Promoting OpenID out of the Sandbox
This commit is contained in:
@@ -0,0 +1,38 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.providers.AuthoritiesPopulator;
|
||||
import org.springframework.security.userdetails.User;
|
||||
import org.springframework.security.userdetails.UserDetails;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class MockAuthoritiesPopulator implements AuthoritiesPopulator {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public UserDetails getUserDetails(String ssoUserId)
|
||||
throws AuthenticationException {
|
||||
return new User(ssoUserId, "password", true, true, true, true,
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B")});
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,192 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationServiceException;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link OpenIDAuthenticationProvider}
|
||||
*
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class OpenIDAuthenticationProviderTests extends TestCase {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final String USERNAME = "user.acegiopenid.com";
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testAuthenticateCancel() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "");
|
||||
|
||||
assertFalse(preAuth.isAuthenticated());
|
||||
|
||||
try {
|
||||
provider.authenticate(preAuth);
|
||||
fail("Should throw an AuthenticationException");
|
||||
} catch (AuthenticationCancelledException expected) {
|
||||
assertEquals("Log in cancelled", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testAuthenticateError() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "");
|
||||
|
||||
assertFalse(preAuth.isAuthenticated());
|
||||
|
||||
try {
|
||||
provider.authenticate(preAuth);
|
||||
fail("Should throw an AuthenticationException");
|
||||
} catch (AuthenticationServiceException expected) {
|
||||
assertEquals("Error message from server: ", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testAuthenticateFailure() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "");
|
||||
|
||||
assertFalse(preAuth.isAuthenticated());
|
||||
|
||||
try {
|
||||
provider.authenticate(preAuth);
|
||||
fail("Should throw an AuthenticationException");
|
||||
} catch (BadCredentialsException expected) {
|
||||
assertEquals("Log in failed - identity could not be verified", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testAuthenticateSetupNeeded() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "");
|
||||
|
||||
assertFalse(preAuth.isAuthenticated());
|
||||
|
||||
try {
|
||||
provider.authenticate(preAuth);
|
||||
fail("Should throw an AuthenticationException");
|
||||
} catch (AuthenticationServiceException expected) {
|
||||
assertEquals("The server responded setup was needed, which shouldn't happen", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testAuthenticateSuccess() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "");
|
||||
|
||||
assertFalse(preAuth.isAuthenticated());
|
||||
|
||||
Authentication postAuth = provider.authenticate(preAuth);
|
||||
|
||||
assertNotNull(postAuth);
|
||||
assertTrue(postAuth instanceof OpenIDAuthenticationToken);
|
||||
assertTrue(postAuth.isAuthenticated());
|
||||
assertNotNull(postAuth.getPrincipal());
|
||||
assertEquals(preAuth.getPrincipal(), postAuth.getPrincipal());
|
||||
assertNotNull(postAuth.getAuthorities());
|
||||
assertTrue(postAuth.getAuthorities().length > 0);
|
||||
assertTrue(((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS);
|
||||
assertTrue(((OpenIDAuthenticationToken) postAuth).getMessage() == null);
|
||||
}
|
||||
|
||||
public void testDetectsMissingAuthoritiesPopulator() throws Exception {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
|
||||
try {
|
||||
provider.afterPropertiesSet();
|
||||
fail("Should have thrown Exception");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
//ignored
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.supports(Class)'
|
||||
*/
|
||||
public void testDoesntSupport() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
|
||||
*/
|
||||
public void testIgnoresUserPassAuthToken() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
|
||||
assertEquals(null, provider.authenticate(token));
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.supports(Class)'
|
||||
*/
|
||||
public void testSupports() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
|
||||
assertTrue(provider.supports(OpenIDAuthenticationToken.class));
|
||||
}
|
||||
|
||||
public void testValidation() throws Exception {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
|
||||
provider.afterPropertiesSet();
|
||||
|
||||
provider.setAuthoritiesPopulator(null);
|
||||
|
||||
try {
|
||||
provider.afterPropertiesSet();
|
||||
fail("IllegalArgumentException expected, ssoAuthoritiesPopulator is null");
|
||||
} catch (IllegalArgumentException e) {
|
||||
//expected
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.providers.openid;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Ray Krueger
|
||||
*/
|
||||
public class OpenIdAuthenticationTokenTests extends TestCase {
|
||||
|
||||
public void test() throws Exception {
|
||||
OpenIDAuthenticationToken token = newToken();
|
||||
assertEquals(token, newToken());
|
||||
}
|
||||
|
||||
private OpenIDAuthenticationToken newToken() {
|
||||
return new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.SUCCESS,
|
||||
"http://raykrueger.blogspot.com/",
|
||||
"what is this for anyway?");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -0,0 +1,135 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.AbstractAuthenticationManager;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.AuthenticationException;
|
||||
import org.springframework.security.BadCredentialsException;
|
||||
import org.springframework.security.providers.AuthoritiesPopulator;
|
||||
import org.springframework.security.providers.openid.MockAuthoritiesPopulator;
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link OpenIDResponseProcessingFilter}
|
||||
*
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class OpenIDResponseProcessingFilterTests extends TestCase {
|
||||
//~ Static fields/initializers =====================================================================================
|
||||
|
||||
private static final String USERNAME = "user.acegiopenid.com";
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.attemptAuthentication(HttpServletRequest)'
|
||||
*/
|
||||
public void testAttemptAuthenticationFailure() {
|
||||
// set up mock objects
|
||||
MockOpenIDAuthenticationManager mockAuthManager = new MockOpenIDAuthenticationManager(false);
|
||||
|
||||
OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "");
|
||||
MockOpenIDConsumer mockConsumer = new MockOpenIDConsumer();
|
||||
mockConsumer.setToken(token);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
|
||||
filter.setConsumer(mockConsumer);
|
||||
filter.setAuthenticationManager(mockAuthManager);
|
||||
|
||||
// run test
|
||||
try {
|
||||
filter.attemptAuthentication(req);
|
||||
fail("Should've thrown exception");
|
||||
} catch (BadCredentialsException expected) {
|
||||
assertEquals("MockOpenIDAuthenticationManager instructed to deny access", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.attemptAuthentication(HttpServletRequest)'
|
||||
*/
|
||||
public void testAttemptAuthenticationHttpServletRequest() {
|
||||
// set up mock objects
|
||||
MockOpenIDAuthenticationManager mockAuthManager = new MockOpenIDAuthenticationManager(true);
|
||||
|
||||
OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "");
|
||||
MockOpenIDConsumer mockConsumer = new MockOpenIDConsumer();
|
||||
mockConsumer.setToken(token);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
|
||||
filter.setConsumer(mockConsumer);
|
||||
filter.setAuthenticationManager(mockAuthManager);
|
||||
|
||||
// run test
|
||||
Authentication authentication = filter.attemptAuthentication(req);
|
||||
|
||||
// assertions
|
||||
assertNotNull(authentication);
|
||||
assertTrue(authentication.isAuthenticated());
|
||||
assertTrue(authentication instanceof OpenIDAuthenticationToken);
|
||||
assertNotNull(authentication.getPrincipal());
|
||||
assertEquals(USERNAME, authentication.getPrincipal());
|
||||
assertNotNull(authentication.getAuthorities());
|
||||
assertTrue(authentication.getAuthorities().length > 0);
|
||||
assertTrue(((OpenIDAuthenticationToken) authentication).getStatus() == OpenIDAuthenticationStatus.SUCCESS);
|
||||
assertTrue(((OpenIDAuthenticationToken) authentication).getMessage() == null);
|
||||
}
|
||||
|
||||
/*
|
||||
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.getDefaultFilterProcessesUrl()'
|
||||
*/
|
||||
public void testGetDefaultFilterProcessesUrl() {
|
||||
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
|
||||
assertEquals("/j_spring_openid_security_check", filter.getDefaultFilterProcessesUrl());
|
||||
}
|
||||
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
// private mock AuthenticationManager
|
||||
private class MockOpenIDAuthenticationManager extends AbstractAuthenticationManager {
|
||||
private AuthoritiesPopulator ssoAuthoritiesPopulator;
|
||||
private boolean grantAccess = true;
|
||||
|
||||
public MockOpenIDAuthenticationManager(boolean grantAccess) {
|
||||
this.grantAccess = grantAccess;
|
||||
ssoAuthoritiesPopulator = new MockAuthoritiesPopulator();
|
||||
}
|
||||
|
||||
public MockOpenIDAuthenticationManager() {
|
||||
super();
|
||||
ssoAuthoritiesPopulator = new MockAuthoritiesPopulator();
|
||||
}
|
||||
|
||||
public Authentication doAuthentication(Authentication authentication)
|
||||
throws AuthenticationException {
|
||||
if (grantAccess) {
|
||||
return new OpenIDAuthenticationToken(ssoAuthoritiesPopulator.getUserDetails(USERNAME).getAuthorities(),
|
||||
OpenIDAuthenticationStatus.SUCCESS, USERNAME);
|
||||
} else {
|
||||
throw new BadCredentialsException("MockOpenIDAuthenticationManager instructed to deny access");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,78 @@
|
||||
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.ui.openid.consumers;
|
||||
|
||||
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
|
||||
|
||||
import org.springframework.security.ui.openid.OpenIDConsumer;
|
||||
import org.springframework.security.ui.openid.OpenIDConsumerException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class MockOpenIDConsumer implements OpenIDConsumer {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private OpenIDAuthenticationToken token;
|
||||
private String redirectUrl;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.ui.openid.OpenIDConsumer#beginConsumption(javax.servlet.http.HttpServletRequest, java.lang.String)
|
||||
*/
|
||||
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl)
|
||||
throws OpenIDConsumerException {
|
||||
return redirectUrl;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.ui.openid.OpenIDConsumer#endConsumption(javax.servlet.http.HttpServletRequest)
|
||||
*/
|
||||
public OpenIDAuthenticationToken endConsumption(HttpServletRequest req)
|
||||
throws OpenIDConsumerException {
|
||||
return token;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the redirectUrl to be returned by beginConsumption
|
||||
*
|
||||
* @param redirectUrl
|
||||
*/
|
||||
public void setRedirectUrl(String redirectUrl) {
|
||||
this.redirectUrl = redirectUrl;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.ui.openid.OpenIDConsumer#setReturnToUrl(java.lang.String)
|
||||
*/
|
||||
public void setReturnToUrl(String returnToUrl) {
|
||||
// TODO Auto-generated method stub
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the token to be returned by endConsumption
|
||||
*
|
||||
* @param token
|
||||
*/
|
||||
public void setToken(OpenIDAuthenticationToken token) {
|
||||
this.token = token;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user