Search in sources :

Example 1 with SecurityContext

use of org.springframework.security.context.SecurityContext in project gocd by gocd.

the class GoFileConfigDataSourceTest method shouldUse_UserFromSession_asConfigModifyingUserWhenNoneGiven.

@Test
public void shouldUse_UserFromSession_asConfigModifyingUserWhenNoneGiven() throws GitAPIException, IOException {
    SecurityContext context = SecurityContextHolder.getContext();
    context.setAuthentication(new UsernamePasswordAuthenticationToken(new User("loser_boozer", "pass", true, true, true, true, new GrantedAuthority[] {}), null));
    goConfigDao.updateMailHost(getMailHost("mailhost.local"));
    CruiseConfig cruiseConfig = goConfigDao.load();
    GoConfigRevision revision = configRepository.getRevision(cruiseConfig.getMd5());
    assertThat(revision.getUsername(), is("loser_boozer"));
}
Also used : User(org.springframework.security.userdetails.User) SecurityContext(org.springframework.security.context.SecurityContext) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) GoConfigRevision(com.thoughtworks.go.domain.GoConfigRevision) Test(org.junit.Test)

Example 2 with SecurityContext

use of org.springframework.security.context.SecurityContext in project gocd by gocd.

the class BasicAuthenticationFilterTest method testShouldRender500WithHTMLTextBodyWithApiAcceptHeaderWithHTML.

@Test
public void testShouldRender500WithHTMLTextBodyWithApiAcceptHeaderWithHTML() throws IOException {
    httpRequest.addHeader("Accept", "text/html");
    SecurityContext context = SecurityContextHolder.getContext();
    filter.handleException(httpRequest, httpResponse, new Exception("some error"));
    verify(localizer).localize("INVALID_LDAP_ERROR");
    assertThat(((Exception) (httpRequest.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY))).getMessage(), is(errorMessage));
    assertThat(httpRequest.getAttribute(SessionDenialAwareAuthenticationProcessingFilterEntryPoint.SESSION_DENIED).toString(), is("true"));
    assertThat(context.getAuthentication(), is(nullValue()));
    assertThat(httpResponse.getRedirectedUrl(), is("/go/auth/login?login_error=1"));
}
Also used : SecurityContext(org.springframework.security.context.SecurityContext) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) AuthenticationException(org.springframework.security.AuthenticationException) Test(org.junit.Test)

Example 3 with SecurityContext

use of org.springframework.security.context.SecurityContext in project gocd by gocd.

the class GoVelocityView method exposeHelpers.

protected void exposeHelpers(Context velocityContext, HttpServletRequest request) throws Exception {
    RailsAssetsService railsAssetsService = getRailsAssetsService();
    VersionInfoService versionInfoService = getVersionInfoService();
    velocityContext.put(ADMINISTRATOR, true);
    velocityContext.put(GROUP_ADMINISTRATOR, true);
    velocityContext.put(TEMPLATE_ADMINISTRATOR, true);
    velocityContext.put(VIEW_ADMINISTRATOR_RIGHTS, true);
    velocityContext.put(TEMPLATE_VIEW_USER, true);
    velocityContext.put(USE_COMPRESS_JS, systemEnvironment.useCompressedJs());
    velocityContext.put(Toggles.PIPELINE_COMMENT_FEATURE_TOGGLE_KEY, Toggles.isToggleOn(Toggles.PIPELINE_COMMENT_FEATURE_TOGGLE_KEY));
    velocityContext.put(CONCATENATED_JAVASCRIPT_FILE_PATH, railsAssetsService.getAssetPath("application.js"));
    velocityContext.put(CONCATENATED_APPLICATION_CSS_FILE_PATH, railsAssetsService.getAssetPath("application.css"));
    velocityContext.put(CURRENT_GOCD_VERSION, CurrentGoCDVersion.getInstance());
    velocityContext.put(CONCATENATED_VM_APPLICATION_CSS_FILE_PATH, railsAssetsService.getAssetPath("vm/application.css"));
    velocityContext.put(CONCATENATED_CSS_APPLICATION_CSS_FILE_PATH, railsAssetsService.getAssetPath("css/application.css"));
    velocityContext.put(CONCATENATED_NEW_THEME_CSS_FILE_PATH, railsAssetsService.getAssetPath("new-theme.css"));
    velocityContext.put(CONCATENATED_STAGE_BAR_CANCELLED_ICON_FILE_PATH, railsAssetsService.getAssetPath("g9/stage_bar_cancelled_icon.png"));
    velocityContext.put(CONCATENATED_SPINNER_ICON_FILE_PATH, railsAssetsService.getAssetPath("spinner.gif"));
    velocityContext.put(CONCATENATED_CRUISE_ICON_FILE_PATH, railsAssetsService.getAssetPath("cruise.ico"));
    velocityContext.put(PATH_RESOLVER, railsAssetsService);
    velocityContext.put(GO_UPDATE, versionInfoService.getGoUpdate());
    velocityContext.put(GO_UPDATE_CHECK_ENABLED, versionInfoService.isGOUpdateCheckEnabled());
    SecurityContext securityContext = (SecurityContext) request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY);
    if (securityContext == null || securityContext.getAuthentication() == null) {
        return;
    }
    final Authentication authentication = securityContext.getAuthentication();
    setPrincipal(velocityContext, authentication);
    setAdmininstratorRole(velocityContext, authentication);
}
Also used : Authentication(org.springframework.security.Authentication) SecurityContext(org.springframework.security.context.SecurityContext) RailsAssetsService(com.thoughtworks.go.server.service.RailsAssetsService) VersionInfoService(com.thoughtworks.go.server.service.VersionInfoService)

Example 4 with SecurityContext

use of org.springframework.security.context.SecurityContext in project gocd by gocd.

the class ConfigModifyingUserTest method shouldIdentifyLoggedInUserAsModifyingUser_WhenNoModifyingUserIsGiven.

@Test
public void shouldIdentifyLoggedInUserAsModifyingUser_WhenNoModifyingUserIsGiven() {
    SecurityContext context = SecurityContextHolder.getContext();
    context.setAuthentication(new UsernamePasswordAuthenticationToken(new User("loser_boozer", "pass", true, true, true, true, new GrantedAuthority[] {}), null));
    ConfigModifyingUser user = new ConfigModifyingUser();
    assertThat(user.getUserName(), is("loser_boozer"));
}
Also used : User(org.springframework.security.userdetails.User) SecurityContext(org.springframework.security.context.SecurityContext) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 5 with SecurityContext

use of org.springframework.security.context.SecurityContext in project gocd by gocd.

the class CasProcessingFilter method onUnsuccessfulAuthentication.

@Override
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
    SecurityContext context = SecurityContextHolder.getContext();
    request.getSession().setAttribute(SPRING_SECURITY_LAST_EXCEPTION_KEY, new OnlyKnownUsersAllowedException("Foo"));
    request.setAttribute(SessionDenialAwareAuthenticationProcessingFilterEntryPoint.SESSION_DENIED, true);
    context.setAuthentication(null);
    response.sendRedirect("/go/auth/login");
    super.onUnsuccessfulAuthentication(request, response, failed);
}
Also used : SecurityContext(org.springframework.security.context.SecurityContext)

Aggregations

SecurityContext (org.springframework.security.context.SecurityContext)9 Test (org.junit.Test)4 UsernamePasswordAuthenticationToken (org.springframework.security.providers.UsernamePasswordAuthenticationToken)4 User (org.springframework.security.userdetails.User)4 IOException (java.io.IOException)2 Authentication (org.springframework.security.Authentication)2 ConfigFileHasChangedException (com.thoughtworks.go.config.exceptions.ConfigFileHasChangedException)1 ConfigMergeException (com.thoughtworks.go.config.exceptions.ConfigMergeException)1 GoConfigInvalidException (com.thoughtworks.go.config.exceptions.GoConfigInvalidException)1 GitMaterialConfig (com.thoughtworks.go.config.materials.git.GitMaterialConfig)1 ConfigElementImplementationRegistry (com.thoughtworks.go.config.registry.ConfigElementImplementationRegistry)1 NoPluginsInstalled (com.thoughtworks.go.config.registry.NoPluginsInstalled)1 ConfigRepoConfig (com.thoughtworks.go.config.remote.ConfigRepoConfig)1 GoConfigRevision (com.thoughtworks.go.domain.GoConfigRevision)1 NullUser (com.thoughtworks.go.domain.NullUser)1 Pipeline (com.thoughtworks.go.domain.Pipeline)1 Stage (com.thoughtworks.go.domain.Stage)1 User (com.thoughtworks.go.domain.User)1 ConfigRepoExtension (com.thoughtworks.go.plugin.access.configrepo.ConfigRepoExtension)1 RailsAssetsService (com.thoughtworks.go.server.service.RailsAssetsService)1