SEC-1132: Moved remaining preauth code from core to web

This commit is contained in:
Luke Taylor
2009-05-12 00:11:06 +00:00
parent 76561813e9
commit 4bad213b19
31 changed files with 83 additions and 250 deletions

View File

@@ -0,0 +1,119 @@
package org.springframework.security.web.authentication.preauth;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
/**
*
* @author TSARDD
* @since 18-okt-2007
*/
public class PreAuthenticatedAuthenticationProviderTests {
@Test(expected = IllegalArgumentException.class)
public final void afterPropertiesSet() {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
provider.afterPropertiesSet();
}
@Test
public final void authenticateInvalidToken() throws Exception {
UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES );
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new UsernamePasswordAuthenticationToken("dummyUser", "dummyPwd");
Authentication result = provider.authenticate(request);
assertNull(result);
}
@Test
public final void nullPrincipalReturnsNullAuthentication() throws Exception {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
Authentication request = new PreAuthenticatedAuthenticationToken(null, "dummyPwd");
Authentication result = provider.authenticate(request);
assertNull(result);
}
@Test
public final void authenticateKnownUser() throws Exception {
UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES );
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd");
Authentication result = provider.authenticate(request);
assertNotNull(result);
assertEquals(result.getPrincipal(), ud);
// @TODO: Add more asserts?
}
@Test
public final void authenticateIgnoreCredentials() throws Exception {
UserDetails ud = new User("dummyUser1", "dummyPwd1", true, true, true, true, AuthorityUtils.NO_AUTHORITIES );
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser1", "dummyPwd2");
Authentication result = provider.authenticate(request);
assertNotNull(result);
assertEquals(result.getPrincipal(), ud);
// @TODO: Add more asserts?
}
@Test(expected=UsernameNotFoundException.class)
public final void authenticateUnknownUserThrowsException() throws Exception {
UserDetails ud = new User("dummyUser1", "dummyPwd", true, true, true, true, AuthorityUtils.NO_AUTHORITIES );
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser2", "dummyPwd");
provider.authenticate(request);
}
@Test
public final void supportsArbitraryObject() throws Exception {
PreAuthenticatedAuthenticationProvider provider = getProvider(null);
assertFalse(provider.supports(Authentication.class));
}
@Test
public final void supportsPreAuthenticatedAuthenticationToken() throws Exception {
PreAuthenticatedAuthenticationProvider provider = getProvider(null);
assertTrue(provider.supports(PreAuthenticatedAuthenticationToken.class));
}
@Test
public void getSetOrder() throws Exception {
PreAuthenticatedAuthenticationProvider provider = getProvider(null);
provider.setOrder(333);
assertEquals(provider.getOrder(), 333);
}
private PreAuthenticatedAuthenticationProvider getProvider(UserDetails aUserDetails) throws Exception {
PreAuthenticatedAuthenticationProvider result = new PreAuthenticatedAuthenticationProvider();
result.setPreAuthenticatedUserDetailsService(getPreAuthenticatedUserDetailsService(aUserDetails));
result.afterPropertiesSet();
return result;
}
private AuthenticationUserDetailsService getPreAuthenticatedUserDetailsService(final UserDetails aUserDetails) {
return new AuthenticationUserDetailsService() {
public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
if (aUserDetails != null && aUserDetails.getUsername().equals(token.getName())) {
return aUserDetails;
}
throw new UsernameNotFoundException("notfound");
}
};
}
}

View File

@@ -0,0 +1,56 @@
package org.springframework.security.web.authentication.preauth;
import java.util.List;
import junit.framework.TestCase;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
/**
*
* @author TSARDD
* @since 18-okt-2007
*/
public class PreAuthenticatedAuthenticationTokenTests extends TestCase {
public void testPreAuthenticatedAuthenticationTokenRequestWithDetails() {
Object principal = "dummyUser";
Object credentials = "dummyCredentials";
Object details = "dummyDetails";
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials);
token.setDetails(details);
assertEquals(principal, token.getPrincipal());
assertEquals(credentials, token.getCredentials());
assertEquals(details, token.getDetails());
assertNull(token.getAuthorities());
}
public void testPreAuthenticatedAuthenticationTokenRequestWithoutDetails() {
Object principal = "dummyUser";
Object credentials = "dummyCredentials";
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, credentials);
assertEquals(principal, token.getPrincipal());
assertEquals(credentials, token.getCredentials());
assertNull(token.getDetails());
assertNull(token.getAuthorities());
}
public void testPreAuthenticatedAuthenticationTokenResponse() {
Object principal = "dummyUser";
Object credentials = "dummyCredentials";
List<GrantedAuthority> gas = AuthorityUtils.createAuthorityList("Role1");
PreAuthenticatedAuthenticationToken token =
new PreAuthenticatedAuthenticationToken(principal, credentials, gas);
assertEquals(principal, token.getPrincipal());
assertEquals(credentials, token.getCredentials());
assertNull(token.getDetails());
assertNotNull(token.getAuthorities());
List<GrantedAuthority> resultColl = token.getAuthorities();
assertTrue("GrantedAuthority collections do not match; result: " + resultColl + ", expected: " + gas,
gas.containsAll(resultColl) && resultColl.containsAll(gas));
}
}

View File

@@ -0,0 +1,73 @@
package org.springframework.security.web.authentication.preauth;
import static org.junit.Assert.*;
import java.util.List;
import org.junit.Test;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
/**
*
* @author TSARDD
* @since 18-okt-2007
*/
public class PreAuthenticatedGrantedAuthoritiesUserDetailsServiceTests {
@Test(expected=IllegalArgumentException.class)
public void testGetUserDetailsInvalidType() {
PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
token.setDetails(new Object());
svc.loadUserDetails(token);
}
@Test(expected=IllegalArgumentException.class)
public void testGetUserDetailsNoDetails() {
PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("dummy", "dummy");
token.setDetails(null);
svc.loadUserDetails(token);
}
@Test
public void testGetUserDetailsEmptyAuthorities() {
final String userName = "dummyUser";
testGetUserDetails(userName, AuthorityUtils.NO_AUTHORITIES);
}
@Test
public void testGetUserDetailsWithAuthorities() {
final String userName = "dummyUser";
testGetUserDetails(userName, AuthorityUtils.createAuthorityList("Role1", "Role2"));
}
private void testGetUserDetails(final String userName, final List<GrantedAuthority> gas) {
PreAuthenticatedGrantedAuthoritiesUserDetailsService svc = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(userName, "dummy");
token.setDetails(new GrantedAuthoritiesContainer() {
public List<GrantedAuthority> getGrantedAuthorities() {
return gas;
}
});
UserDetails ud = svc.loadUserDetails(token);
assertTrue(ud.isAccountNonExpired());
assertTrue(ud.isAccountNonLocked());
assertTrue(ud.isCredentialsNonExpired());
assertTrue(ud.isEnabled());
assertEquals(ud.getUsername(), userName);
//Password is not saved by
// PreAuthenticatedGrantedAuthoritiesUserDetailsService
//assertEquals(ud.getPassword(),password);
assertTrue("GrantedAuthority collections do not match; result: " + ud.getAuthorities() + ", expected: " + gas,
gas.containsAll(ud.getAuthorities()) && ud.getAuthorities().containsAll(gas));
}
}

View File

@@ -8,7 +8,6 @@ import org.junit.After;
import org.junit.Test;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
@@ -17,6 +16,7 @@ import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
/**
*