Promoting OpenID out of the Sandbox

This commit is contained in:
Ray Krueger
2008-01-27 02:57:57 +00:00
parent ae71e9a5bd
commit 718eddadd7
21 changed files with 14 additions and 30 deletions

View File

@@ -0,0 +1,38 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.providers.openid;
import org.springframework.security.AuthenticationException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.AuthoritiesPopulator;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
/**
* DOCUMENT ME!
*
* @author Robin Bramley, Opsera Ltd
*/
public class MockAuthoritiesPopulator implements AuthoritiesPopulator {
//~ Methods ========================================================================================================
public UserDetails getUserDetails(String ssoUserId)
throws AuthenticationException {
return new User(ssoUserId, "password", true, true, true, true,
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A"), new GrantedAuthorityImpl("ROLE_B")});
}
}

View File

@@ -0,0 +1,192 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.providers.openid;
import junit.framework.TestCase;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationServiceException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* Tests {@link OpenIDAuthenticationProvider}
*
* @author Robin Bramley, Opsera Ltd
*/
public class OpenIDAuthenticationProviderTests extends TestCase {
//~ Static fields/initializers =====================================================================================
private static final String USERNAME = "user.acegiopenid.com";
//~ Methods ========================================================================================================
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testAuthenticateCancel() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "");
assertFalse(preAuth.isAuthenticated());
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (AuthenticationCancelledException expected) {
assertEquals("Log in cancelled", expected.getMessage());
}
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testAuthenticateError() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "");
assertFalse(preAuth.isAuthenticated());
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (AuthenticationServiceException expected) {
assertEquals("Error message from server: ", expected.getMessage());
}
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testAuthenticateFailure() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "");
assertFalse(preAuth.isAuthenticated());
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (BadCredentialsException expected) {
assertEquals("Log in failed - identity could not be verified", expected.getMessage());
}
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testAuthenticateSetupNeeded() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "");
assertFalse(preAuth.isAuthenticated());
try {
provider.authenticate(preAuth);
fail("Should throw an AuthenticationException");
} catch (AuthenticationServiceException expected) {
assertEquals("The server responded setup was needed, which shouldn't happen", expected.getMessage());
}
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testAuthenticateSuccess() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "");
assertFalse(preAuth.isAuthenticated());
Authentication postAuth = provider.authenticate(preAuth);
assertNotNull(postAuth);
assertTrue(postAuth instanceof OpenIDAuthenticationToken);
assertTrue(postAuth.isAuthenticated());
assertNotNull(postAuth.getPrincipal());
assertEquals(preAuth.getPrincipal(), postAuth.getPrincipal());
assertNotNull(postAuth.getAuthorities());
assertTrue(postAuth.getAuthorities().length > 0);
assertTrue(((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS);
assertTrue(((OpenIDAuthenticationToken) postAuth).getMessage() == null);
}
public void testDetectsMissingAuthoritiesPopulator() throws Exception {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
try {
provider.afterPropertiesSet();
fail("Should have thrown Exception");
} catch (IllegalArgumentException expected) {
//ignored
}
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.supports(Class)'
*/
public void testDoesntSupport() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.authenticate(Authentication)'
*/
public void testIgnoresUserPassAuthToken() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
assertEquals(null, provider.authenticate(token));
}
/*
* Test method for 'org.springframework.security.providers.openid.OpenIDAuthenticationProvider.supports(Class)'
*/
public void testSupports() {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
assertTrue(provider.supports(OpenIDAuthenticationToken.class));
}
public void testValidation() throws Exception {
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
provider.setAuthoritiesPopulator(new MockAuthoritiesPopulator());
provider.afterPropertiesSet();
provider.setAuthoritiesPopulator(null);
try {
provider.afterPropertiesSet();
fail("IllegalArgumentException expected, ssoAuthoritiesPopulator is null");
} catch (IllegalArgumentException e) {
//expected
}
}
}

View File

@@ -0,0 +1,39 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.providers.openid;
import junit.framework.TestCase;
/**
* DOCUMENT ME!
*
* @author Ray Krueger
*/
public class OpenIdAuthenticationTokenTests extends TestCase {
public void test() throws Exception {
OpenIDAuthenticationToken token = newToken();
assertEquals(token, newToken());
}
private OpenIDAuthenticationToken newToken() {
return new OpenIDAuthenticationToken(
OpenIDAuthenticationStatus.SUCCESS,
"http://raykrueger.blogspot.com/",
"what is this for anyway?");
}
}

View File

@@ -0,0 +1,135 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.ui.openid;
import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.AbstractAuthenticationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.providers.AuthoritiesPopulator;
import org.springframework.security.providers.openid.MockAuthoritiesPopulator;
import org.springframework.security.providers.openid.OpenIDAuthenticationStatus;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
import org.springframework.security.ui.openid.consumers.MockOpenIDConsumer;
/**
* Tests {@link OpenIDResponseProcessingFilter}
*
* @author Robin Bramley, Opsera Ltd
*/
public class OpenIDResponseProcessingFilterTests extends TestCase {
//~ Static fields/initializers =====================================================================================
private static final String USERNAME = "user.acegiopenid.com";
//~ Methods ========================================================================================================
/*
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.attemptAuthentication(HttpServletRequest)'
*/
public void testAttemptAuthenticationFailure() {
// set up mock objects
MockOpenIDAuthenticationManager mockAuthManager = new MockOpenIDAuthenticationManager(false);
OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "");
MockOpenIDConsumer mockConsumer = new MockOpenIDConsumer();
mockConsumer.setToken(token);
MockHttpServletRequest req = new MockHttpServletRequest();
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
filter.setConsumer(mockConsumer);
filter.setAuthenticationManager(mockAuthManager);
// run test
try {
filter.attemptAuthentication(req);
fail("Should've thrown exception");
} catch (BadCredentialsException expected) {
assertEquals("MockOpenIDAuthenticationManager instructed to deny access", expected.getMessage());
}
}
/*
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.attemptAuthentication(HttpServletRequest)'
*/
public void testAttemptAuthenticationHttpServletRequest() {
// set up mock objects
MockOpenIDAuthenticationManager mockAuthManager = new MockOpenIDAuthenticationManager(true);
OpenIDAuthenticationToken token = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "");
MockOpenIDConsumer mockConsumer = new MockOpenIDConsumer();
mockConsumer.setToken(token);
MockHttpServletRequest req = new MockHttpServletRequest();
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
filter.setConsumer(mockConsumer);
filter.setAuthenticationManager(mockAuthManager);
// run test
Authentication authentication = filter.attemptAuthentication(req);
// assertions
assertNotNull(authentication);
assertTrue(authentication.isAuthenticated());
assertTrue(authentication instanceof OpenIDAuthenticationToken);
assertNotNull(authentication.getPrincipal());
assertEquals(USERNAME, authentication.getPrincipal());
assertNotNull(authentication.getAuthorities());
assertTrue(authentication.getAuthorities().length > 0);
assertTrue(((OpenIDAuthenticationToken) authentication).getStatus() == OpenIDAuthenticationStatus.SUCCESS);
assertTrue(((OpenIDAuthenticationToken) authentication).getMessage() == null);
}
/*
* Test method for 'org.springframework.security.ui.openid.OpenIDResponseProcessingFilter.getDefaultFilterProcessesUrl()'
*/
public void testGetDefaultFilterProcessesUrl() {
OpenIDResponseProcessingFilter filter = new OpenIDResponseProcessingFilter();
assertEquals("/j_spring_openid_security_check", filter.getDefaultFilterProcessesUrl());
}
//~ Inner Classes ==================================================================================================
// private mock AuthenticationManager
private class MockOpenIDAuthenticationManager extends AbstractAuthenticationManager {
private AuthoritiesPopulator ssoAuthoritiesPopulator;
private boolean grantAccess = true;
public MockOpenIDAuthenticationManager(boolean grantAccess) {
this.grantAccess = grantAccess;
ssoAuthoritiesPopulator = new MockAuthoritiesPopulator();
}
public MockOpenIDAuthenticationManager() {
super();
ssoAuthoritiesPopulator = new MockAuthoritiesPopulator();
}
public Authentication doAuthentication(Authentication authentication)
throws AuthenticationException {
if (grantAccess) {
return new OpenIDAuthenticationToken(ssoAuthoritiesPopulator.getUserDetails(USERNAME).getAuthorities(),
OpenIDAuthenticationStatus.SUCCESS, USERNAME);
} else {
throw new BadCredentialsException("MockOpenIDAuthenticationManager instructed to deny access");
}
}
}
}

View File

@@ -0,0 +1,78 @@
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.ui.openid.consumers;
import org.springframework.security.providers.openid.OpenIDAuthenticationToken;
import org.springframework.security.ui.openid.OpenIDConsumer;
import org.springframework.security.ui.openid.OpenIDConsumerException;
import javax.servlet.http.HttpServletRequest;
/**
* DOCUMENT ME!
*
* @author Robin Bramley, Opsera Ltd
*/
public class MockOpenIDConsumer implements OpenIDConsumer {
//~ Instance fields ================================================================================================
private OpenIDAuthenticationToken token;
private String redirectUrl;
//~ Methods ========================================================================================================
/* (non-Javadoc)
* @see org.springframework.security.ui.openid.OpenIDConsumer#beginConsumption(javax.servlet.http.HttpServletRequest, java.lang.String)
*/
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl)
throws OpenIDConsumerException {
return redirectUrl;
}
/* (non-Javadoc)
* @see org.springframework.security.ui.openid.OpenIDConsumer#endConsumption(javax.servlet.http.HttpServletRequest)
*/
public OpenIDAuthenticationToken endConsumption(HttpServletRequest req)
throws OpenIDConsumerException {
return token;
}
/**
* Set the redirectUrl to be returned by beginConsumption
*
* @param redirectUrl
*/
public void setRedirectUrl(String redirectUrl) {
this.redirectUrl = redirectUrl;
}
/* (non-Javadoc)
* @see org.springframework.security.ui.openid.OpenIDConsumer#setReturnToUrl(java.lang.String)
*/
public void setReturnToUrl(String returnToUrl) {
// TODO Auto-generated method stub
}
/**
* Set the token to be returned by endConsumption
*
* @param token
*/
public void setToken(OpenIDAuthenticationToken token) {
this.token = token;
}
}