Search in sources :

Example 31 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class BasicAuthenticationFilterTests method setUp.

// ~ Methods
// ========================================================================================================
@Before
public void setUp() throws Exception {
    SecurityContextHolder.clearContext();
    UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
    rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
    Authentication rod = new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));
    manager = mock(AuthenticationManager.class);
    when(manager.authenticate(rodRequest)).thenReturn(rod);
    when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
    filter = new BasicAuthenticationFilter(manager, new BasicAuthenticationEntryPoint());
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Before(org.junit.Before)

Example 32 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security by spring-projects.

the class PreAuthenticatedAuthenticationProviderTests method authenticateInvalidToken.

@Test
public final void authenticateInvalidToken() throws Exception {
    UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES);
    PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
    Authentication request = new UsernamePasswordAuthenticationToken("dummyUser", "dummyPwd");
    Authentication result = provider.authenticate(request);
    assertThat(result).isNull();
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.springframework.security.core.userdetails.User) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 33 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.

@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
    request.setParameter("grant_type", "password");
    Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
    TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
    filter.doFilter(request, response, chain);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    assertTrue(authentication instanceof OAuth2Authentication);
    assertFalse(authentication.isAuthenticated());
}
Also used : OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 34 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class TokenEndpointTests method testGetAccessTokenWithNoClientId.

@Test
public void testGetAccessTokenWithNoClientId() throws HttpRequestMethodNotSupportedException {
    HashMap<String, String> parameters = new HashMap<String, String>();
    parameters.put(OAuth2Utils.GRANT_TYPE, "authorization_code");
    OAuth2AccessToken expectedToken = new DefaultOAuth2AccessToken("FOO");
    when(tokenGranter.grant(Mockito.eq("authorization_code"), Mockito.any(TokenRequest.class))).thenReturn(expectedToken);
    @SuppressWarnings("unchecked") Map<String, String> anyMap = Mockito.any(Map.class);
    when(authorizationRequestFactory.createTokenRequest(anyMap, Mockito.any(ClientDetails.class))).thenReturn(createFromParameters(parameters));
    clientAuthentication = new UsernamePasswordAuthenticationToken(null, null, Collections.singleton(new SimpleGrantedAuthority("ROLE_CLIENT")));
    ResponseEntity<OAuth2AccessToken> response = endpoint.postAccessToken(clientAuthentication, parameters);
    assertNotNull(response);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    OAuth2AccessToken body = response.getBody();
    assertEquals(body, expectedToken);
    assertTrue("Wrong body: " + body, body.getTokenType() != null);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) HashMap(java.util.HashMap) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Example 35 with UsernamePasswordAuthenticationToken

use of org.springframework.security.authentication.UsernamePasswordAuthenticationToken in project spring-security-oauth by spring-projects.

the class OAuth2MethodSecurityExpressionHandlerTests method testNonOauthClient.

@Test
public void testNonOauthClient() throws Exception {
    Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
    MethodInvocation invocation = new SimpleMethodInvocation(this, ReflectionUtils.findMethod(getClass(), "testNonOauthClient"));
    EvaluationContext context = handler.createEvaluationContext(clientAuthentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole()");
    assertFalse((Boolean) expression.getValue(context));
}
Also used : SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) Expression(org.springframework.expression.Expression) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) Test(org.junit.Test)

Aggregations

UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)309 Test (org.junit.Test)156 Authentication (org.springframework.security.core.Authentication)114 GrantedAuthority (org.springframework.security.core.GrantedAuthority)37 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)34 UserDetails (org.springframework.security.core.userdetails.UserDetails)33 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)29 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27 SecurityContext (org.springframework.security.core.context.SecurityContext)21 AuthenticationException (org.springframework.security.core.AuthenticationException)20 User (org.springframework.security.core.userdetails.User)17 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)15 ArrayList (java.util.ArrayList)14 OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)13 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)13 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)13 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)12 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)11 Before (org.junit.Before)8 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8