Search in sources :

Example 6 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class AnonymousAuthenticationProviderTests method testNormalOperation.

@Test
public void testNormalOperation() throws Exception {
    AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider("qwerty");
    AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("qwerty", "Test", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
    Authentication result = aap.authenticate(token);
    assertThat(token).isEqualTo(result);
}
Also used : Authentication(org.springframework.security.core.Authentication) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)

Example 7 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class AnonymousAuthenticationTokenTests method testNotEqualsDueToKey.

@Test
public void testNotEqualsDueToKey() {
    AnonymousAuthenticationToken token1 = new AnonymousAuthenticationToken("key", "Test", ROLES_12);
    AnonymousAuthenticationToken token2 = new AnonymousAuthenticationToken("DIFFERENT_KEY", "Test", ROLES_12);
    assertThat(token1.equals(token2)).isFalse();
}
Also used : AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Test(org.junit.Test)

Example 8 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChain method obtainAccessToken.

public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
    OAuth2AccessToken accessToken = null;
    OAuth2AccessToken existingToken = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth instanceof AnonymousAuthenticationToken) {
        if (!resource.isClientOnly()) {
            throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
        }
    }
    if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {
        existingToken = request.getExistingToken();
        if (existingToken == null && clientTokenServices != null) {
            existingToken = clientTokenServices.getAccessToken(resource, auth);
        }
        if (existingToken != null) {
            if (existingToken.isExpired()) {
                if (clientTokenServices != null) {
                    clientTokenServices.removeAccessToken(resource, auth);
                }
                OAuth2RefreshToken refreshToken = existingToken.getRefreshToken();
                if (refreshToken != null) {
                    accessToken = refreshAccessToken(resource, refreshToken, request);
                }
            } else {
                accessToken = existingToken;
            }
        }
    }
    if (accessToken == null) {
        // looks like we need to try to obtain a new token.
        accessToken = obtainNewAccessTokenInternal(resource, request);
        if (accessToken == null) {
            throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
        }
    }
    if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
        clientTokenServices.saveAccessToken(resource, auth, accessToken);
    }
    return accessToken;
}
Also used : OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Authentication(org.springframework.security.core.Authentication) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)

Example 9 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class AnonymousAuthenticationTokenMixinTests method serializeAnonymousAuthenticationTokenTest.

// @formatter:on
@Test
public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException {
    User user = createDefaultUser();
    AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
    String actualJson = mapper.writeValueAsString(token);
    JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true);
}
Also used : User(org.springframework.security.core.userdetails.User) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) Test(org.junit.Test)

Example 10 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testAccessDeniedWhenAnonymous.

@Test
public void testAccessDeniedWhenAnonymous() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    request.setServerPort(80);
    request.setScheme("http");
    request.setServerName("www.example.com");
    request.setContextPath("/mycontext");
    request.setRequestURI("/mycontext/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is
    // anonymous
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
    filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
    assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
    assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)40 Test (org.junit.Test)20 Authentication (org.springframework.security.core.Authentication)13 GrantedAuthority (org.springframework.security.core.GrantedAuthority)7 ArrayList (java.util.ArrayList)6 Before (org.junit.Before)6 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)5 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 AnonymousAuthenticationProvider (org.springframework.security.authentication.AnonymousAuthenticationProvider)2 User (org.springframework.security.core.userdetails.User)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)2 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)2 SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1