Search in sources :

Example 11 with UsernamePasswordAuthenticationToken

use of org.springframework.security.providers.UsernamePasswordAuthenticationToken in project gocd by gocd.

the class BasicAuthenticationFilterTest method shouldConvey_itsBasicProcessingFilter.

@Test
public void shouldConvey_itsBasicProcessingFilter() throws IOException, ServletException {
    BasicAuthenticationFilter filter = new BasicAuthenticationFilter(localizer);
    final Boolean[] hadBasicMarkOnInsideAuthenticationManager = new Boolean[] { false };
    filter.setAuthenticationManager(new AuthenticationManager() {

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            hadBasicMarkOnInsideAuthenticationManager[0] = BasicAuthenticationFilter.isProcessingBasicAuth();
            return new UsernamePasswordAuthenticationToken("school-principal", "u can be principal if you know this!");
        }
    });
    assertThat(BasicAuthenticationFilter.isProcessingBasicAuth(), is(false));
    MockHttpServletRequest httpRequest = new MockHttpServletRequest();
    httpRequest.addHeader("Authorization", "Basic " + java.util.Base64.getEncoder().encodeToString("loser:boozer".getBytes()));
    filter.doFilterHttp(httpRequest, new MockHttpServletResponse(), new FilterChain() {

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        }
    });
    assertThat(BasicAuthenticationFilter.isProcessingBasicAuth(), is(false));
    assertThat(hadBasicMarkOnInsideAuthenticationManager[0], is(true));
}
Also used : ServletRequest(javax.servlet.ServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ServletResponse(javax.servlet.ServletResponse) AuthenticationException(org.springframework.security.AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) IOException(java.io.IOException) AuthenticationManager(org.springframework.security.AuthenticationManager) ServletException(javax.servlet.ServletException) Authentication(org.springframework.security.Authentication) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 12 with UsernamePasswordAuthenticationToken

use of org.springframework.security.providers.UsernamePasswordAuthenticationToken in project gocd by gocd.

the class ConfigModifyingUserTest method shouldIdentifyLoggedInUserAsModifyingUser_WhenNoModifyingUserIsGiven.

@Test
public void shouldIdentifyLoggedInUserAsModifyingUser_WhenNoModifyingUserIsGiven() {
    SecurityContext context = SecurityContextHolder.getContext();
    context.setAuthentication(new UsernamePasswordAuthenticationToken(new User("loser_boozer", "pass", true, true, true, true, new GrantedAuthority[] {}), null));
    ConfigModifyingUser user = new ConfigModifyingUser();
    assertThat(user.getUserName(), is("loser_boozer"));
}
Also used : User(org.springframework.security.userdetails.User) SecurityContext(org.springframework.security.context.SecurityContext) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 13 with UsernamePasswordAuthenticationToken

use of org.springframework.security.providers.UsernamePasswordAuthenticationToken in project gocd by gocd.

the class LdapAuthenticationTest method commonLdapUserShouldOnlyHaveAuthorityOfUserAndNotAdmin.

@Test
public void commonLdapUserShouldOnlyHaveAuthorityOfUserAndNotAdmin() throws Exception {
    ldapServer.addUser(employeesOrgUnit, "foleys", "some-password", "Shilpa Foley", "foleys@somecompany.com");
    configFileHelper.initializeConfigFile();
    configFileHelper.addLdapSecurityWithAdmin(LDAP_URL, MANAGER_DN, MANAGER_PASSWORD, SEARCH_BASE, SEARCH_FILTER, "another_admin");
    Authentication authentication = new UsernamePasswordAuthenticationToken("foleys", "some-password");
    Authentication result = ldapAuthenticationProvider.authenticate(authentication);
    assertThat(result.isAuthenticated(), is(true));
    GrantedAuthority[] authorities = result.getAuthorities();
    assertThat("foleys should have only user authority. Found: " + ArrayUtils.toString(authorities), authorities.length, is(1));
    assertThat(authorities[0].getAuthority(), is("ROLE_USER"));
}
Also used : Authentication(org.springframework.security.Authentication) GrantedAuthority(org.springframework.security.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Example 14 with UsernamePasswordAuthenticationToken

use of org.springframework.security.providers.UsernamePasswordAuthenticationToken in project gocd by gocd.

the class LdapAuthenticationTest method assertAuthenticationOfValidAdminUser.

private void assertAuthenticationOfValidAdminUser(String userName, String password) {
    Authentication authentication = new UsernamePasswordAuthenticationToken(userName, password);
    Authentication result = ldapAuthenticationProvider.authenticate(authentication);
    assertThat(result.isAuthenticated(), is(true));
    assertThat(userName + " should have " + ROLE_SUPERVISOR + " authority", result.getAuthorities(), // by default, every user is administrator
    hasItemInArray(ROLE_SUPERVISOR.asAuthority()));
}
Also used : Authentication(org.springframework.security.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken)

Example 15 with UsernamePasswordAuthenticationToken

use of org.springframework.security.providers.UsernamePasswordAuthenticationToken in project gocd by gocd.

the class ScheduleStageTest method shouldRerunJobsWithUserAsApprover.

@Test
public void shouldRerunJobsWithUserAsApprover() throws Exception {
    Pipeline pipeline = fixture.createdPipelineWithAllStagesPassed();
    Stage oldStage = pipeline.getStages().byName(fixture.devStage);
    SecurityContext context = SecurityContextHolder.getContext();
    context.setAuthentication(new UsernamePasswordAuthenticationToken(new User("loser", "pass", true, true, true, true, new GrantedAuthority[] {}), null));
    HttpOperationResult result = new HttpOperationResult();
    Stage newStage = scheduleService.rerunJobs(oldStage, a("foo", "foo3"), result);
    Stage loadedLatestStage = dbHelper.getStageDao().findStageWithIdentifier(newStage.getIdentifier());
    assertThat(loadedLatestStage.getApprovedBy(), is("loser"));
    assertThat(oldStage.getApprovedBy(), is(not("loser")));
    assertThat(result.canContinue(), is(true));
}
Also used : HttpOperationResult(com.thoughtworks.go.server.service.result.HttpOperationResult) User(org.springframework.security.userdetails.User) SecurityContext(org.springframework.security.context.SecurityContext) Stage(com.thoughtworks.go.domain.Stage) UsernamePasswordAuthenticationToken(org.springframework.security.providers.UsernamePasswordAuthenticationToken) Pipeline(com.thoughtworks.go.domain.Pipeline) Test(org.junit.Test)

Aggregations

UsernamePasswordAuthenticationToken (org.springframework.security.providers.UsernamePasswordAuthenticationToken)19 Test (org.junit.Test)11 User (org.springframework.security.userdetails.User)10 Authentication (org.springframework.security.Authentication)4 SecurityContext (org.springframework.security.context.SecurityContext)4 UserDetails (org.springframework.security.userdetails.UserDetails)4 AuthorityGranter (com.thoughtworks.go.server.security.AuthorityGranter)2 IOException (java.io.IOException)2 Before (org.junit.Before)2 GrantedAuthority (org.springframework.security.GrantedAuthority)2 SecurityContextImpl (org.springframework.security.context.SecurityContextImpl)2 AuthenticationProvider (org.springframework.security.providers.AuthenticationProvider)2 CaseInsensitiveString (com.thoughtworks.go.config.CaseInsensitiveString)1 SecurityAuthConfig (com.thoughtworks.go.config.SecurityAuthConfig)1 ConfigFileHasChangedException (com.thoughtworks.go.config.exceptions.ConfigFileHasChangedException)1 ConfigMergeException (com.thoughtworks.go.config.exceptions.ConfigMergeException)1 GoConfigInvalidException (com.thoughtworks.go.config.exceptions.GoConfigInvalidException)1 GitMaterialConfig (com.thoughtworks.go.config.materials.git.GitMaterialConfig)1 ConfigElementImplementationRegistry (com.thoughtworks.go.config.registry.ConfigElementImplementationRegistry)1 NoPluginsInstalled (com.thoughtworks.go.config.registry.NoPluginsInstalled)1