Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method - authenticated factory method - test for unauthenticated factory method - test for authenticated factory method - make existing constructor protected - use newly factory methods in rest of the project - update copyright dates Closes gh-10790
This commit is contained in:
committed by
Josh Cummings
parent
d2f24ae5f5
commit
ac9c29b2a0
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -93,8 +93,8 @@ public class AuthenticationManagerBuilderTests {
|
||||
given(opp.postProcess(any())).willAnswer((a) -> a.getArgument(0));
|
||||
AuthenticationManager am = new AuthenticationManagerBuilder(opp).authenticationEventPublisher(aep)
|
||||
.inMemoryAuthentication().and().build();
|
||||
assertThatExceptionOfType(AuthenticationException.class)
|
||||
.isThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
|
||||
() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password")));
|
||||
verify(aep).publishAuthenticationFailure(any(), any());
|
||||
}
|
||||
|
||||
@@ -103,7 +103,8 @@ public class AuthenticationManagerBuilderTests {
|
||||
this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
|
||||
AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
|
||||
.getAuthenticationManager();
|
||||
Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
Authentication auth = manager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThat(auth.getName()).isEqualTo("user");
|
||||
assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
|
||||
}
|
||||
@@ -113,7 +114,8 @@ public class AuthenticationManagerBuilderTests {
|
||||
this.spring.register(PasswordEncoderGlobalConfig.class).autowire();
|
||||
AuthenticationManager manager = this.spring.getContext().getBean(AuthenticationConfiguration.class)
|
||||
.getAuthenticationManager();
|
||||
Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
Authentication auth = manager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThat(auth.getName()).isEqualTo("user");
|
||||
assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER");
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -47,7 +47,8 @@ public class AuthenticationConfigurationPublishTests {
|
||||
// gh-4940
|
||||
@Test
|
||||
public void authenticationEventPublisherBeanUsedByDefault() {
|
||||
this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
this.authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThat(this.listener.getEvents()).hasSize(1);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -129,7 +129,8 @@ public class AuthenticationConfigurationTests {
|
||||
|
||||
@Test
|
||||
public void getAuthenticationWhenGlobalAuthenticationConfigurerAdapterThenAuthenticates() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated("user",
|
||||
"password");
|
||||
this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
|
||||
UserGlobalAuthenticationConfigurerAdapter.class).autowire();
|
||||
AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
|
||||
@@ -139,7 +140,8 @@ public class AuthenticationConfigurationTests {
|
||||
|
||||
@Test
|
||||
public void getAuthenticationWhenAuthenticationManagerBeanThenAuthenticates() throws Exception {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated("user",
|
||||
"password");
|
||||
this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class,
|
||||
AuthenticationManagerBeanConfig.class).autowire();
|
||||
AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class)
|
||||
@@ -165,9 +167,9 @@ public class AuthenticationConfigurationTests {
|
||||
config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(),
|
||||
new BootGlobalAuthenticationConfigurerAdapter()));
|
||||
AuthenticationManager authenticationManager = config.getAuthenticationManager();
|
||||
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
|
||||
() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password")));
|
||||
authenticationManager.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("boot", "password")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -176,7 +178,7 @@ public class AuthenticationConfigurationTests {
|
||||
AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class);
|
||||
config.setGlobalAuthenticationConfigurers(Arrays.asList(new BootGlobalAuthenticationConfigurerAdapter()));
|
||||
AuthenticationManager authenticationManager = config.getAuthenticationManager();
|
||||
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"));
|
||||
authenticationManager.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("boot", "password"));
|
||||
}
|
||||
|
||||
// gh-2531
|
||||
@@ -206,9 +208,9 @@ public class AuthenticationConfigurationTests {
|
||||
AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class)
|
||||
.getAuthenticationManager();
|
||||
given(uds.loadUserByUsername("user")).willReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user());
|
||||
am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class)
|
||||
.isThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")));
|
||||
am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
|
||||
() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -221,9 +223,9 @@ public class AuthenticationConfigurationTests {
|
||||
.getAuthenticationManager();
|
||||
given(uds.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
|
||||
User.withUserDetails(user).build());
|
||||
am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class)
|
||||
.isThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")));
|
||||
am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
|
||||
() -> am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "invalid")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -237,7 +239,7 @@ public class AuthenticationConfigurationTests {
|
||||
given(manager.loadUserByUsername("user")).willReturn(User.withUserDetails(user).build(),
|
||||
User.withUserDetails(user).build());
|
||||
given(manager.updatePassword(any(), any())).willReturn(user);
|
||||
am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
verify(manager).updatePassword(eq(user), startsWith("{bcrypt}"));
|
||||
}
|
||||
|
||||
@@ -250,7 +252,7 @@ public class AuthenticationConfigurationTests {
|
||||
.getAuthenticationManager();
|
||||
given(ap.supports(any())).willReturn(true);
|
||||
given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
|
||||
am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
}
|
||||
|
||||
// gh-3091
|
||||
@@ -262,7 +264,7 @@ public class AuthenticationConfigurationTests {
|
||||
.getAuthenticationManager();
|
||||
given(ap.supports(any())).willReturn(true);
|
||||
given(ap.authenticate(any())).willReturn(TestAuthentication.authenticatedUser());
|
||||
am.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
am.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -75,21 +75,21 @@ public class Issue50Tests {
|
||||
@Test
|
||||
public void authenticateWhenMissingUserThenUsernameNotFoundException() {
|
||||
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenInvalidPasswordThenBadCredentialsException() {
|
||||
this.userRepo.save(User.withUsernameAndPassword("test", "password"));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("test", "invalid")));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "invalid")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenValidUserThenAuthenticates() {
|
||||
this.userRepo.save(User.withUsernameAndPassword("test", "password"));
|
||||
Authentication result = this.authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("test", "password"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password"));
|
||||
assertThat(result.getName()).isEqualTo("test");
|
||||
}
|
||||
|
||||
@@ -98,7 +98,7 @@ public class Issue50Tests {
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("test", null, "ROLE_USER"));
|
||||
this.userRepo.save(User.withUsernameAndPassword("denied", "password"));
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> this.authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("test", "password")));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("test", "password")));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -106,8 +106,8 @@ public class GlobalMethodSecurityConfigurationTests {
|
||||
@Test
|
||||
public void methodSecurityAuthenticationManagerPublishesEvent() {
|
||||
this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire();
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(
|
||||
() -> this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar")));
|
||||
assertThatExceptionOfType(AuthenticationException.class).isThrownBy(() -> this.authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("foo", "bar")));
|
||||
assertThat(this.events.getEvents()).extracting(Object::getClass)
|
||||
.containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -65,7 +65,7 @@ public class AuthenticationPrincipalArgumentResolverTests {
|
||||
User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContext context = SecurityContextHolder.createEmptyContext();
|
||||
context.setAuthentication(
|
||||
new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
|
||||
UsernamePasswordAuthenticationToken.authenticated(user, user.getPassword(), user.getAuthorities()));
|
||||
SecurityContextHolder.setContext(context);
|
||||
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
|
||||
// @formatter:off
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -60,7 +60,7 @@ public class EnableWebSecurityTests {
|
||||
this.spring.register(SecurityConfig.class).autowire();
|
||||
AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class);
|
||||
Authentication authentication = authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
assertThat(authentication.isAuthenticated()).isTrue();
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -1013,7 +1013,7 @@ public class WebSecurityConfigurationTests {
|
||||
return new ProviderManager(new AuthenticationProvider() {
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
return new UsernamePasswordAuthenticationToken("user", "credentials");
|
||||
return UsernamePasswordAuthenticationToken.unauthenticated("user", "credentials");
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -1028,7 +1028,7 @@ public class WebSecurityConfigurationTests {
|
||||
return new ProviderManager(new AuthenticationProvider() {
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
return new UsernamePasswordAuthenticationToken("subuser", "credentials");
|
||||
return UsernamePasswordAuthenticationToken.unauthenticated("subuser", "credentials");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -150,7 +150,7 @@ public class AuthorizeRequestsTests {
|
||||
public void roleHiearchy() throws Exception {
|
||||
loadConfig(RoleHiearchyConfig.class);
|
||||
SecurityContext securityContext = new SecurityContextImpl();
|
||||
securityContext.setAuthentication(new UsernamePasswordAuthenticationToken("test", "notused",
|
||||
securityContext.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("test", "notused",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER")));
|
||||
this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
|
||||
securityContext);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -100,7 +100,8 @@ public class NamespaceHttpInterceptUrlTests {
|
||||
}
|
||||
|
||||
private static Authentication user(String role) {
|
||||
return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.createAuthorityList(role));
|
||||
return UsernamePasswordAuthenticationToken.authenticated("user", null,
|
||||
AuthorityUtils.createAuthorityList(role));
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -97,7 +97,7 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
|
||||
}
|
||||
|
||||
private static Authentication user() {
|
||||
return new UsernamePasswordAuthenticationToken("user", null, AuthorityUtils.NO_AUTHORITIES);
|
||||
return UsernamePasswordAuthenticationToken.authenticated("user", null, AuthorityUtils.NO_AUTHORITIES);
|
||||
}
|
||||
|
||||
private <T> T verifyBean(Class<T> beanClass) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -72,7 +72,7 @@ public class AuthenticationConfigurationGh3935Tests {
|
||||
AuthenticationManager authenticationManager = this.adapter.authenticationManager;
|
||||
assertThat(authenticationManager).isNotNull();
|
||||
Authentication auth = authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken(username, password));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated(username, password));
|
||||
verify(this.uds).loadUserByUsername(username);
|
||||
assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user());
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -98,7 +98,7 @@ public class AuthenticationManagerBeanDefinitionParserTests {
|
||||
Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
|
||||
assertThat(eventPublisher).isNotNull();
|
||||
assertThat(eventPublisher instanceof DefaultAuthenticationEventPublisher).isTrue();
|
||||
pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
|
||||
pm.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword"));
|
||||
assertThat(listener.events).hasSize(1);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -42,7 +42,8 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
|
||||
private AbstractXmlApplicationContext appContext;
|
||||
|
||||
private UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
private UsernamePasswordAuthenticationToken bob = UsernamePasswordAuthenticationToken.unauthenticated("bob",
|
||||
"bobspassword");
|
||||
|
||||
@AfterEach
|
||||
public void closeAppContext() {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -129,7 +129,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
|
||||
+ DATA_SOURCE);
|
||||
// @formatter:on
|
||||
AuthenticationManager mgr = (AuthenticationManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
|
||||
mgr.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", "koala"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -146,7 +146,7 @@ public class JdbcUserServiceBeanDefinitionParserTests {
|
||||
ProviderManager mgr = (ProviderManager) this.appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
|
||||
assertThat(this.appContext.getBean("userCache")).isSameAs(provider.getUserCache());
|
||||
provider.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
|
||||
provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rod", "koala"));
|
||||
assertThat(provider.getUserCache().getUserFromCache("rod")).isNotNull()
|
||||
.withFailMessage("Cache should contain user after authentication");
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -67,7 +67,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
*/
|
||||
public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
|
||||
private final UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken("bob",
|
||||
private final UsernamePasswordAuthenticationToken bob = UsernamePasswordAuthenticationToken.unauthenticated("bob",
|
||||
"bobspassword");
|
||||
|
||||
private AbstractXmlApplicationContext appContext;
|
||||
@@ -106,7 +106,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
|
||||
loadContext();
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.unauthenticated("user",
|
||||
"password");
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.someUserMethod1();
|
||||
// SEC-1213. Check the order
|
||||
@@ -153,8 +154,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
+ "</authentication-manager>");
|
||||
// @formatter:on
|
||||
UserDetailsService service = (UserDetailsService) this.appContext.getBean("myUserService");
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> service.loadUserByUsername("notused"));
|
||||
}
|
||||
@@ -170,7 +171,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
+ ConfigTestUtils.AUTH_PROVIDER_XML);
|
||||
// @formatter:on
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
.setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
this.target = (BusinessService) this.appContext.getBean("target");
|
||||
// someOther(int) should not be matched by someOther(String), but should require
|
||||
// ROLE_USER
|
||||
@@ -198,7 +199,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
|
||||
.isThrownBy(() -> this.target.someOther(0));
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
.setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("user", "password"));
|
||||
this.target.someOther(0);
|
||||
}
|
||||
|
||||
@@ -219,8 +220,8 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
+ "</b:bean>"
|
||||
+ ConfigTestUtils.AUTH_PROVIDER_XML);
|
||||
// @formatter:on
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target = (BusinessService) this.appContext.getBean("businessService");
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someUserMethod1);
|
||||
@@ -384,7 +385,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
Foo foo = (Foo) this.appContext.getBean("target");
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A")));
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
|
||||
.setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password"));
|
||||
foo.foo(new SecurityConfig("A"));
|
||||
}
|
||||
|
||||
@@ -405,7 +406,7 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
Foo foo = (Foo) this.appContext.getBean("target");
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> foo.foo(new SecurityConfig("A")));
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password"));
|
||||
.setAuthentication(UsernamePasswordAuthenticationToken.unauthenticated("admin", "password"));
|
||||
foo.foo(new SecurityConfig("A"));
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -91,16 +91,16 @@ public class InterceptMethodsBeanDefinitionDecoratorTests implements Application
|
||||
|
||||
@Test
|
||||
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.doSomething();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::doSomething);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -67,32 +67,32 @@ public class Jsr250AnnotationDrivenBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void permitAllShouldBeDefaultAttribute() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.someOther(0);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.someUserMethod1();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hasAnyRoleAddsDefaultPrefix() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.rolesAllowedUser();
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -59,7 +59,7 @@ public class MethodSecurityBeanDefinitionParserTests {
|
||||
|
||||
private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests";
|
||||
|
||||
private final UsernamePasswordAuthenticationToken bob = new UsernamePasswordAuthenticationToken("bob",
|
||||
private final UsernamePasswordAuthenticationToken bob = UsernamePasswordAuthenticationToken.unauthenticated("bob",
|
||||
"bobspassword");
|
||||
|
||||
@Autowired(required = false)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -73,16 +73,16 @@ public class SecuredAnnotationDrivenBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
this.target.someUserMethod1();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
|
||||
UsernamePasswordAuthenticationToken token = UsernamePasswordAuthenticationToken.authenticated("Test",
|
||||
"Password", AuthorityUtils.createAuthorityList("ROLE_SOMEOTHER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(this.target::someAdminMethod);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user