Search in sources :

Example 41 with Authentication

use of org.springframework.security.core.Authentication in project spring-security by spring-projects.

the class AbstractRememberMeServicesTests method autoLoginShouldFailIfCookieIsNotBase64.

@Test
public void autoLoginShouldFailIfCookieIsNotBase64() throws Exception {
    MockRememberMeServices services = new MockRememberMeServices(uds);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ"));
    Authentication result = services.autoLogin(request, response);
    assertThat(result).isNull();
    assertCookieCancelled(response);
}
Also used : Cookie(javax.servlet.http.Cookie) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test) PrepareOnlyThisForTest(org.powermock.core.classloader.annotations.PrepareOnlyThisForTest)

Example 42 with Authentication

use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.

the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.

@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
    request.setParameter("grant_type", "password");
    Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
    TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
    filter.doFilter(request, response, chain);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    assertTrue(authentication instanceof OAuth2Authentication);
    assertFalse(authentication.isAuthenticated());
}
Also used : OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 43 with Authentication

use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testAuthorizationCodeError.

@Test
public void testAuthorizationCodeError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices() {

        @Override
        public String createAuthorizationCode(OAuth2Authentication authentication) {
            throw new InvalidScopeException("FOO");
        }
    });
    ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("?error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) InvalidScopeException(org.springframework.security.oauth2.common.exceptions.InvalidScopeException) Test(org.junit.Test)

Example 44 with Authentication

use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitError.

@Test
public void testImplicitError() throws Exception {
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            return null;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
    assertTrue("No error: " + result, url.contains("#error="));
    assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) Test(org.junit.Test)

Example 45 with Authentication

use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.

@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }

        public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }

        public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return authorizationRequest;
        }
    });
    client.setScope(Collections.singleton("read"));
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Also used : LinkedHashSet(java.util.LinkedHashSet) AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) TokenGranter(org.springframework.security.oauth2.provider.TokenGranter) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) DefaultUserApprovalHandler(org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler) ModelAndView(org.springframework.web.servlet.ModelAndView) RedirectView(org.springframework.web.servlet.view.RedirectView) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Test(org.junit.Test)

Aggregations

Authentication (org.springframework.security.core.Authentication)498 Test (org.junit.Test)192 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)114 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)98 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)75 SecurityContext (org.springframework.security.core.context.SecurityContext)63 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)57 GrantedAuthority (org.springframework.security.core.GrantedAuthority)50 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)47 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)42 MifosUser (org.mifos.security.MifosUser)38 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34 HttpServletRequest (javax.servlet.http.HttpServletRequest)32 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)32 AuthenticationException (org.springframework.security.core.AuthenticationException)31 UserDetails (org.springframework.security.core.userdetails.UserDetails)31 MifosUserBuilder (org.mifos.builders.MifosUserBuilder)29 HashMap (java.util.HashMap)27 HttpServletResponse (javax.servlet.http.HttpServletResponse)27 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25