Search in sources :

Example 51 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class SecurityRequestsTests method requestProtectedUrlWithAuthentication.

@Test
public void requestProtectedUrlWithAuthentication() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("test", "notused", "ROLE_USER");
    mvc.perform(get("/").with(authentication(authentication))).andExpect(status().isNotFound()).andExpect(authenticated().withAuthentication(authentication));
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 52 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class FilterChainProxyTests method doFilterClearsSecurityContextHolderOnceOnForwards.

// SEC-2027
@Test
public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception {
    final FilterChain innerChain = mock(FilterChain.class);
    when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
    doAnswer(new Answer<Object>() {

        public Object answer(InvocationOnMock inv) throws Throwable {
            TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
            SecurityContextHolder.getContext().setAuthentication(expected);
            doAnswer(new Answer<Object>() {

                public Object answer(InvocationOnMock inv) throws Throwable {
                    innerChain.doFilter(request, response);
                    return null;
                }
            }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
            ;
            fcp.doFilter(request, response, innerChain);
            assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
            return null;
        }
    }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
    fcp.doFilter(request, response, chain);
    verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Answer(org.mockito.stubbing.Answer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 53 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentisUpdated2.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentisUpdated2() throws Exception {
    Authentication auth = new TestingAuthenticationToken("system", "secret", "ROLE_IGNORED");
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentityImpl rootObject = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(1));
    MutableAcl parent = jdbcMutableAclService.createAcl(rootObject);
    MutableAcl child = jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(2)));
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2);
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(16);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(8);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("terry"));
}
Also used : GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 54 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method childrenAreClearedFromCacheWhenParentIsUpdated.

/**
	 * SEC-655
	 */
@Test
@Transactional
public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity parentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(104));
    ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(105));
    MutableAcl parent = jdbcMutableAclService.createAcl(parentOid);
    MutableAcl child = jdbcMutableAclService.createAcl(childOid);
    child.setParent(parent);
    jdbcMutableAclService.updateAcl(child);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
    jdbcMutableAclService.updateAcl(parent);
    parent = (AclImpl) jdbcMutableAclService.readAclById(parentOid);
    parent.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
    jdbcMutableAclService.updateAcl(parent);
    child = (MutableAcl) jdbcMutableAclService.readAclById(childOid);
    parent = (MutableAcl) child.getParentAcl();
    assertThat(parent.getEntries()).hasSize(2).withFailMessage("Fails because child has a stale reference to its parent");
    assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
    assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
    assertThat(parent.getEntries().get(1).getSid()).isEqualTo(new PrincipalSid("scott"));
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 55 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class JdbcMutableAclServiceTests method cumulativePermissions.

@Test
@Transactional
public void cumulativePermissions() {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_ADMINISTRATOR");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(110));
    MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
    // Add an ACE permission entry
    Permission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
    assertThat(cm.getMask()).isEqualTo(17);
    Sid benSid = new PrincipalSid(auth);
    topParent.insertAce(0, cm, benSid, true);
    assertThat(topParent.getEntries()).hasSize(1);
    // Explicitly save the changed ACL
    topParent = jdbcMutableAclService.updateAcl(topParent);
    // Check the mask was retrieved correctly
    assertThat(topParent.getEntries().get(0).getPermission().getMask()).isEqualTo(17);
    assertThat(topParent.isGranted(Arrays.asList(cm), Arrays.asList(benSid), true)).isTrue();
    SecurityContextHolder.clearContext();
}
Also used : ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) Authentication(org.springframework.security.core.Authentication) ObjectIdentityImpl(org.springframework.security.acls.domain.ObjectIdentityImpl) Permission(org.springframework.security.acls.model.Permission) BasePermission(org.springframework.security.acls.domain.BasePermission) CumulativePermission(org.springframework.security.acls.domain.CumulativePermission) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) CustomSid(org.springframework.security.acls.sid.CustomSid) Sid(org.springframework.security.acls.model.Sid) GrantedAuthoritySid(org.springframework.security.acls.domain.GrantedAuthoritySid) PrincipalSid(org.springframework.security.acls.domain.PrincipalSid) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)183 Test (org.junit.Test)106 Authentication (org.springframework.security.core.Authentication)76 SecurityContext (org.springframework.security.core.context.SecurityContext)46 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)38 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)38 MifosUser (org.mifos.security.MifosUser)36 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)32 MifosUserBuilder (org.mifos.builders.MifosUserBuilder)28 Before (org.junit.Before)25 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 HttpServletResponse (javax.servlet.http.HttpServletResponse)10 ConfigAttribute (org.springframework.security.access.ConfigAttribute)10 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 MockFilterChain (org.springframework.mock.web.MockFilterChain)9 GrantedAuthority (org.springframework.security.core.GrantedAuthority)9 FilterChain (javax.servlet.FilterChain)8 MutableAcl (org.springframework.security.acls.model.MutableAcl)8 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)7