Examples with ReflectionSaltSource - org.springframework.security.authentication.dao.ReflectionSaltSource

Example 1 with ReflectionSaltSource

use of org.springframework.security.authentication.dao.ReflectionSaltSource in project spring-security by spring-projects.

the class ReflectionSaltSourceTests method detectsMissingUserPropertyToUse.

// ~ Methods
// ========================================================================================================
@Test(expected = IllegalArgumentException.class)
public void detectsMissingUserPropertyToUse() throws Exception {
    ReflectionSaltSource saltSource = new ReflectionSaltSource();
    saltSource.afterPropertiesSet();
}

Also used : ReflectionSaltSource(org.springframework.security.authentication.dao.ReflectionSaltSource) Test(org.junit.Test)

Example 2 with ReflectionSaltSource

use of org.springframework.security.authentication.dao.ReflectionSaltSource in project spring-security by spring-projects.

the class ReflectionSaltSourceTests method methodNameAsPropertyToUseReturnsCorrectSaltValue.

@Test
public void methodNameAsPropertyToUseReturnsCorrectSaltValue() {
    ReflectionSaltSource saltSource = new ReflectionSaltSource();
    saltSource.setUserPropertyToUse("getUsername");
    assertThat(saltSource.getSalt(user)).isEqualTo("scott");
}

Also used : ReflectionSaltSource(org.springframework.security.authentication.dao.ReflectionSaltSource) Test(org.junit.Test)

Example 3 with ReflectionSaltSource

use of org.springframework.security.authentication.dao.ReflectionSaltSource in project spring-security by spring-projects.

the class ReflectionSaltSourceTests method exceptionIsThrownWhenInvalidPropertyRequested.

@Test(expected = AuthenticationServiceException.class)
public void exceptionIsThrownWhenInvalidPropertyRequested() throws Exception {
    ReflectionSaltSource saltSource = new ReflectionSaltSource();
    saltSource.setUserPropertyToUse("getDoesNotExist");
    saltSource.afterPropertiesSet();
    saltSource.getSalt(user);
}

Also used : ReflectionSaltSource(org.springframework.security.authentication.dao.ReflectionSaltSource) Test(org.junit.Test)

Example 4 with ReflectionSaltSource

use of org.springframework.security.authentication.dao.ReflectionSaltSource in project ranger by apache.

the class RangerAuthenticationProvider method getJDBCAuthentication.

private Authentication getJDBCAuthentication(Authentication authentication, String encoder) throws AuthenticationException {
    try {
        ReflectionSaltSource saltSource = new ReflectionSaltSource();
        saltSource.setUserPropertyToUse("username");
        DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
        authenticator.setUserDetailsService(userDetailsService);
        if (encoder != null && "SHA256".equalsIgnoreCase(encoder)) {
            authenticator.setPasswordEncoder(new ShaPasswordEncoder(256));
        } else if (encoder != null && "MD5".equalsIgnoreCase(encoder)) {
            authenticator.setPasswordEncoder(new Md5PasswordEncoder());
        }
        authenticator.setSaltSource(saltSource);
        String userName = "";
        String userPassword = "";
        if (authentication != null) {
            userName = authentication.getName();
            if (authentication.getCredentials() != null) {
                userPassword = authentication.getCredentials().toString();
            }
        }
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = authenticator.authenticate(finalAuthentication);
            return authentication;
        } else {
            if (authentication != null && !authentication.isAuthenticated()) {
                throw new BadCredentialsException("Bad credentials");
            }
        }
    } catch (BadCredentialsException e) {
        throw e;
    } catch (AuthenticationServiceException e) {
        throw e;
    } catch (AuthenticationException e) {
        throw e;
    } catch (Exception e) {
        throw e;
    }
    return authentication;
}

Also used : ShaPasswordEncoder(org.springframework.security.authentication.encoding.ShaPasswordEncoder) User(org.springframework.security.core.userdetails.User) AuthenticationException(org.springframework.security.core.AuthenticationException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ReflectionSaltSource(org.springframework.security.authentication.dao.ReflectionSaltSource) Md5PasswordEncoder(org.springframework.security.authentication.encoding.Md5PasswordEncoder) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(org.springframework.security.core.userdetails.UserDetails) DaoAuthenticationProvider(org.springframework.security.authentication.dao.DaoAuthenticationProvider) Authentication(org.springframework.security.core.Authentication)

Example 5 with ReflectionSaltSource

use of org.springframework.security.authentication.dao.ReflectionSaltSource in project spring-security by spring-projects.

the class ReflectionSaltSourceTests method propertyNameAsPropertyToUseReturnsCorrectSaltValue.

@Test
public void propertyNameAsPropertyToUseReturnsCorrectSaltValue() {
    ReflectionSaltSource saltSource = new ReflectionSaltSource();
    saltSource.setUserPropertyToUse("password");
    assertThat(saltSource.getSalt(user)).isEqualTo("wombat");
}

Also used : ReflectionSaltSource(org.springframework.security.authentication.dao.ReflectionSaltSource) Test(org.junit.Test)

Aggregations

ReflectionSaltSource (org.springframework.security.authentication.dao.ReflectionSaltSource)5 Test (org.junit.Test)4 ArrayList (java.util.ArrayList)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 DaoAuthenticationProvider (org.springframework.security.authentication.dao.DaoAuthenticationProvider)1 Md5PasswordEncoder (org.springframework.security.authentication.encoding.Md5PasswordEncoder)1 ShaPasswordEncoder (org.springframework.security.authentication.encoding.ShaPasswordEncoder)1 Authentication (org.springframework.security.core.Authentication)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 User (org.springframework.security.core.userdetails.User)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1