Search in sources :

Example 31 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class TokenBasedRememberMeServicesTests method loginSuccessIgnoredIfParameterNotSetOrFalse.

@Test
public void loginSuccessIgnoredIfParameterNotSetOrFalse() {
    TokenBasedRememberMeServices services = new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService(null, false));
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(DEFAULT_PARAMETER, "false");
    MockHttpServletResponse response = new MockHttpServletResponse();
    services.loginSuccess(request, response, new TestingAuthenticationToken("someone", "password", "ROLE_ABC"));
    Cookie cookie = response.getCookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
    assertThat(cookie).isNull();
}
Also used : Cookie(javax.servlet.http.Cookie) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenBasedRememberMeServices(org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 32 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class DigestAuthenticationFilterTests method authenticationCreatesEmptyContext.

// SEC-3108
@Test
public void authenticationCreatesEmptyContext() throws Exception {
    SecurityContext existingContext = SecurityContextHolder.createEmptyContext();
    TestingAuthenticationToken existingAuthentication = new TestingAuthenticationToken("existingauthenitcated", "pass", "ROLE_USER");
    existingContext.setAuthentication(existingAuthentication);
    SecurityContextHolder.setContext(existingContext);
    String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
    request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE));
    filter.setCreateAuthenticatedToken(true);
    executeFilterInContainerSimulator(filter, request, true);
    assertThat(existingAuthentication).isSameAs(existingContext.getAuthentication());
}
Also used : SecurityContext(org.springframework.security.core.context.SecurityContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 33 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclAuthorizationStrategyImplTests method setup.

@Before
public void setup() {
    authority = new SimpleGrantedAuthority("ROLE_AUTH");
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar", Arrays.asList(authority));
    authentication.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(authentication);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Before(org.junit.Before)

Example 34 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplTests method updatedAceValuesAreCorrectlyReflectedInAcl.

@Test
public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    MockAclService service = new MockAclService();
    acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
    service.updateAcl(acl);
    assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
    assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission());
    assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission());
    // Change each permission
    acl.updateAce(0, BasePermission.CREATE);
    acl.updateAce(1, BasePermission.DELETE);
    acl.updateAce(2, BasePermission.READ);
    // Check the change was successfully made
    assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission());
    assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission());
    assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(2).getPermission());
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 35 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplTests method isGrantingGrantsAccessForAclWithNoParent.

@Test
public void isGrantingGrantsAccessForAclWithNoParent() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL", "ROLE_GUEST");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
    // Create an ACL which owner is not the authenticated principal
    MutableAcl rootAcl = new AclImpl(rootOid, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    // Grant some permissions
    rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
    rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
    rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
    rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
    // Check permissions granting
    List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
    List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
    assertThat(rootAcl.isGranted(permissions, sids, false)).isFalse();
    try {
        rootAcl.isGranted(permissions, SCOTT, false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    assertThat(rootAcl.isGranted(WRITE, SCOTT, false)).isTrue();
    assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse();
    assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue();
    try {
        // Change the type of the Sid and check the granting process
        rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
}
Also used : TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Authentication(org.springframework.security.core.Authentication)

Aggregations

TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)183 Test (org.junit.Test)106 Authentication (org.springframework.security.core.Authentication)76 SecurityContext (org.springframework.security.core.context.SecurityContext)46 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)38 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)38 MifosUser (org.mifos.security.MifosUser)36 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)32 MifosUserBuilder (org.mifos.builders.MifosUserBuilder)28 Before (org.junit.Before)25 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 HttpServletResponse (javax.servlet.http.HttpServletResponse)10 ConfigAttribute (org.springframework.security.access.ConfigAttribute)10 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 MockFilterChain (org.springframework.mock.web.MockFilterChain)9 GrantedAuthority (org.springframework.security.core.GrantedAuthority)9 FilterChain (javax.servlet.FilterChain)8 MutableAcl (org.springframework.security.acls.model.MutableAcl)8 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)7