Examples with TestingAuthenticationToken org.springframework.security.authentication.TestingAuthenticationToken used on opensource projects

Search in sources :

Example 36 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplTests method isGrantingGrantsAccessForInheritableAcls.

@Test
public void isGrantingGrantsAccessForInheritableAcls() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
    ObjectIdentity parentOid1 = new ObjectIdentityImpl(TARGET_CLASS, 101);
    ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102);
    ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103);
    ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104);
    // Create ACLs
    PrincipalSid joe = new PrincipalSid("joe");
    MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, authzStrategy, pgs, null, null, false, joe);
    MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, authzStrategy, pgs, null, null, true, joe);
    MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, authzStrategy, pgs, null, null, true, joe);
    MutableAcl childAcl1 = new AclImpl(childOid1, 4, authzStrategy, pgs, null, null, true, joe);
    MutableAcl childAcl2 = new AclImpl(childOid2, 4, authzStrategy, pgs, null, null, false, joe);
    // Create hierarchies
    childAcl2.setParent(childAcl1);
    childAcl1.setParent(parentAcl1);
    parentAcl2.setParent(grandParentAcl);
    parentAcl1.setParent(grandParentAcl);
    // Add some permissions
    grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
    grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
    grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
    parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
    parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
    parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
    childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
    // Check granting process for parent1
    assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue();
    assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)).isTrue();
    assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue();
    assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse();
    assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse();
    // Check granting process for parent2
    assertThat(parentAcl2.isGranted(CREATE, BEN, false)).isTrue();
    assertThat(parentAcl2.isGranted(WRITE, BEN, false)).isTrue();
    assertThat(parentAcl2.isGranted(DELETE, BEN, false)).isFalse();
    // Check granting process for child1
    assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue();
    assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)).isTrue();
    assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse();
    // parent)
    try {
        assertThat(childAcl2.isGranted(CREATE, SCOTT, false)).isTrue();
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 37 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplTests method auditableEntryFlagsAreUpdatedCorrectly.

@Test
public void auditableEntryFlagsAreUpdatedCorrectly() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    MockAclService service = new MockAclService();
    acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    service.updateAcl(acl);
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse();
    // Change each permission
    ((AuditableAcl) acl).updateAuditing(0, true, true);
    ((AuditableAcl) acl).updateAuditing(1, true, true);
    // Check the change was successfuly made
    assertThat(acl.getEntries()).extracting("auditSuccess").containsOnly(true, true);
    assertThat(acl.getEntries()).extracting("auditFailure").containsOnly(true, true);
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 38 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplementationSecurityCheckTests method testSecurityCheckWithMultipleACEs.

@Test
public void testSecurityCheckWithMultipleACEs() throws Exception {
    // Create a simple authentication with ROLE_GENERAL
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, new Long(100));
    // Authorization strategy will require a different role for each access
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    // Let's give the principal the ADMINISTRATION permission, without
    // granting access
    MutableAcl aclFirstDeny = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
    aclFirstDeny.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
    // The CHANGE_GENERAL test should pass as the principal has ROLE_GENERAL
    aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_GENERAL);
    // nor granting access
    try {
        aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
        fail("It should have thrown AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    try {
        aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
        fail("It should have thrown AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    // Add granting access to this principal
    aclFirstDeny.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
    // (false) will deny this access
    try {
        aclAuthorizationStrategy.securityCheck(aclFirstDeny, AclAuthorizationStrategy.CHANGE_AUDITING);
        fail("It should have thrown AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    // Create another ACL and give the principal the ADMINISTRATION
    // permission, with granting access
    MutableAcl aclFirstAllow = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
    aclFirstAllow.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
    // The CHANGE_AUDITING test should pass as there is one ACE with
    // granting access
    aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
    // Add a deny ACE and test again for CHANGE_AUDITING
    aclFirstAllow.insertAce(1, BasePermission.ADMINISTRATION, new PrincipalSid(auth), false);
    try {
        aclAuthorizationStrategy.securityCheck(aclFirstAllow, AclAuthorizationStrategy.CHANGE_AUDITING);
    } catch (AccessDeniedException notExpected) {
        fail("It shouldn't have thrown AccessDeniedException");
    }
    // Create an ACL with no ACE
    MutableAcl aclNoACE = new AclImpl(identity, new Long(1), aclAuthorizationStrategy, new ConsoleAuditLogger());
    try {
        aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_AUDITING);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // and still grant access for CHANGE_GENERAL
    try {
        aclAuthorizationStrategy.securityCheck(aclNoACE, AclAuthorizationStrategy.CHANGE_GENERAL);
    } catch (NotFoundException expected) {
        fail("It shouldn't have thrown NotFoundException");
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) NotFoundException(org.springframework.security.acls.model.NotFoundException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) MutableAcl(org.springframework.security.acls.model.MutableAcl)

Example 39 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplementationSecurityCheckTests method testSecurityCheckPrincipalOwner.

@Test
public void testSecurityCheckPrincipalOwner() throws Exception {
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_ONE");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_OWNERSHIP"), new SimpleGrantedAuthority("ROLE_AUDITING"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    Acl acl = new AclImpl(identity, 1, aclAuthorizationStrategy, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false, new PrincipalSid(auth));
    try {
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL);
    } catch (AccessDeniedException notExpected) {
        fail("It shouldn't have thrown AccessDeniedException");
    }
    try {
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING);
        fail("It shouldn't have thrown AccessDeniedException");
    } catch (NotFoundException expected) {
    }
    try {
        aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
    } catch (AccessDeniedException notExpected) {
        fail("It shouldn't have thrown AccessDeniedException");
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) Acl(org.springframework.security.acls.model.Acl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication)

Example 40 with TestingAuthenticationToken

use of org.springframework.security.authentication.TestingAuthenticationToken in project spring-security by spring-projects.

the class AclImplementationSecurityCheckTests method testSecurityCheckWithInheritableACEs.

@Test
public void testSecurityCheckWithInheritableACEs() throws Exception {
    // Create a simple authentication with ROLE_GENERAL
    Authentication auth = new TestingAuthenticationToken("user", "password", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity identity = new ObjectIdentityImpl(TARGET_CLASS, 100);
    // Authorization strategy will require a different role for each access
    AclAuthorizationStrategy aclAuthorizationStrategy = new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ONE"), new SimpleGrantedAuthority("ROLE_TWO"), new SimpleGrantedAuthority("ROLE_GENERAL"));
    // Let's give the principal an ADMINISTRATION permission, with granting
    // access
    MutableAcl parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
    parentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
    MutableAcl childAcl = new AclImpl(identity, 2, aclAuthorizationStrategy, new ConsoleAuditLogger());
    // rights on CHANGE_OWNERSHIP
    try {
        aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    // Link the child with its parent and test again against the
    // CHANGE_OWNERSHIP right
    childAcl.setParent(parentAcl);
    childAcl.setEntriesInheriting(true);
    try {
        aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
    } catch (NotFoundException expected) {
        fail("It shouldn't have thrown NotFoundException");
    }
    // Create a root parent and link it to the middle parent
    MutableAcl rootParentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
    parentAcl = new AclImpl(identity, 1, aclAuthorizationStrategy, new ConsoleAuditLogger());
    rootParentAcl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(auth), true);
    parentAcl.setEntriesInheriting(true);
    parentAcl.setParent(rootParentAcl);
    childAcl.setParent(parentAcl);
    try {
        aclAuthorizationStrategy.securityCheck(childAcl, AclAuthorizationStrategy.CHANGE_OWNERSHIP);
    } catch (NotFoundException expected) {
        fail("It shouldn't have thrown NotFoundException");
    }
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) ObjectIdentity(org.springframework.security.acls.model.ObjectIdentity) Authentication(org.springframework.security.core.Authentication) NotFoundException(org.springframework.security.acls.model.NotFoundException) MutableAcl(org.springframework.security.acls.model.MutableAcl) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Aggregations

TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)183 Test (org.junit.Test)106 Authentication (org.springframework.security.core.Authentication)76 SecurityContext (org.springframework.security.core.context.SecurityContext)46 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)38 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)38 MifosUser (org.mifos.security.MifosUser)36 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)32 MifosUserBuilder (org.mifos.builders.MifosUserBuilder)28 Before (org.junit.Before)25 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 HttpServletResponse (javax.servlet.http.HttpServletResponse)10 ConfigAttribute (org.springframework.security.access.ConfigAttribute)10 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 MockFilterChain (org.springframework.mock.web.MockFilterChain)9 GrantedAuthority (org.springframework.security.core.GrantedAuthority)9 FilterChain (javax.servlet.FilterChain)8 MutableAcl (org.springframework.security.acls.model.MutableAcl)8 PrincipalSid (org.springframework.security.acls.domain.PrincipalSid)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial