Example 46 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testAuthenticateFailsWithInvalidPassword.
@Test
public void testAuthenticateFailsWithInvalidPassword() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "INVALID_PASSWORD");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoUserrod());
provider.setUserCache(new MockUserCache());
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
} catch (BadCredentialsException expected) {
}
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Test(org.junit.Test)
Example 47 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testAuthenticateFailsIfCredentialsExpired.
@Test
public void testAuthenticateFailsIfCredentialsExpired() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoUserPeterCredentialsExpired());
provider.setUserCache(new MockUserCache());
try {
provider.authenticate(token);
fail("Should have thrown CredentialsExpiredException");
} catch (CredentialsExpiredException expected) {
}
// Check that wrong password causes BadCredentialsException, rather than
// CredentialsExpiredException
token = new UsernamePasswordAuthenticationToken("peter", "wrong_password");
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
} catch (BadCredentialsException expected) {
}
}
Also used :
CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Test(org.junit.Test)
Example 48 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testReceivedBadCredentialsWhenCredentialsNotProvided.
@Test
public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
// Test related to SEC-434
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoUserrod());
provider.setUserCache(new MockUserCache());
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("rod", null);
try {
provider.authenticate(authenticationToken);
fail("Expected BadCredenialsException");
} catch (BadCredentialsException expected) {
}
}
Also used :
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Test(org.junit.Test)
Example 49 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testUserNotFoundBCryptPasswordEncoder.
@Test
public void testUserNotFoundBCryptPasswordEncoder() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", "koala");
PasswordEncoder encoder = new BCryptPasswordEncoder();
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setHideUserNotFoundExceptions(false);
provider.setPasswordEncoder(encoder);
MockAuthenticationDaoUserrod userDetailsService = new MockAuthenticationDaoUserrod();
userDetailsService.password = encoder.encode((CharSequence) token.getCredentials());
provider.setUserDetailsService(userDetailsService);
try {
provider.authenticate(token);
fail("Expected Exception");
} catch (UsernameNotFoundException success) {
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
ShaPasswordEncoder(org.springframework.security.authentication.encoding.ShaPasswordEncoder)
PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)
Test(org.junit.Test)
Example 50 with UsernamePasswordAuthenticationToken
use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.
the class DaoAuthenticationProviderTests method testAuthenticatesWithForcePrincipalAsString.
@Test
public void testAuthenticatesWithForcePrincipalAsString() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala");
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoUserrod());
provider.setUserCache(new MockUserCache());
provider.setForcePrincipalAsString(true);
Authentication result = provider.authenticate(token);
if (!(result instanceof UsernamePasswordAuthenticationToken)) {
fail("Should have returned instance of UsernamePasswordAuthenticationToken");
}
UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result;
assertThat(castResult.getPrincipal().getClass()).isEqualTo(String.class);
assertThat(castResult.getPrincipal()).isEqualTo("rod");
}
Also used :
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Aggregations
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309
Test (org.junit.Test)156
Authentication (org.springframework.security.core.Authentication)114
GrantedAuthority (org.springframework.security.core.GrantedAuthority)37
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34
UserDetails (org.springframework.security.core.userdetails.UserDetails)33
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27
SecurityContext (org.springframework.security.core.context.SecurityContext)21
AuthenticationException (org.springframework.security.core.AuthenticationException)20
User (org.springframework.security.core.userdetails.User)17
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15
ArrayList (java.util.ArrayList)14
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12
SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11
Before (org.junit.Before)8
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8
