Search in sources :

Example 56 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class CasAuthenticationProviderTests method authenticateAllAuthenticationIsSuccessful.

@Test
public void authenticateAllAuthenticationIsSuccessful() throws Exception {
    String serviceUrl = "https://service/context";
    ServiceAuthenticationDetails details = mock(ServiceAuthenticationDetails.class);
    when(details.getServiceUrl()).thenReturn(serviceUrl);
    TicketValidator validator = mock(TicketValidator.class);
    when(validator.validate(any(String.class), any(String.class))).thenReturn(new AssertionImpl("rod"));
    ServiceProperties serviceProperties = makeServiceProperties();
    serviceProperties.setAuthenticateAllArtifacts(true);
    CasAuthenticationProvider cap = new CasAuthenticationProvider();
    cap.setAuthenticationUserDetailsService(new MockAuthoritiesPopulator());
    cap.setKey("qwerty");
    cap.setTicketValidator(validator);
    cap.setServiceProperties(serviceProperties);
    cap.afterPropertiesSet();
    String ticket = "ST-456";
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER, ticket);
    Authentication result = cap.authenticate(token);
    verify(validator).validate(ticket, serviceProperties.getService());
    serviceProperties.setAuthenticateAllArtifacts(true);
    result = cap.authenticate(token);
    verify(validator, times(2)).validate(ticket, serviceProperties.getService());
    token.setDetails(details);
    result = cap.authenticate(token);
    verify(validator).validate(ticket, serviceUrl);
    serviceProperties.setAuthenticateAllArtifacts(false);
    serviceProperties.setService(null);
    cap.setServiceProperties(serviceProperties);
    cap.afterPropertiesSet();
    result = cap.authenticate(token);
    verify(validator, times(2)).validate(ticket, serviceUrl);
    token.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
    try {
        cap.authenticate(token);
        fail("Expected Exception");
    } catch (IllegalStateException success) {
    }
    cap.setServiceProperties(null);
    cap.afterPropertiesSet();
    try {
        cap.authenticate(token);
        fail("Expected Exception");
    } catch (IllegalStateException success) {
    }
}
Also used : ServiceAuthenticationDetails(org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails) AssertionImpl(org.jasig.cas.client.validation.AssertionImpl) ServiceProperties(org.springframework.security.cas.ServiceProperties) TicketValidator(org.jasig.cas.client.validation.TicketValidator) Authentication(org.springframework.security.core.Authentication) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 57 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class JaasAuthenticationProviderTests method testBadUser.

@Test
public void testBadUser() {
    try {
        jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password"));
        fail("LoginException should have been thrown for the bad user");
    } catch (AuthenticationException e) {
    }
    assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
    assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null").isNotNull();
    assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 58 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class JaasAuthenticationProviderTests method testFull.

@Test
public void testFull() throws Exception {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE"));
    assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
    Authentication auth = jaasProvider.authenticate(token);
    assertThat(jaasProvider.getAuthorityGranters()).isNotNull();
    assertThat(jaasProvider.getCallbackHandlers()).isNotNull();
    assertThat(jaasProvider.getLoginConfig()).isNotNull();
    assertThat(jaasProvider.getLoginContextName()).isNotNull();
    Collection<? extends GrantedAuthority> list = auth.getAuthorities();
    Set<String> set = AuthorityUtils.authorityListToSet(list);
    assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE").isFalse();
    assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue();
    assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue();
    boolean foundit = false;
    for (GrantedAuthority a : list) {
        if (a instanceof JaasGrantedAuthority) {
            JaasGrantedAuthority grant = (JaasGrantedAuthority) a;
            assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority").isNotNull();
            foundit = true;
        }
    }
    assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue();
    assertThat(eventCheck.successEvent).as("Success event should be fired").isNotNull();
    assertThat(eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal").isEqualTo(auth);
    assertThat(eventCheck.failedEvent).as("Failure event should not be fired").isNull();
}
Also used : Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 59 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class JaasAuthenticationProviderTests method testBadPassword.

@Test
public void testBadPassword() {
    try {
        jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf"));
        fail("LoginException should have been thrown for the bad password");
    } catch (AuthenticationException e) {
    }
    assertThat(eventCheck.failedEvent).as("Failure event not fired").isNotNull();
    assertThat(eventCheck.failedEvent.getException()).withFailMessage("Failure event exception was null").isNotNull();
    assertThat(eventCheck.successEvent).as("Success event was fired").isNull();
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 60 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class Sec760Tests method testAuthenticate.

private void testAuthenticate(JaasAuthenticationProvider p1) {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
    Authentication auth = p1.authenticate(token);
    assertThat(auth).isNotNull();
}
Also used : Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Aggregations

UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309 Test (org.junit.Test)156 Authentication (org.springframework.security.core.Authentication)114 GrantedAuthority (org.springframework.security.core.GrantedAuthority)37 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34 UserDetails (org.springframework.security.core.userdetails.UserDetails)33 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27 SecurityContext (org.springframework.security.core.context.SecurityContext)21 AuthenticationException (org.springframework.security.core.AuthenticationException)20 User (org.springframework.security.core.userdetails.User)17 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15 ArrayList (java.util.ArrayList)14 OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11 Before (org.junit.Before)8 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8