Example 1 with AuthenticationTrustResolver
use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.
the class SecurityExpressionRootTests method rememberMeIsCorrectlyDetected.
@Test
public void rememberMeIsCorrectlyDetected() throws Exception {
AuthenticationTrustResolver atr = mock(AuthenticationTrustResolver.class);
root.setTrustResolver(atr);
when(atr.isRememberMe(JOE)).thenReturn(true);
assertThat(root.isRememberMe()).isTrue();
assertThat(root.isFullyAuthenticated()).isFalse();
}
Also used :
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
Test(org.junit.Test)
Example 2 with AuthenticationTrustResolver
use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method saveContextCustomTrustResolver.
@Test
public void saveContextCustomTrustResolver() {
SecurityContext contextToSave = SecurityContextHolder.createEmptyContext();
contextToSave.setAuthentication(testToken);
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
repo.loadContext(holder);
AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
repo.setTrustResolver(trustResolver);
repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse());
verify(trustResolver).isAnonymous(contextToSave.getAuthentication());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SecurityContext(org.springframework.security.core.context.SecurityContext)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 3 with AuthenticationTrustResolver
use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method afterSingletonsInstantiated.
/*
* (non-Javadoc)
*
* @see org.springframework.beans.factory.SmartInitializingSingleton#
* afterSingletonsInstantiated()
*/
@Override
public void afterSingletonsInstantiated() {
try {
initializeMethodSecurityInterceptor();
} catch (Exception e) {
throw new RuntimeException(e);
}
PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
if (permissionEvaluator != null) {
this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
}
RoleHierarchy roleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
if (roleHierarchy != null) {
this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
}
AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(AuthenticationTrustResolver.class);
if (trustResolver != null) {
this.defaultMethodExpressionHandler.setTrustResolver(trustResolver);
}
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.defaultMethodExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
Example 4 with AuthenticationTrustResolver
use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.
the class SessionManagementConfigurer method init.
@Override
public void init(H http) throws Exception {
SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
boolean stateless = isStateless();
if (securityContextRepository == null) {
if (stateless) {
http.setSharedObject(SecurityContextRepository.class, new NullSecurityContextRepository());
} else {
HttpSessionSecurityContextRepository httpSecurityRepository = new HttpSessionSecurityContextRepository();
httpSecurityRepository.setDisableUrlRewriting(!this.enableSessionUrlRewriting);
httpSecurityRepository.setAllowSessionCreation(isAllowSessionCreation());
AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
if (trustResolver != null) {
httpSecurityRepository.setTrustResolver(trustResolver);
}
http.setSharedObject(SecurityContextRepository.class, httpSecurityRepository);
}
}
RequestCache requestCache = http.getSharedObject(RequestCache.class);
if (requestCache == null) {
if (stateless) {
http.setSharedObject(RequestCache.class, new NullRequestCache());
}
}
http.setSharedObject(SessionAuthenticationStrategy.class, getSessionAuthenticationStrategy(http));
http.setSharedObject(InvalidSessionStrategy.class, getInvalidSessionStrategy());
}
Also used :
HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository)
NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository)
RequestCache(org.springframework.security.web.savedrequest.RequestCache)
NullRequestCache(org.springframework.security.web.savedrequest.NullRequestCache)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository)
HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository)
SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)
NullRequestCache(org.springframework.security.web.savedrequest.NullRequestCache)
Example 5 with AuthenticationTrustResolver
use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.
the class SessionManagementFilterTests method customAuthenticationTrustResolver.
@Test
public void customAuthenticationTrustResolver() throws Exception {
AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
filter.setTrustResolver(trustResolver);
HttpServletRequest request = new MockHttpServletRequest();
authenticateUser();
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
verify(trustResolver).isAnonymous(any(Authentication.class));
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)8
Test (org.junit.Test)3
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)3
SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)3
ApplicationContext (org.springframework.context.ApplicationContext)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)2
HttpSessionSecurityContextRepository (org.springframework.security.web.context.HttpSessionSecurityContextRepository)2
NullSecurityContextRepository (org.springframework.security.web.context.NullSecurityContextRepository)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1
MockFilterChain (org.springframework.mock.web.MockFilterChain)1
PermissionEvaluator (org.springframework.security.access.PermissionEvaluator)1
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
Authentication (org.springframework.security.core.Authentication)1
SecurityContext (org.springframework.security.core.context.SecurityContext)1
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)1
DefaultWebSecurityExpressionHandler (org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)1
AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1
