use of org.springframework.security.core.Authentication in project spring-security by spring-projects.
the class AbstractRememberMeServicesTests method autoLoginShouldFailIfCookieIsNotBase64.
@Test
public void autoLoginShouldFailIfCookieIsNotBase64() throws Exception {
MockRememberMeServices services = new MockRememberMeServices(uds);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
request.setCookies(new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, "ZZZ"));
Authentication result = services.autoLogin(request, response);
assertThat(result).isNull();
assertCookieCancelled(response);
}
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class TokenEndpointAuthenticationFilterTests method testPasswordGrantWithUnAuthenticatedClient.
@Test
public void testPasswordGrantWithUnAuthenticatedClient() throws Exception {
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("client", "secret"));
request.setParameter("grant_type", "password");
Mockito.when(authenticationManager.authenticate(Mockito.<Authentication>any())).thenReturn(new UsernamePasswordAuthenticationToken("foo", "bar", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")));
TokenEndpointAuthenticationFilter filter = new TokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory);
filter.doFilter(request, response, chain);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
assertTrue(authentication instanceof OAuth2Authentication);
assertFalse(authentication.isAuthenticated());
}
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testAuthorizationCodeError.
@Test
public void testAuthorizationCodeError() throws Exception {
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
});
endpoint.setAuthorizationCodeServices(new StubAuthorizationCodeServices() {
@Override
public String createAuthorizationCode(OAuth2Authentication authentication) {
throw new InvalidScopeException("FOO");
}
});
ModelAndView result = endpoint.authorize(model, getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("code")).getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
assertTrue("No error: " + result, url.contains("?error="));
assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitError.
@Test
public void testImplicitError() throws Exception {
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
});
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
return null;
}
});
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong view: " + result, url.startsWith("http://anywhere.com"));
assertTrue("No error: " + result, url.contains("#error="));
assertTrue("Wrong state: " + result, url.contains("&state=mystate"));
}
use of org.springframework.security.core.Authentication in project spring-security-oauth by spring-projects.
the class AuthorizationEndpointTests method testImplicitAppendsScopeWhenDefaulting.
@Test
public void testImplicitAppendsScopeWhenDefaulting() throws Exception {
endpoint.setTokenGranter(new TokenGranter() {
public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
token.setScope(new LinkedHashSet<String>(Arrays.asList("read", "write")));
return token;
}
});
endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return true;
}
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest;
}
});
client.setScope(Collections.singleton("read"));
AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", null, Collections.singleton("token"));
ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
String url = ((RedirectView) result.getView()).getUrl();
assertTrue("Wrong scope: " + result, url.contains("&scope=read%20write"));
}
Aggregations