SES-55 SpnegoAuthenticationProcessingFilter should allow setting an AuthenticationDetailsSource bean

This commit is contained in:
Mike Wiesner
2013-05-03 14:26:48 +02:00
parent b90e907310
commit cd892788a5
5 changed files with 39 additions and 11 deletions

View File

@@ -44,6 +44,7 @@ public class KerberosAuthenticationProvider implements AuthenticationProvider {
String validatedUsername = kerberosClient.login(auth.getName(), auth.getCredentials().toString());
UserDetails userDetails = this.userDetailsService.loadUserByUsername(validatedUsername);
UsernamePasswordAuthenticationToken output = new UsernamePasswordAuthenticationToken(userDetails, auth.getCredentials(), userDetails.getAuthorities());
output.setDetails(authentication.getDetails());
return output;
}

View File

@@ -87,7 +87,10 @@ public class KerberosServiceAuthenticationProvider implements
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
userDetailsChecker.check(userDetails);
additionalAuthenticationChecks(userDetails, auth);
return new KerberosServiceRequestToken(userDetails, userDetails.getAuthorities(), token);
KerberosServiceRequestToken responseAuth = new KerberosServiceRequestToken(userDetails, userDetails.getAuthorities(), token);
responseAuth.setDetails(authentication.getDetails());
return responseAuth;
}

View File

@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@@ -36,6 +37,7 @@ import org.springframework.security.extensions.kerberos.KerberosServiceRequestTo
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.util.Assert;
@@ -109,7 +111,8 @@ import org.springframework.web.filter.GenericFilterBean;
* @see SpnegoEntryPoint
*/
public class SpnegoAuthenticationProcessingFilter extends GenericFilterBean {
private AuthenticationDetailsSource<HttpServletRequest,?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationSuccessHandler successHandler;
private AuthenticationFailureHandler failureHandler;
@@ -146,6 +149,7 @@ public class SpnegoAuthenticationProcessingFilter extends GenericFilterBean {
byte[] base64Token = header.substring(10).getBytes("UTF-8");
byte[] kerberosTicket = Base64.decode(base64Token);
KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket);
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));
Authentication authentication;
try {
authentication = authenticationManager.authenticate(authenticationRequest);
@@ -230,6 +234,12 @@ public class SpnegoAuthenticationProcessingFilter extends GenericFilterBean {
public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy) {
this.sessionStrategy = sessionStrategy;
}
public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest,?> authenticationDetailsSource) {
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
this.authenticationDetailsSource = authenticationDetailsSource;
}
/*
* (non-Javadoc)

View File

@@ -68,35 +68,44 @@ public class KerberosServiceAuthenticationProviderTest {
@Test
public void testEverythingWorks() throws Exception {
Authentication output = callProviderAndReturnUser(USER_DETAILS);
Authentication output = callProviderAndReturnUser(USER_DETAILS, INPUT_TOKEN);
assertNotNull(output);
assertEquals(TEST_USER, output.getName());
assertEquals(AUTHORITY_LIST, output.getAuthorities());
assertEquals(USER_DETAILS, output.getPrincipal());
}
@Test
public void testAuthenticationDetailsPropagation() throws Exception {
KerberosServiceRequestToken requestToken = new KerberosServiceRequestToken(TEST_TOKEN);
requestToken.setDetails("TestDetails");
Authentication output = callProviderAndReturnUser(USER_DETAILS, requestToken);
assertNotNull(output);
assertEquals(requestToken.getDetails(), output.getDetails());
}
@Test(expected=DisabledException.class)
public void testUserIsDisabled() throws Exception {
User disabledUser = new User(TEST_USER, "empty", false, true, true,true, AUTHORITY_LIST);
callProviderAndReturnUser(disabledUser);
callProviderAndReturnUser(disabledUser, INPUT_TOKEN);
}
@Test(expected=AccountExpiredException.class)
public void testUserAccountIsExpired() throws Exception {
User expiredUser = new User(TEST_USER, "empty", true, false, true,true, AUTHORITY_LIST);
callProviderAndReturnUser(expiredUser);
callProviderAndReturnUser(expiredUser, INPUT_TOKEN);
}
@Test(expected=CredentialsExpiredException.class)
public void testUserCredentialsExpired() throws Exception {
User credExpiredUser = new User(TEST_USER, "empty", true, true, false ,true, AUTHORITY_LIST);
callProviderAndReturnUser(credExpiredUser);
callProviderAndReturnUser(credExpiredUser, INPUT_TOKEN);
}
@Test(expected=LockedException.class)
public void testUserAccountLockedCredentialsExpired() throws Exception {
User lockedUser = new User(TEST_USER, "empty", true, true, true ,false, AUTHORITY_LIST);
callProviderAndReturnUser(lockedUser);
callProviderAndReturnUser(lockedUser, INPUT_TOKEN);
}
@Test(expected=UsernameNotFoundException.class)
@@ -119,13 +128,13 @@ public class KerberosServiceAuthenticationProviderTest {
provider.authenticate(INPUT_TOKEN);
}
private Authentication callProviderAndReturnUser(UserDetails disabledUser) {
private Authentication callProviderAndReturnUser(UserDetails userDetails, Authentication inputToken) {
// stubbing
when(ticketValidator.validateTicket(TEST_TOKEN)).thenReturn(TEST_USER);
when(userDetailsService.loadUserByUsername(TEST_USER)).thenReturn(disabledUser);
when(userDetailsService.loadUserByUsername(TEST_USER)).thenReturn(userDetails);
// testing
return provider.authenticate(INPUT_TOKEN);
return provider.authenticate(inputToken);
}
}

View File

@@ -41,6 +41,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.extensions.kerberos.KerberosServiceRequestToken;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
/**
* Test class for {@link SpnegoAuthenticationProcessingFilter}
@@ -58,6 +59,7 @@ public class SpnegoAuthenticationProcessingFilterTest {
private FilterChain chain;
private AuthenticationSuccessHandler successHandler;
private AuthenticationFailureHandler failureHandler;
private WebAuthenticationDetailsSource detailsSource;
// data
private static final byte[] TEST_TOKEN = "TestToken".getBytes();
@@ -72,6 +74,7 @@ public class SpnegoAuthenticationProcessingFilterTest {
public void before() throws Exception {
// mocking
authenticationManager = mock(AuthenticationManager.class);
detailsSource = new WebAuthenticationDetailsSource();
filter = new SpnegoAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
request = mock(HttpServletRequest.class);
@@ -97,7 +100,9 @@ public class SpnegoAuthenticationProcessingFilterTest {
private void everythingWorks() throws IOException, ServletException {
// stubbing
when(request.getHeader(HEADER)).thenReturn(TOKEN_PREFIX + TEST_TOKEN_BASE64);
when(authenticationManager.authenticate(new KerberosServiceRequestToken(TEST_TOKEN))).thenReturn(AUTHENTICATION);
KerberosServiceRequestToken requestToken = new KerberosServiceRequestToken(TEST_TOKEN);
requestToken.setDetails(detailsSource.buildDetails(request));
when(authenticationManager.authenticate(requestToken)).thenReturn(AUTHENTICATION);
// testing
filter.doFilter(request, response, chain);