Search in sources :

Example 1 with RequestAttributeAuthenticationFilter

use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.

the class RequestAttributeAuthenticationFilterTests method defaultsToUsingSiteminderHeader.

@Test
public void defaultsToUsingSiteminderHeader() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setAttribute("REMOTE_USER", "cat");
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
    filter.setAuthenticationManager(createAuthenticationManager());
    filter.doFilter(request, response, chain);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
    assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("cat");
    assertThat(SecurityContextHolder.getContext().getAuthentication().getCredentials()).isEqualTo("N/A");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestAttributeAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 2 with RequestAttributeAuthenticationFilter

use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.

the class RequestAttributeAuthenticationFilterTests method missingHeaderCausesException.

@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
public void missingHeaderCausesException() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
    filter.setAuthenticationManager(createAuthenticationManager());
    filter.doFilter(request, response, chain);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestAttributeAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 3 with RequestAttributeAuthenticationFilter

use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.

the class RequestAttributeAuthenticationFilterTests method alternativeHeaderNameIsSupported.

@Test
public void alternativeHeaderNameIsSupported() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setAttribute("myUsernameVariable", "wolfman");
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
    filter.setAuthenticationManager(createAuthenticationManager());
    filter.setPrincipalEnvironmentVariable("myUsernameVariable");
    filter.doFilter(request, response, chain);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
    assertThat(SecurityContextHolder.getContext().getAuthentication().getName()).isEqualTo("wolfman");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestAttributeAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 4 with RequestAttributeAuthenticationFilter

use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.

the class RequestAttributeAuthenticationFilterTests method userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet.

@Test
public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
    filter.setAuthenticationManager(createAuthenticationManager());
    filter.setCheckForPrincipalChanges(true);
    request.setAttribute("REMOTE_USER", "cat");
    filter.doFilter(request, response, new MockFilterChain());
    request = new MockHttpServletRequest();
    request.setAttribute("REMOTE_USER", "dog");
    filter.doFilter(request, response, new MockFilterChain());
    Authentication dog = SecurityContextHolder.getContext().getAuthentication();
    assertThat(dog).isNotNull();
    assertThat(dog.getName()).isEqualTo("dog");
    // Make sure authentication doesn't occur every time (i.e. if the variable
    // *doesn't*
    // change)
    filter.setAuthenticationManager(mock(AuthenticationManager.class));
    filter.doFilter(request, response, new MockFilterChain());
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) RequestAttributeAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 5 with RequestAttributeAuthenticationFilter

use of org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter in project spring-security by spring-projects.

the class RequestAttributeAuthenticationFilterTests method missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse.

@Test
public void missingHeaderIsIgnoredIfExceptionIfHeaderMissingIsFalse() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    RequestAttributeAuthenticationFilter filter = new RequestAttributeAuthenticationFilter();
    filter.setExceptionIfVariableMissing(false);
    filter.setAuthenticationManager(createAuthenticationManager());
    filter.doFilter(request, response, chain);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestAttributeAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)7 MockFilterChain (org.springframework.mock.web.MockFilterChain)7 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7 RequestAttributeAuthenticationFilter (org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter)7 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 Authentication (org.springframework.security.core.Authentication)1