use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.
the class RequestAttributeAuthenticationFilterTests method defaultsToUsingSiteminderHeader.
@Test
public void defaultsToUsingSiteminderHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setAttribute("REMOTE_USER", "cat");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
}
use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.
the class RequestAttributeAuthenticationFilterTests method missingHeaderCausesException.
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
public void missingHeaderCausesException() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
}
use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.
the class RequestAttributeAuthenticationFilterTests method alternativeHeaderNameIsSupported.
@Test
public void alternativeHeaderNameIsSupported() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setAttribute("myUsernameVariable", "wolfman");
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.setPrincipalEnvironmentVariable("myUsernameVariable");
filter.doFilter(request, response, chain);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
}
use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.
the class RequestAttributeAuthenticationFilterTests method userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet.
@Test
public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.setCheckForPrincipalChanges(true);
request.setAttribute("REMOTE_USER", "cat");
filter.doFilter(request, response, new MockFilterChain());
request = new MockHttpServletRequest();
request.setAttribute("REMOTE_USER", "dog");
filter.doFilter(request, response, new MockFilterChain());
Authentication dog = SecurityContextHolder.getContext().getAuthentication();
assertThat(dog).isNotNull();
assertThat(dog.getName()).isEqualTo("dog");
// Make sure authentication doesn't occur every time (i.e. if the variable
// *doesn't*
// change)
filter.setAuthenticationManager(mock(AuthenticationManager.class));
filter.doFilter(request, response, new MockFilterChain());
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
}
use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.
the class RequestAttributeAuthenticationFilterTests method missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse.
@Test
public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
filter.setExceptionIfVariableMissing(false);
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
}
Aggregations