getPrincipalName()).isEqualTo(anonymousPrincipal.getName());
    assertThat(authorizedClient.getAccessToken()).isNotNull();
    HttpSession session = authorizationResponse.getSession(false);
    assertThat(session).isNotNull();
    @SuppressWarnings("unchecked") Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
    assertThat(authorizedClients).isNotEmpty();
    assertThat(authorizedClients).hasSize(1);
    assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) FilterChain(jakarta.servlet.FilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 92 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class WithAnonymousUserSecurityContextFactory method createSecurityContext.

@Override
public SecurityContext createSecurityContext(WithAnonymousUser withUser) {
    List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS");
    Authentication authentication = new AnonymousAuthenticationToken("key", "anonymous", authorities);
    SecurityContext context = SecurityContextHolder.createEmptyContext();
    context.setAuthentication(authentication);
    return context;
}
Also used : Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SecurityContext(org.springframework.security.core.context.SecurityContext) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Example 93 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class AnonymousAuthenticationFilter method createAuthentication.

protected Authentication createAuthentication(HttpServletRequest request) {
    AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(this.key, this.principal, this.authorities);
    token.setDetails(this.authenticationDetailsSource.buildDetails(request));
    return token;
}
Also used : AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Example 94 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method contextIsNotRemovedFromSessionIfContextBeforeExecutionDefault.

// SEC-1735
@Test
public void contextIsNotRemovedFromSessionIfContextBeforeExecutionDefault() {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
    repo.loadContext(holder);
    SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
    ctxInSession.setAuthentication(this.testToken);
    request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("x", "x", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
    repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    assertThat(ctxInSession).isSameAs(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TransientSecurityContext(org.springframework.security.core.context.TransientSecurityContext) SecurityContext(org.springframework.security.core.context.SecurityContext) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 95 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method noSessionIsCreatedIfAnonymousTokenIsUsed.

// SEC-1315
@Test
public void noSessionIsCreatedIfAnonymousTokenIsUsed() {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    SecurityContextHolder.setContext(repo.loadContext(holder));
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON")));
    repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    assertThat(request.getSession(false)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)97 Authentication (org.springframework.security.core.Authentication)44 Test (org.junit.jupiter.api.Test)22 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)17 ArrayList (java.util.ArrayList)15 GrantedAuthority (org.springframework.security.core.GrantedAuthority)14 SecurityContext (org.springframework.security.core.context.SecurityContext)14 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)8 Test (org.junit.Test)8 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)6 Before (org.junit.Before)5 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)4 AccessDeniedException (org.springframework.security.access.AccessDeniedException)3 User (ca.corefacility.bioinformatics.irida.model.user.User)2 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)2